Newbie to this forum. We have been running K8S on VMs(IaaS) on Azure cloud but thinking of moving to AKS (Azure Kubernetes Service) to leverage auto scale, security, version upgrade more seamless. But with current self managed way, we use kuebspray to upgrade the versions which does not make any changes to underlying OS configurations which is a requirement by our Infosec policy.
With managed K8S, AKS and other players are removing a worker node and creating a new node which is wiping our existing OS config and hardening standards. Looking for advise from community experts. Thanks.
Kubernetes version: 1.17
Cloud being used: (put bare-metal if not on a public cloud) Azure
Installation method: Kubespray
Host OS: Ubuntu 18 LTS
CNI and version: Weave
CRI and version: