Upgrading Azure Kubernetes Service clusters and node pools

An Azure Kubernetes Service (AKS) cluster will periodically need to be updated to ensure security and compatibility with the latest features. There are two components of an AKS cluster that are necessary to maintain:

  • Cluster Kubernetes version: Part of the AKS cluster lifecycle involves performing upgrades to the latest Kubernetes version. It’s important that you upgrade to apply the latest security releases and to get access to the latest Kubernetes features, as well as to stay within the AKS support window.
  • Node image version: AKS regularly provides new node images with the latest OS and runtime updates. It's beneficial to upgrade your nodes' images regularly to ensure support for the latest AKS features and to apply essential security patches and hot fixes.

For Linux nodes, node image security patches and hotfixes may be performed without your initiation as unattended updates. These updates are automatically applied, but AKS doesn't automatically reboot your Linux nodes to complete the update process. You're required to use a tool like kured or node image upgrade to reboot the nodes and complete the cycle.

The following table summarizes the details of updating each component:

Component name Frequency of upgrade Planned Maintenance supported Supported operation methods Documentation link
Cluster Kubernetes version (minor) upgrade Roughly every three months Yes Automatic, Manual Upgrade an AKS cluster
Cluster Kubernetes version upgrade to supported patch version Approximately weekly. To determine the latest applicable version in your region, see the AKS release tracker Yes Automatic, Manual Upgrade an AKS cluster
Node image version upgrade Linux: weekly
Windows: monthly
Yes Automatic, Manual AKS node image upgrade
Security patches and hot fixes for node images As-necessary AKS node security patches

An important practice that you should include as part of your upgrade process is remembering to follow commonly used deployment and testing patterns. Testing an upgrade in a development or test environment before deployment in production is an important step to ensure application functionality and compatibility with the target environment. It can help you identify and fix any errors, bugs, or issues that might affect the performance, security, or usability of the application or underlying infrastructure.

Automatic upgrades

Automatic upgrades can be performed through auto upgrade channels or via GitHub Actions.

Planned maintenance

Planned maintenance allows you to schedule weekly maintenance windows that will update your control plane as well as your kube-system pods, helping to minimize workload impact.


To find details and solutions to specific issues, view the following troubleshooting guides:

Next steps

For more information what cluster operations may trigger specific upgrade events, see the AKS operator's guide on patching.