Upgrading Azure Kubernetes Service clusters and node pools
An Azure Kubernetes Service (AKS) cluster will periodically need to be updated to ensure security and compatibility with the latest features. There are two components of an AKS cluster that are necessary to maintain:
- Cluster Kubernetes version: Part of the AKS cluster lifecycle involves performing upgrades to the latest Kubernetes version. It’s important that you upgrade to apply the latest security releases and to get access to the latest Kubernetes features, as well as to stay within the AKS support window.
- Node image version: AKS regularly provides new node images with the latest OS and runtime updates. It's beneficial to upgrade your nodes' images regularly to ensure support for the latest AKS features and to apply essential security patches and hot fixes.
For Linux nodes, node image security patches and hotfixes may be performed without your initiation as unattended updates. These updates are automatically applied, but AKS doesn't automatically reboot your Linux nodes to complete the update process. You're required to use a tool like kured or node image upgrade to reboot the nodes and complete the cycle.
The following table summarizes the details of updating each component:
|Component name||Frequency of upgrade||Planned Maintenance supported||Supported operation methods||Documentation link|
|Cluster Kubernetes version (minor) upgrade||Roughly every three months||Yes||Automatic, Manual||Upgrade an AKS cluster|
|Cluster Kubernetes version upgrade to supported patch version||Approximately weekly. To determine the latest applicable version in your region, see the AKS release tracker||Yes||Automatic, Manual||Upgrade an AKS cluster|
|Node image version upgrade||Linux: weekly
|Yes||Automatic, Manual||AKS node image upgrade|
|Security patches and hot fixes for node images||As-necessary||AKS node security patches|
An important practice that you should include as part of your upgrade process is remembering to follow commonly used deployment and testing patterns. Testing an upgrade in a development or test environment before deployment in production is an important step to ensure application functionality and compatibility with the target environment. It can help you identify and fix any errors, bugs, or issues that might affect the performance, security, or usability of the application or underlying infrastructure.
Planned maintenance allows you to schedule weekly maintenance windows that will update your control plane as well as your kube-system pods, helping to minimize workload impact.
To find details and solutions to specific issues, view the following troubleshooting guides:
For more information what cluster operations may trigger specific upgrade events, see the AKS operator's guide on patching.