AutoUpgradeProfile with "TargetKubernetesVersion" not triggering automatically for patches

Question

Hi,

I'm trying to automate patch upgrades using Azure Kubernetes Fleet Manager and I'm not sure if I'm misunderstanding how the AutoUpgradeProfile is supposed to work.

Goal:
Automatically upgrade all member clusters to the latest patch version within the same minor release (e.g., 1.33.5 → 1.33.6) without any manual action.

Current setup:

Channel: TargetKubernetesVersion

TargetKubernetesVersion: 1.33

Strategy: staged (silver-staged-update-strategy)

Node image selection: Latest

Current cluster version: 1.33.5

New patch available in region: 1.33.6

Observed behavior:
Automatic triggering does not seem to happen. The only way to start the process is by running:

az fleet autoupgradeprofile generate-update-run
-g my-rg
-f my-fleet
--auto-upgrade-profile-name auto-upgrade-k8s-patch

When I run this manually:

The update run starts correctly

Stages are respected

Clusters upgrade to 1.33.6

So the configuration itself works — it just doesn't trigger automatically.

Output from az fleet autoupgradeprofile show:

{
  "channel": "TargetKubernetesVersion",
  "targetKubernetesVersion": "1.33",
  "nodeImageSelection": { "type": "Latest" },
  "provisioningState": "Succeeded",
  "autoUpgradeProfileStatus": {
    "lastTriggerStatus": "Succeeded",
    "lastTriggerUpgradeVersions": [ "1.33.6" ]
  }
}

The lastTriggerStatus only updates after I manually generate the update run.

Questions:

Does the TargetKubernetesVersion channel support automatic patch-level triggers (1.33.x → latest 1.33.y), or does it only react to minor version changes?

Is a maintenance window required on the Fleet resource for automatic triggers to occur?

Could the staged (silver) strategy prevent automatic triggering in any way?

Is there any additional configuration needed for the scheduler to detect new patch releases?

I want to stay on 1.33.x and avoid using the Stable channel to prevent automatic upgrades to 1.34.

At the moment, everything works when triggered manually, but the automatic part of AutoUpgradeProfile never seems to start on its own.

Any guidance would be appreciated.

Answer 1

Thank you for your patience while we reviewed this scenario in detail.

After validating your configuration, we can confirm that your setup is correct, and the behavior you are experiencing is not due to any misconfiguration. The AutoUpgradeProfile using the TargetKubernetesVersion channel is designed to keep clusters on the specified minor version (for example, 1.33.x) and automatically upgrade them to newer patch versions within that release.

However, at this time, the automatic creation of the UpdateRun is not consistently triggering when a new patch version becomes available, even though manual execution works as expected. This aligns with what you are observing.

This behavior has been identified as a known platform issue within the Fleet auto-upgrade workflow of Azure Kubernetes Service. Microsoft has acknowledged this as a known issue and has confirmed that a fix is already in progress and rolling out gradually across regions. Once the fix reaches your environment, the patch upgrades should start triggering automatically without any changes required on your side.

For reference, the issue is publicly tracked here: https://github.com/Azure/AKS/issues/5597

As a temporary workaround, you can continue using the TargetKubernetesVersion channel and manually generate the UpdateRun

Hope this helps! Please let me know if you have any queries. Thanks