Azure Container Services (AKS) - Upgrading your Kubernetes cluster

Tobias Zimmergren
Tobias Zimmergren
💡TIP: Check out the guidance for building sustainable Azure workloads! 🌿

Updated 2018-03-23: With the latest version of the CLI the get-versions command has been replaced with get-upgrades in regards to seeing what upgrades are available.
Thanks to my buddy Thorsten for the heads up.
The details below has been updated to accommodate these changes.

While working a lot with AKS and Kubernetes the last couple of months, I've found it to be a pretty slick experience using the CLI even if it still has some room for improvement.

The question of how to upgrade Kubernetes running in an Azure AKS cluster came up a few times both offline and online, thus I wanted to put a short post together on this topic.

I've redacted any details pointing to my subscription for obvious reasons, and in its place you will see "redacted" instead of the subscription-specific values of my cmds

Get current version of Kubernetes in your Azure AKS cluster

get-upgrades: What version of Kubernetes are you on?

First we'll need to figure out what version you're currently on. This is easy:

az aks get-upgrades -g resourceGroupName -n aksClusterName

Results will look similar to this, obviously with different version numbers if you aren't on exactly the same as mine. It is also likely that there's a later version than 1.8.7 when you're running this.

{
  "additionalProperties": {},
  "agentPoolProfiles": [
    {
      "additionalProperties": {},
      "kubernetesVersion": "1.7.7",
      "name": null,
      "osType": "Linux",
       "upgrades": [
        "1.8.6",
        "1.7.9",
        "1.8.2",
        "1.8.7",
        "1.7.12",
        "1.8.1"
      ]
    }
  ],
  "controlPlaneProfile": {
    "additionalProperties": {},
    "kubernetesVersion": "1.7.7",
    "name": null,
    "osType": "Linux",
     "upgrades": [
        "1.8.6",
        "1.7.9",
        "1.8.2",
        "1.8.7",
        "1.7.12",
        "1.8.1"
      ]
  },
  "id": "/subscriptions/REDACTED/resourcegroups/resourceGroupName/providers/Microsoft.ContainerService/managedClusters/aksClusterName/upgradeprofiles/default",
  "name": "default",
  "resourceGroup": "resourceGroupName",
  "type": "Microsoft.ContainerService/managedClusters/upgradeprofiles"
}

Or if you want a smoother output with only the information you need, add the -o table like this:

az aks get-upgrades -g resourceGroupName -n aksClusterName -o table

Which will result in a slightly more convenient output:

Name     ResourceGroup    MasterVersion    MasterUpgrades    NodePoolVersion    NodePoolUpgrades
-------  ---------------  ---------------  ----------------  -----------------  ------------------
default  resourceGroupName   1.7.7            1.8.7    1.7.7              1.8.7

We can see that we are running 1.7.7 but there are several upgrades available that we can upgrade to, for example the latest one as of this  writing being 1.8.7.

Upgrade Azure AKS kubernetes control and agents to the latest version

First a word of caution.
You should -always- ready the release notes, and also do a test-upgrade on a dev/test/pre-prod cluster before doing it with your critical system. But that's just common sense.
(Good place to start: https://github.com/kubernetes/kubernetes/releases)

Right, now that that's out of the way, we can start the upgrade:

az aks upgrade -g resourceGroupName -n aksClusterName --kubernetes-version "1.8.7"

This will give you a prompt to confirm this choice, living on the edge!

You can optionally use the --no-wait param to not have to sit and wait for it in the console. If you did that, or you want to spin up a new console to check the status, you can do that too.

Verify upgrade

Once the upgrade has finished, you are able to see it directly after your previously issued command, and hopefully it'll look something like this when your upgrade-command has succeeded. (Please note the version numbers now saying 1.8.7 instead of 1.7.7)

Verify Kubernetes upgrade by checking the output of the upgrade command

If you waited in the console for the command to finish, the results will be similar to this:

{
  "agentPoolProfiles": [
    {
      "count": 2,
      "dnsPrefix": null,
      "fqdn": null,
      "name": "nodepool1",
      "osDiskSizeGb": null,
      "osType": "Linux",
      "ports": null,
      "storageProfile": "ManagedDisks",
      "vmSize": "Standard_A4",
      "vnetSubnetId": null
    }
  ],
  "dnsPrefix": "redacted",
  "fqdn": "redacted.hcp.westeurope.azmk8s.io",
  "id": "/subscriptions/redacted/resourcegroups/resourceGroupName/providers/Microsoft.ContainerService/managedClusters/aksClusterName",
  "kubernetesVersion": "1.8.7",
  "linuxProfile": {
    "adminUsername": "azureuser",
    "ssh": {
      "publicKeys": [
        {
          "keyData": "redacted"
        }
      ]
    }
  },
  "location": "westeurope",
  "name": "aksClusterName",
  "provisioningState": "Succeeded",
  "resourceGroup": "resourceGroupName",
  "servicePrincipalProfile": {
    "clientId": "redacted",
    "keyVaultSecretRef": null,
    "secret": null
  },
  "tags": null,
  "type": "Microsoft.ContainerService/ManagedClusters"
}

Verify Kubernetes upgrade with get-upgrades command

If you didn't stick around in the console or perhaps used the --no-wait flag, then you can use the get-upgrades command again as detailed above. It will hopefully now say that there's no upgrades (indicated by "upgrades": null).

Name     ResourceGroup    MasterVersion    NodePoolVersion    Upgrades
-------  ---------------  ---------------  -----------------  --------------
default  rg-weu-ac-aks2   1.8.7            1.8.7              None available

Enjoy & thanks for reading.

AKSAzureKubernetes

Tobias Zimmergren Twitter

Hi, I'm Tobias! 👋 I write about Microsoft Azure, security, cybersecurity, compliance, cloud architecture, Microsoft 365, and general tech!

Reactions and mentions


Hi, I'm Tobias 👋

Tobias Zimmergren profile picture

Find out more about me.

Recent comments

Mastodon