Upgrade Azure Kubernetes Service (AKS) node images
Azure Kubernetes Service (AKS) regularly provides new node images, so it's beneficial to upgrade your node images frequently to use the latest AKS features. Linux node images are updated weekly, and Windows node images are updated monthly. Image upgrade announcements are included in the AKS release notes, and it can take up to a week for these updates to be rolled out across all regions. Node image upgrades can also be performed automatically and scheduled using planned maintenance. For more information, see Automatically upgrade node images.
This article shows you how to upgrade AKS cluster node images and how to update node pool images without upgrading the Kubernetes version. For information on upgrading the Kubernetes version for your cluster, see Upgrade an AKS cluster.
Note
The AKS cluster must use virtual machine scale sets for the nodes.
It's not possible to downgrade a node image version (for example AKSUbuntu-2204 to AKSUbuntu-1804, or AKSUbuntu-2204-202308.01.0 to AKSUbuntu-2204-202307.27.0).
Check for available node image upgrades
Check for available node image upgrades using the az aks nodepool get-upgrades command.
az aks nodepool get-upgrades \
--nodepool-name mynodepool \
--cluster-name myAKSCluster \
--resource-group myResourceGroup
The output shows the latestNodeImageVersion, like in the following example:
{
"id": "/subscriptions/XXXX-XXX-XXX-XXX-XXXXX/resourcegroups/myResourceGroup/providers/Microsoft.ContainerService/managedClusters/myAKSCluster/agentPools/mynodepool/upgradeProfiles/default",
"kubernetesVersion": "1.17.11",
"latestNodeImageVersion": "AKSUbuntu-1604-2020.10.28",
"name": "default",
"osType": "Linux",
"resourceGroup": "myResourceGroup",
"type": "Microsoft.ContainerService/managedClusters/agentPools/upgradeProfiles",
"upgrades": null
}
The example output shows AKSUbuntu-1604-2020.10.28 as the latestNodeImageVersion.
Compare the latest version with your current node image version using the az aks nodepool show command.
az aks nodepool show \
--resource-group myResourceGroup \
--cluster-name myAKSCluster \
--name mynodepool \
--query nodeImageVersion
Your output should look similar to the following example:
"AKSUbuntu-1604-2020.10.08"
In this example, there's an available node image version upgrade, which is from version AKSUbuntu-1604-2020.10.08 to version AKSUbuntu-1604-2020.10.28.
Upgrade all node images in all node pools
Upgrade the node image using the az aks upgrade command with the --node-image-only flag.
az aks upgrade \
--resource-group myResourceGroup \
--name myAKSCluster \
--node-image-only
You can check the status of the node images using the kubectl get nodes command.
Note
This command may differ slightly depending on the shell you use. For more information on Windows and PowerShell environments, see the Kubernetes JSONPath documentation.
kubectl get nodes -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.metadata.labels.kubernetes\.azure\.com\/node-image-version}{"\n"}{end}'
When the upgrade is complete, use the az aks show command to get the updated node pool details. The current node image is shown in the nodeImageVersion property.
az aks show \
--resource-group myResourceGroup \
--name myAKSCluster
Upgrade a specific node pool
To update the OS image of a node pool without doing a Kubernetes cluster upgrade, use the az aks nodepool upgrade command with the --node-image-only flag.
az aks nodepool upgrade \
--resource-group myResourceGroup \
--cluster-name myAKSCluster \
--name mynodepool \
--node-image-only
You can check the status of the node images with the kubectl get nodes command.
Note
This command may differ slightly depending on the shell you use. For more information on Windows and PowerShell environments, see the Kubernetes JSONPath documentation.
kubectl get nodes -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.metadata.labels.kubernetes\.azure\.com\/node-image-version}{"\n"}{end}'
When the upgrade is complete, use the az aks nodepool show command to get the updated node pool details. The current node image is shown in the nodeImageVersion property.
az aks nodepool show \
--resource-group myResourceGroup \
--cluster-name myAKSCluster \
--name mynodepool
Upgrade node images with node surge
To speed up the node image upgrade process, you can upgrade your node images using a customizable node surge value. By default, AKS uses one extra node to configure upgrades.
If you'd like to increase the speed of upgrades, use the az aks nodepool update command with the --max-surge flag to configure the number of nodes used for upgrades. To learn more about the trade-offs of various --max-surge settings, see Customize node surge upgrade.
az aks nodepool update \
--resource-group myResourceGroup \
--cluster-name myAKSCluster \
--name mynodepool \
--max-surge 33% \
--no-wait
You can check the status of the node images with the kubectl get nodes command.
kubectl get nodes -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.metadata.labels.kubernetes\.azure\.com\/node-image-version}{"\n"}{end}'
Use az aks nodepool show to get the updated node pool details. The current node image is shown in the nodeImageVersion property.
az aks nodepool show \
--resource-group myResourceGroup \
--cluster-name myAKSCluster \
--name mynodepool
Next steps
- See the AKS release notes for information about the latest node images.
- Learn how to upgrade the Kubernetes version with Upgrade an AKS cluster.
- Automatically apply cluster and node pool upgrades with GitHub Actions.
- Learn more about multiple node pools with Create multiple node pools.