Keep your AKS updated with KureD

Posted by Florent Appointaire on January 12, 2021

Maybe something that you don’t know, is that Microsoft patches your nodes (every nights), when new patches are available. But, sometime, you need to reboot your nodes, to apply patches. You will find more information here: https://docs.microsoft.com/en-us/azure/aks/node-updates-kured

So, to automate the reboot, we will use KureD: https://weaveworks.github.io/kured/

KureD is currently only available for Linux nodes.

This DeamonSet will be deployed, as pod, on each nodes of the cluster, and will check if the file /var/run/reboot-required exists. If this file exists, the node will have the status Ready, SchedulingDisabled

To deploy KureD, do the following:

helm repo add kured https://weaveworks.github.io/kured

helm repo update

kubectl create namespace kured

helm install kured kured/kured --namespace kured --set nodeSelector."beta\.kubernetes\.io/os"=linux

helm repo add kured https://weaveworks.github.io/kured

helm repo update

kubectl create namespace kured

helm install kured kured/kured --namespace kured --set nodeSelector."beta\.kubernetes\.io/os"=linux

When KureD will detect the file to reboot the node, the KERNEL-VERSION will be updated:

With this KureD feature, you will now have an infrastructure up-to-date and your security team will be happy to hear this 🙂

Filed under:
Software by Florent Appointaire