ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 1 question 28 discussion

Actual exam question from Microsoft's SC-100
Question #: 28
Topic #: 1
[All SC-100 Questions]

You have an Azure Kubernetes Service (AKS) cluster that hosts Linux nodes.

You need to recommend a solution to ensure that deployed worker nodes have the latest kernel updates. The solution must minimize administrative effort.

What should you recommend?

  • A. The nodes must restart after the updates are applied.
  • B. The updates must first be applied to the image used to provision the nodes.
  • C. The AKS cluster version must be upgraded.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Victory007 at Aug. 5, 2023, 6:34 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SFAY
Highly Voted 8 months ago
Selected Answer: B
B is the correct answer. Microsoft creates a new node image for AKS nodes approximately once per week. A node image contains up-to-date OS security patches, OS kernel updates, Kubernetes security updates, updated versions of binaries like kubelet, and component version updates that are listed in the release notes. When a node image is updated, a cordon and drain action is triggered on the target node pool's nodes: A node with the updated image is added to the node pool. The number of nodes added at a time is governed by the surge value. One of the existing nodes is cordoned and drained. Cordoning ensures that the node doesn't schedule pods. Draining removes its pods and schedules them to other nodes. After the node is fully drained, it's removed from the node pool. The updated node added by the surge replaces it. This process is repeated for each node that needs to be updated in the node pool. A similar process occurs during a cluster upgrade. Source: https://learn.microsoft.com/en-us/azure/architecture/operator-guides/aks/aks-upgrade-practices
upvoted 7 times
lt9898
8 months ago
I now agree with SFAY that it seems like the ideal solution (least admin overhead) would be to leverage 'cordon and drain' via the automated NodeImage update channel and configure an aksManagedNodeosUpgradeSchedule maintenance window. Thanks for sharing the link. A - No, although this functionality is still supported by the 'unmanaged' update channel, there is now a better solution to minimise admin overhead than leveraging Kured to faciliate an in-place update B - Yes, we need to ensure the image used to provision the node had been updated (despite it being automatic now). However, agree with SFAY that i'd probably pick this if forced as it's closest. C - No, the cluster version never needs updating for this Seems there's no way to update my previous answer below...
upvoted 2 times
...
...
PierreTang
Most Recent 8 months, 1 week ago
Selected Answer: A
Lt9898
upvoted 1 times
...
lt9898
8 months, 1 week ago
Selected Answer: A
Hang on, why is everybody favouring selecting the image before provision of the node? That was my original choice without reading then I found the page below published 20/4/2023. https://learn.microsoft.com/en-us/azure/aks/node-updates-kured "To protect your clusters, security updates are automatically applied to Linux nodes in AKS. These updates include OS security fixes or kernel updates. Some of these updates require a node reboot to complete the process. AKS doesn't automatically reboot these Linux nodes to complete the update process. ... This article shows you how to use the open-source kured (KUbernetes REboot Daemon) to watch for Linux nodes that require a reboot, then automatically handle the rescheduling of running pods and node reboot process"
upvoted 2 times
lt9898
8 months ago
Switching to B although I can't edit my initial vote. SFAY shared the more recently updated page that outlines the automated update process via the weekly image updates published by MS. If the requirements said that we need to stay up to date to the day, then i'd consider Kured to apply the nightly updates available via the 'Unmanaged' update channel
upvoted 1 times
...
cris_exam
8 months, 1 week ago
I tend to be convinced by your finding and also add this extra bit from the same page. "Some security updates, such as kernel updates, require a node reboot to finalize the process." "You can use your own workflows and processes to handle node reboots, or use kured to orchestrate the process." So, reboot seems to be required but these could be configured to happen orchestrated to minimize admin effort. https://learn.microsoft.com/en-us/azure/aks/node-updates-kured#understand-the-aks-node-update-experience
upvoted 1 times
...
...
sbnpj
1 year, 2 months ago
Selected Answer: B
agree wtih the answer
upvoted 2 times
...
Elvoo
1 year, 2 months ago
Selected Answer: B
Correct
upvoted 2 times
...
Victory007
1 year, 2 months ago
Selected Answer: B
Answer is Correct.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago