Customer-controlled maintenance window configuration#

Reliability · Azure Kubernetes Service · Rule · 2024_09 · Important

Configure customer-controlled maintenance windows for AKS clusters.

Description#

AKS clusters undergo periodic maintenance automatically to ensure your applications remains secure, stable, and up-to-date. This maintenance includes applying security updates, system upgrades, and software patches.

During peak load times, AKS clusters or workloads may already be scaled to their configured maximums or under stress. As a result, rescheduling pods, or upgrading a node may take longer then normal.

Maintenance configurations provide a best-effort option that allows you to schedule planned maintenance operations to a predefined window. This provides greater predictability over cluster operations so that maintenance during peak load times can be avoided when possible. Noting that some critical or urgent maintenance operations may be performed outside the configured maintenance window.

AKS provides three (3) schedule configuration types are available for customer-controlled maintenance:

default is a basic configuration for controlling AKS weekly releases.
aksManagedAutoUpgradeSchedule controls when to schedule AKS Kubernetes version upgrades. This configuration affects the schedule for when cluster auto-upgrades are applied based on your configured channel.
aksManagedNodeOSUpgradeSchedule controls when to schedule AKS node OS upgrades. This configuration affects the schedule for when AKS node OS auto-upgrades are applied based on your configured channel.

To read more about automated maintenance operations in AKS see the reference links below.

Recommendation#

Consider using a planned maintenance windows for AKS and node OS upgrades to avoid periods of high cluster utilization for improved reliability. Do this by configuring the aksManagedAutoUpgradeSchedule and aksManagedNodeOSUpgradeSchedule maintenance configurations.

Examples#

Configure with Azure template#

Deploy maintenance configurations for cluster version and node OS auto-upgrades.
- For cluster version auto-upgrades, set the name property to aksManagedAutoUpgradeSchedule.
- For node OS auto-upgrades, set the name property to aksManagedNodeOSUpgradeSchedule.

For cluster version auto-upgrades see the example:

Azure Template snippet

{
  "type": "Microsoft.ContainerService/managedClusters/maintenanceConfigurations",
  "apiVersion": "2024-03-02-preview",
  "name": "[format('{0}/{1}', parameters('clusterName'), 'aksManagedAutoUpgradeSchedule')]",
  "properties": {
    "maintenanceWindow": {
      "schedule": {
        "weekly": {
          "intervalWeeks": 1,
          "dayOfWeek": "Sunday"
        }
      },
      "durationHours": 4,
      "utcOffset": "+00:00",
      "startDate": "2024-07-15",
      "startTime": "00:00"
    }
  },
  "dependsOn": [
    "[resourceId('Microsoft.ContainerService/managedClusters', parameters('clusterName'))]"
  ]
}

For node OS auto-upgrades see the example:

Azure Template snippet

{
  "type": "Microsoft.ContainerService/managedClusters/maintenanceConfigurations",
  "apiVersion": "2024-03-02-preview",
  "name": "[format('{0}/{1}', parameters('clusterName'), 'aksManagedNodeOSUpgradeSchedule')]",
  "properties": {
    "maintenanceWindow": {
      "schedule": {
        "weekly": {
          "intervalWeeks": 1,
          "dayOfWeek": "Sunday"
        }
      },
      "durationHours": 4,
      "utcOffset": "+00:00",
      "startDate": "2024-07-15",
      "startTime": "00:00"
    }
  },
  "dependsOn": [
    "[resourceId('Microsoft.ContainerService/managedClusters', parameters('clusterName'))]"
  ]
}

Configure with Bicep#

To deploy AKS clusters that pass this rule:

Deploy maintenance configurations for cluster version and node OS auto-upgrades.
- For cluster version auto-upgrades, set the name property to aksManagedAutoUpgradeSchedule.
- For node OS auto-upgrades, set the name property to aksManagedNodeOSUpgradeSchedule.