Maybe something that you don’t know, is that Microsoft patches your nodes (every nights), when new patches are available. But, sometime, you need to reboot your nodes, to apply patches. You will find more information here: https://docs.microsoft.com/en-us/azure/aks/node-updates-kured
So, to automate the reboot, we will use KureD: https://github.com/kubereboot/kured
KureD is currently only available for Linux nodes.
This DeamonSet will be deployed, as pod, on each nodes of the cluster, and will check if the file /var/run/reboot-required exists. If this file exists, the node will have the status Ready, SchedulingDisabled
To deploy KureD, do the following:
|
When KureD will detect the file to reboot the node, the KERNEL-VERSION will be updated:
With this KureD feature, you will now have an infrastructure up-to-date and your security team will be happy to hear this 🙂