Skip to content

Upgrades

AKS upgrades touch both Kubernetes version and node image lifecycle. A safe upgrade is a staged change with explicit pre-checks, workload validation, and rollback criteria.

Prerequisites

  • Review supported versions and target version compatibility.
  • Confirm workload manifests and controllers support the target version.
  • Review maintenance windows, PDBs, and cluster autoscaler settings.

When to Use

  • Moving to a supported Kubernetes version.
  • Applying node image updates.
  • Aligning cluster posture with security or support policy.

Procedure

flowchart TD
    A[Check versions] --> B[Upgrade non-production]
    B --> C[Upgrade control plane and pools]
    C --> D[Validate workloads]
    D --> E[Repeat in production]
az aks get-upgrades --resource-group $RG --name $CLUSTER_NAME --output table
az aks upgrade     --resource-group $RG     --name $CLUSTER_NAME     --kubernetes-version <target-version>     --yes
kubectl get nodes
kubectl get pods -A

Verification

az aks show --resource-group $RG --name $CLUSTER_NAME --query kubernetesVersion --output tsv
kubectl version
kubectl get events -A --sort-by=.lastTimestamp

Rollback / Troubleshooting

  • AKS does not offer a simple in-place downgrade path for every upgrade scenario, so test first.
  • If workloads fail after upgrade, inspect API deprecations, CRD/controller compatibility, and PDB constraints.
  • If one pool is problematic, isolate validation there before widening the rollout.

See Also

Sources