AKS Node and Control-Plane Maintenance

AKS allows you to upgrade your Kubernetes control-plane and nodes. See Upgrade an Azure Kubernetes Service (AKS) cluster.

Node images can also be upgraded. AKS provides one new image per week with the latest updates, see Azure Kubernetes Service (AKS) node image upgrade.

Also check AKS Release Notes for details on a release.

Kubernetes Control Plane upgrade

Change the parameter cluster_version in your aks-terraform repository to change the Kubernetes version. When applied, AKS starts with the upgrade process as described here

If the upgrade channel for the Kubernetes Cluster is set to patch, (in terraform using the automatic_channel_upgrade variable), the cluster will update automatically to the latest patch level kubernetes version. Therefore the variable cluster_version might not match the current state of your cluster. Verify the cluster version and upgrade cluster_version before applying.

Node Image Upgrade

Login via the azure cli to the correct tenant first:

az login [--tenant XXXX]

Check latest node image version available for your node pool with the following command:

az aks nodepool get-upgrades \
    [--subscription "Subscription ID/Name" \]
    --resource-group myResourceGroup \
    --cluster-name myAKSCluster \
    --nodepool-name mynodepool

Then compare this with your current node image version by running:

az aks nodepool show \
    [--subscription "Subscription ID/Name" \]
    --resource-group myResourceGroup \
    --cluster-name myAKSCluster \
    --name mynodepool \
    --query nodeImageVersion

To upgrade the node image, use the following command:

az aks nodepool upgrade \
    [--subscription "Subscription ID/Name" \]
    --resource-group myResourceGroup \
    --cluster-name myAKSCluster \
    --name mynodepool \
    --node-image-only

During the upgrade, check the status of the node images with the following kubectl command to get the labels and filter out the current node image information:

kubectl get nodes -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.metadata.labels.kubernetes\.azure\.com\/node-image-version}{"\n"}{end}'

AKS Maintenance Image

The procedure described aboved was put into a script that is included in the following container image: github.com/appuio/container-aks-maintenance