NodeOSUpgradeChannel type
Defines values for NodeOSUpgradeChannel.
KnownNodeOSUpgradeChannel can be used interchangeably with NodeOSUpgradeChannel,
this enum contains the known values that the service supports.
Known values supported by the service
None: No attempt to update your machines OS will be made either by OS or by rolling VHDs. This means you are responsible for your security updates
Unmanaged: OS updates will be applied automatically through the OS built-in patching infrastructure. Newly scaled in machines will be unpatched initially and will be patched at some point by the OS's infrastructure. Behavior of this option depends on the OS in question. Ubuntu and Mariner apply security patches through unattended upgrade roughly once a day around 06:00 UTC. Windows does not apply security patches automatically and so for them this option is equivalent to None till further notice
NodeImage: AKS will update the nodes with a newly patched VHD containing security fixes and bugfixes on a weekly cadence. With the VHD update machines will be rolling reimaged to that VHD following maintenance windows and surge settings. No extra VHD cost is incurred when choosing this option as AKS hosts the images.
SecurityPatch: AKS downloads and updates the nodes with tested security updates. These updates honor the maintenance window settings and produce a new VHD that is used on new nodes. On some occasions it's not possible to apply the updates in place, in such cases the existing nodes will also be re-imaged to the newly produced VHD in order to apply the changes. This option incurs an extra cost of hosting the new Security Patch VHDs in your resource group for just in time consumption.
type NodeOSUpgradeChannel = string