K8S upgrade without node reimage

kombai · December 11, 2020, 1:29pm

Newbie to this forum. We have been running K8S on VMs(IaaS) on Azure cloud but thinking of moving to AKS (Azure Kubernetes Service) to leverage auto scale, security, version upgrade more seamless. But with current self managed way, we use kuebspray to upgrade the versions which does not make any changes to underlying OS configurations which is a requirement by our Infosec policy.

With managed K8S, AKS and other players are removing a worker node and creating a new node which is wiping our existing OS config and hardening standards. Looking for advise from community experts. Thanks.

Cluster information:

Kubernetes version: 1.17
Cloud being used: (put bare-metal if not on a public cloud) Azure
Installation method: Kubespray
Host OS: Ubuntu 18 LTS
CNI and version: Weave
CRI and version:

thockin · December 11, 2020, 5:57pm

Advice: Don’t treat nodes as pets. Find ways to apply the hardening automatically (e.g. a daemonset) so you are not swimming upstream. Managed providers use that “edge” to upgrade the OS and kernel, which matters to you even if you don’t see it as plainly.

Topic		Replies	Views
Node version upgrades on GKE clusters which are not linked to any Release Channel General Discussions	0	372	April 15, 2021
Kubernetes Secret Management for GPU Nodes using CSI on AKS General Discussions	0	219	August 2, 2023
Incremental Release Infrastructure General Discussions development	0	410	November 23, 2020
Moving azure app services to Azure kubernetes(AKS) CI CD environment General Discussions	0	478	January 26, 2020
Migrating to kubernetes version with containerd instead of docker as a container runtime General Discussions	2	567	June 17, 2021

K8S upgrade without node reimage

Cluster information:

Related Topics