Recently a security patch by Microsoft has been released. We wanted to ensure we can have a predictable upgrade path.

Below is a Bash script that leverages the AzureCLI to control the uprgrade process.

It will:
* Detect upgradable versions
* Automatically selects the latest upgradable version

Test on Ubuntu 18

#!/usr/bin/env bash

set -e
echo "------------------------------------------------------------------------------------------------------------------"
echo "When you upgrade an AKS cluster, Kubernetes minor versions cannot be skipped."
echo "For example, upgrades between 1.12.x -> 1.13.x or 1.13.x -> 1.14.x are allowed, however 1.12.x -> 1.14.x is not."
echo "To upgrade, from 1.12.x -> 1.14.x, first upgrade from 1.12.x -> 1.13.x, then upgrade from 1.13.x -> 1.14.x."
echo "------------------------------------------------------------------------------------------------------------------"

while ! [[ "$env" =~ ^(sb|dv|ut|pd)$ ]]
do
  echo "Please specifiy environment [sb, dv,ut,pd]?"
  read -r env
done

case $env in

  dv)
    az account set --subscription 'RangerRom DEV'
    subscriptionid=$(az account show --subscription 'RangerRom DEV' --query id | sed  's/\"//g')
    ;;

  sb)
    az account set --subscription 'RangerRom SANDBOX'
    subscriptionid=$(az account show --subscription 'RangerRom SANDBOX' --query id | sed  's/\"//g')
    ;;

  ut)
    az account set --subscription 'RangerRom TEST'
    subscriptionid=$(az account show --subscription 'RangerRom TEST' --query id | sed  's/\"//g')
    ;;

  pd)
    az account set --subscription 'RangerRom PROD'
    subscriptionid=$(az account show --subscription 'RangerRom PROD' --query id | sed  's/\"//g')
    ;;
  *)
    echo "environment not found"
    exit
    ;;
esac

env="dccau${env}"

az aks get-credentials --resource-group "${env}-k8s-rg" --name "${env}-k8s-cluster" --overwrite-existing

echo "Getting the upgrade versions available for a managed AKS: ${env}-k8s-cluster."
az aks get-upgrades --resource-group "${env}-k8s-rg" --name "${env}-k8s-cluster" --output table

echo "Detecting the next minor version to upgrade to."
versionToUpgradeTo=$(az aks get-upgrades --resource-group "${env}-k8s-rg" --name "${env}-k8s-cluster" | grep "kubernetesVersion" | cut -d'"' -f4 | sort | tail -n1)
echo "Upgrading to version $versionToUpgradeTo"

az aks upgrade --resource-group "${env}-k8s-rg" --name "${env}-k8s-cluster" --kubernetes-version $versionToUpgradeTo
echo "Upgrade complete. Please run this again if you need to upgrade to the next minor version."