Upgrade an Azure Kubernetes Service (AKS) cluster

Azure Kubernetes Service (AKS) makes it easy to perform common management tasks including upgrading Kubernetes clusters.

Upgrade an AKS cluster

Before upgrading a cluster, use the az aks get-upgrades command to check which Kubernetes releases are available for upgrade.

az aks get-upgrades --name myAKSCluster --resource-group myResourceGroup --output table


Name     ResourceGroup    MasterVersion    NodePoolVersion    Upgrades
-------  ---------------  ---------------  -----------------  -------------------
default  mytestaks007     1.8.10           1.8.10             1.9.1, 1.9.2, 1.9.6

We have three versions available for upgrade: 1.9.1, 1.9.2 and 1.9.6. We can use the az aks upgrade command to upgrade to the latest available version. During the upgrade process, AKS will add a new node to the cluster, then carefully cordon and drain one node at a time to minimize disruption to running applications.


When upgrading an AKS cluster, Kubernetes minor versions cannot be skipped. For example, upgrades between 1.8.x -> 1.9.x or 1.9.x -> 1.10.x are allowed, however 1.8 -> 1.10 is not.

az aks upgrade --name myAKSCluster --resource-group myResourceGroup --kubernetes-version 1.9.6


  "id": "/subscriptions/<Subscription ID>/resourcegroups/myResourceGroup/providers/Microsoft.ContainerService/managedClusters/myAKSCluster",
  "location": "eastus",
  "name": "myAKSCluster",
  "properties": {
    "accessProfiles": {
      "clusterAdmin": {
        "kubeConfig": "..."
      "clusterUser": {
        "kubeConfig": "..."
    "agentPoolProfiles": [
        "count": 1,
        "dnsPrefix": null,
        "fqdn": null,
        "name": "myAKSCluster",
        "osDiskSizeGb": null,
        "osType": "Linux",
        "ports": null,
        "storageProfile": "ManagedDisks",
        "vmSize": "Standard_D2_v2",
        "vnetSubnetId": null
    "dnsPrefix": "myK8sClust-myResourceGroup-4f48ee",
    "fqdn": "myk8sclust-myresourcegroup-4f48ee-406cc140.hcp.eastus.azmk8s.io",
    "kubernetesVersion": "1.9.6",
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
            "keyData": "..."
    "provisioningState": "Succeeded",
    "servicePrincipalProfile": {
      "clientId": "e70c1c1c-0ca4-4e0a-be5e-aea5225af017",
      "keyVaultSecretRef": null,
      "secret": null
  "resourceGroup": "myResourceGroup",
  "tags": null,
  "type": "Microsoft.ContainerService/ManagedClusters"

Confirm that the upgrade was successful with the az aks show command.

az aks show --name myAKSCluster --resource-group myResourceGroup --output table


Name          Location    ResourceGroup    KubernetesVersion    ProvisioningState    Fqdn
------------  ----------  ---------------  -------------------  -------------------  ----------------------------------------------------------------
myAKSCluster  eastus     myResourceGroup  1.9.6                 Succeeded            myk8sclust-myresourcegroup-3762d8-2f6ca801.hcp.eastus.azmk8s.io

Next steps

Learn more about deploying and managing AKS with the AKS tutorials.