feat: run unattended upgrades by default

docs/topics/clusterdefinitions.md

@@ -857,7 +857,7 @@ A cluster can have 0 to 12 agent pool profiles. Agent Pool Profiles are used for
 | adminUsername                    | yes      | Describes the username to be used on all linux clusters                                  |
 | ssh.publicKeys[].keyData         | yes      | The public SSH key used for authenticating access to all Linux nodes in the cluster      |
 | secrets                          | no       | Specifies an array of key vaults to pull secrets from and what secrets to pull from each |
-| runUnattendedUpgradesOnBootstrap | no       | Invoke an unattended-upgrade when each Linux node VM comes online for the first time. In practice this is accomplished by performing an `apt-get update`, followed by a manual invocation of `/usr/bin/unattended-upgrade`, to fetch updated apt configuration, and install all package updates provided by the unattended-upgrade facility, respectively. |
+| runUnattendedUpgradesOnBootstrap | no       | Invoke an unattended-upgrade when each Linux node VM comes online for the first time. In practice this is accomplished by performing an `apt-get update`, followed by a manual invocation of `/usr/bin/unattended-upgrade`, to fetch updated apt configuration, and install all package updates provided by the unattended-upgrade facility, respectively. Defaults to true for public Azure clouds, and to false for Azure Stack Hub and other non-public, custom cloud environments. |
 | customSearchDomain.name          | no       | describes the search domain to be used on all linux clusters                             |
 | customSearchDomain.realmUser     | no       | describes the realm user with permissions to update dns registries on Windows Server DNS |
 | customSearchDomain.realmPassword | no       | describes the realm user password to update dns registries on Windows Server DNS         |

pkg/api/const.go

@@ -221,6 +221,8 @@ const (
 	VMSSVMType = "vmss"
 	// StandardVMType is the string const for the standard VM Type
 	StandardVMType = "standard"
+	// DefaultRunUnattendedUpgradesOnBootstrap sets the default configuration for running a blocking unattended-upgrade on Linux VMs as part of CSE
+	DefaultRunUnattendedUpgradesOnBootstrap = true
 )
 
 // Azure API Versions

pkg/api/defaults.go

@@ -54,6 +54,11 @@ func (cs *ContainerService) SetPropertiesDefaults(params PropertiesDefaultsParam
 		properties.setMasterProfileDefaults()
 	}
 
+	// Set Linux profile defaults if this cluster configuration includes Linux nodes
+	if cs.Properties.LinuxProfile != nil {
+		properties.setLinuxProfileDefaults()
+	}
+
 	properties.setAgentProfileDefaults(params.IsUpgrade, params.IsScale)
 
 	properties.setStorageDefaults()
@@ -697,6 +702,12 @@ func (p *Properties) setMasterProfileDefaults() {
 	}
 }
 
+func (p *Properties) setLinuxProfileDefaults() {
+	if !p.IsAzureStackCloud() && p.LinuxProfile.RunUnattendedUpgradesOnBootstrap == nil {
+		p.LinuxProfile.RunUnattendedUpgradesOnBootstrap = to.BoolPtr(DefaultRunUnattendedUpgradesOnBootstrap)
+	}
+}
+
 func (p *Properties) setAgentProfileDefaults(isUpgrade, isScale bool) {
 	for i, profile := range p.AgentPoolProfiles {
 		if profile.AvailabilityProfile == "" {

pkg/api/defaults_test.go

@@ -5664,3 +5664,82 @@ func TestCombineValues(t *testing.T) {
 		})
 	}
 }
+
+func TestSetLinuxProfileDefaults(t *testing.T) {
+	cases := []struct {
+		name                                     string
+		p                                        *Properties
+		expectedRunUnattendedUpgradesOnBootstrap bool
+	}{
+		{
+			name: "default",
+			p: &Properties{
+				LinuxProfile: &LinuxProfile{},
+			},
+			expectedRunUnattendedUpgradesOnBootstrap: true,
+		},
+		{
+			name: "explicit true",
+			p: &Properties{
+				LinuxProfile: &LinuxProfile{
+					RunUnattendedUpgradesOnBootstrap: to.BoolPtr(true),
+				},
+			},
+			expectedRunUnattendedUpgradesOnBootstrap: true,
+		},
+		{
+			name: "explicit false",
+			p: &Properties{
+				LinuxProfile: &LinuxProfile{
+					RunUnattendedUpgradesOnBootstrap: to.BoolPtr(false),
+				},
+			},
+			expectedRunUnattendedUpgradesOnBootstrap: false,
+		},
+		{
+			name: "custom cloud default",
+			p: &Properties{
+				LinuxProfile: &LinuxProfile{},
+				CustomCloudProfile: &CustomCloudProfile{
+					Environment: &azure.Environment{},
+				},
+			},
+			expectedRunUnattendedUpgradesOnBootstrap: false,
+		},
+		{
+			name: "custom cloud explicit true",
+			p: &Properties{
+				LinuxProfile: &LinuxProfile{
+					RunUnattendedUpgradesOnBootstrap: to.BoolPtr(true),
+				},
+				CustomCloudProfile: &CustomCloudProfile{
+					Environment: &azure.Environment{},
+				},
+			},
+			expectedRunUnattendedUpgradesOnBootstrap: true,
+		},
+		{
+			name: "custom cloud explicit false",
+			p: &Properties{
+				LinuxProfile: &LinuxProfile{
+					RunUnattendedUpgradesOnBootstrap: to.BoolPtr(false),
+				},
+				CustomCloudProfile: &CustomCloudProfile{
+					Environment: &azure.Environment{},
+				},
+			},
+			expectedRunUnattendedUpgradesOnBootstrap: false,
+		},
+	}
+
+	for _, c := range cases {
+		c := c
+		t.Run(c.name, func(t *testing.T) {
+			t.Parallel()
+			c.p.setLinuxProfileDefaults()
+			if c.expectedRunUnattendedUpgradesOnBootstrap != to.Bool(c.p.LinuxProfile.RunUnattendedUpgradesOnBootstrap) {
+				t.Errorf("expected RunUnattendedUpgradesOnBootstrap to be %t, but got %t", c.expectedRunUnattendedUpgradesOnBootstrap, to.Bool(c.p.LinuxProfile.RunUnattendedUpgradesOnBootstrap))
+			}
+		})
+	}
+}