From 1cd84de048cf6df3095546734fa94a3c93b37fbe Mon Sep 17 00:00:00 2001 From: Paul Miller Date: Sat, 24 Jun 2023 19:30:30 -0700 Subject: [PATCH] Bring Node os upgrade channel up GA from preview except security patch (#24487) * bring nodeosimage up to GA except for security channel * Update managedClusters.json --- .../stable/2023-06-01/managedClusters.json | 30 ++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-06-01/managedClusters.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-06-01/managedClusters.json index d7f17239daa8..aaff6e44788f 100644 --- a/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-06-01/managedClusters.json +++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-06-01/managedClusters.json @@ -4547,7 +4547,7 @@ }, { "value": "node-image", - "description": "Automatically upgrade the node image to the latest version available. Microsoft provides patches and new images for image nodes frequently (usually weekly), but your running nodes won't get the new images unless you do a node image upgrade. Turning on the node-image channel will automatically update your node images whenever a new version is available." + "description": "Automatically upgrade the node image to the latest version available. Consider using nodeOSUpgradeChannel instead as that allows you to configure node OS patching separate from Kubernetes version patching" }, { "value": "none", @@ -4557,6 +4557,34 @@ }, "title": "The upgrade channel for auto upgrade. The default is 'none'.", "description": "For more information see [setting the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel)." + }, + "nodeOSUpgradeChannel": { + "type": "string", + "enum": [ + "Unmanaged", + "None", + "NodeImage" + ], + "x-ms-enum": { + "name": "nodeOSUpgradeChannel", + "modelAsString": true, + "values": [ + { + "value": "None", + "description": "No attempt to update your machines OS will be made either by OS or by rolling VHDs. This means you are responsible for your security updates" + }, + { + "value": "Unmanaged", + "description": "OS updates will be applied automatically through the OS built-in patching infrastructure. Newly scaled in machines will be unpatched initially and will be patched at some point by the OS's infrastructure. Behavior of this option depends on the OS in question. Ubuntu and Mariner apply security patches through unattended upgrade roughly once a day around 06:00 UTC. Windows does not apply security patches automatically and so for them this option is equivalent to None till further notice" + }, + { + "value": "NodeImage", + "description": "AKS will update the nodes with a newly patched VHD containing security fixes and bugfixes on a weekly cadence. With the VHD update machines will be rolling reimaged to that VHD following maintenance windows and surge settings. No extra VHD cost is incurred when choosing this option as AKS hosts the images." + } + ] + }, + "title": "Node OS Upgrade Channel", + "description": "Manner in which the OS on your nodes is updated. The default is NodeImage." } }, "description": "Auto upgrade profile for a managed cluster."