Skip to content

[AKS] az aks upgrade: Skip Machines mode agent pools during node image and Kubernetes version upgrade#33693

Open
xuexu6666 wants to merge 2 commits into
Azure:devfrom
xuexu6666:aks-upgrade-skip-machines-mode
Open

[AKS] az aks upgrade: Skip Machines mode agent pools during node image and Kubernetes version upgrade#33693
xuexu6666 wants to merge 2 commits into
Azure:devfrom
xuexu6666:aks-upgrade-skip-machines-mode

Conversation

@xuexu6666

@xuexu6666 xuexu6666 commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Related command

az aks upgrade

Description

Port of Azure/azure-cli-extensions#9916 (already merged for aks-preview) into the core acs module, so the GA az aks CLI gets the same fix.

az aks upgrade now skips Machines mode agent pools during both --node-image-only and Kubernetes version upgrade, logging a warning, instead of surfacing the raw RP error:

(OperationNotAllowed) Upgrading node image version on machines agent pool is not allowed,
please use machine API to handle machine life cycle

Machines mode pools (e.g. the hidden aksmanagedap pool on NAP / Automatic clusters) are containers of individual machines whose lifecycle is managed via the machine API; they do not support pool-level node-image or Kubernetes version upgrade.

Why the GA CLI is affected

Machines is a preview-only agent-pool mode, but mode is modelAsString, so the RP still returns the aksmanagedap pool with mode: "Machines" even on stable/GA api-versions. The GA az aks upgrade --node-image-only loop therefore iterates it and calls upgradeNodeImageVersion, which the RP rejects. This client-side skip prevents that. (Reproduced against a live Automatic + Machine-API cluster.)

Scope

This changes only the cluster-level az aks upgrade, which fans out across every node pool and should not fail the whole command because of a Machines pool. The single-nodepool az aks nodepool upgrade path is intentionally left unchanged: when a user explicitly targets a Machines mode agent pool, rejecting the pool-level upgrade is the expected behavior (machine lifecycle is managed through the machine API).

Testing

Added unit tests (test_aks_upgrade_node_image_only_skips_machines_mode_pool, test_aks_upgrade_kubernetes_version_skips_machines_mode_pool); the --node-image-only skip was also verified end-to-end on a real Automatic cluster.

Port Azure/azure-cli-extensions#9916 into the core acs module: az aks
upgrade now skips Machines mode agent pools during --node-image-only and
Kubernetes version upgrade (they do not support these operations at the
agent pool level), instead of surfacing the raw RP OperationNotAllowed
error. Adds unit tests and a HISTORY entry.
Copilot AI review requested due to automatic review settings July 1, 2026 22:39
@xuexu6666 xuexu6666 requested review from a team and FumingZhang as code owners July 1, 2026 22:39
@azure-client-tools-bot-prd

azure-client-tools-bot-prd Bot commented Jul 1, 2026

Copy link
Copy Markdown
️✔️AzureCLI-FullTest
️✔️acr
️✔️latest
️✔️3.12
️✔️3.14
️✔️acs
️✔️latest
️✔️3.12
️✔️3.14
️✔️advisor
️✔️latest
️✔️3.12
️✔️3.14
️✔️ams
️✔️latest
️✔️3.12
️✔️3.14
️✔️apim
️✔️latest
️✔️3.12
️✔️3.14
️✔️appconfig
️✔️latest
️✔️3.12
️✔️3.14
️✔️appservice
️✔️latest
️✔️3.12
️✔️3.14
️✔️aro
️✔️latest
️✔️3.12
️✔️3.14
️✔️backup
️✔️latest
️✔️3.12
️✔️3.14
️✔️batch
️✔️latest
️✔️3.12
️✔️3.14
️✔️batchai
️✔️latest
️✔️3.12
️✔️3.14
️✔️billing
️✔️latest
️✔️3.12
️✔️3.14
️✔️botservice
️✔️latest
️✔️3.12
️✔️3.14
️✔️cloud
️✔️latest
️✔️3.12
️✔️3.14
️✔️cognitiveservices
️✔️latest
️✔️3.12
️✔️3.14
️✔️compute_recommender
️✔️latest
️✔️3.12
️✔️3.14
️✔️computefleet
️✔️latest
️✔️3.12
️✔️3.14
️✔️config
️✔️latest
️✔️3.12
️✔️3.14
️✔️configure
️✔️latest
️✔️3.12
️✔️3.14
️✔️consumption
️✔️latest
️✔️3.12
️✔️3.14
️✔️container
️✔️latest
️✔️3.12
️✔️3.14
️✔️containerapp
️✔️latest
️✔️3.12
️✔️3.14
️✔️core
️✔️latest
️✔️3.12
️✔️3.14
️✔️cosmosdb
️✔️latest
️✔️3.12
️✔️3.14
️✔️databoxedge
️✔️latest
️✔️3.12
️✔️3.14
️✔️dls
️✔️latest
️✔️3.12
️✔️3.14
️✔️dms
️✔️latest
️✔️3.12
️✔️3.14
️✔️eventgrid
️✔️latest
️✔️3.12
️✔️3.14
️✔️eventhubs
️✔️latest
️✔️3.12
️✔️3.14
️✔️feedback
️✔️latest
️✔️3.12
️✔️3.14
️✔️find
️✔️latest
️✔️3.12
️✔️3.14
️✔️hdinsight
️✔️latest
️✔️3.12
️✔️3.14
️✔️identity
️✔️latest
️✔️3.12
️✔️3.14
️✔️iot
️✔️latest
️✔️3.12
️✔️3.14
️✔️keyvault
️✔️latest
️✔️3.12
️✔️3.14
️✔️lab
️✔️latest
️✔️3.12
️✔️3.14
️✔️managedservices
️✔️latest
️✔️3.12
️✔️3.14
️✔️maps
️✔️latest
️✔️3.12
️✔️3.14
️✔️marketplaceordering
️✔️latest
️✔️3.12
️✔️3.14
️✔️monitor
️✔️latest
️✔️3.12
️✔️3.14
️✔️mysql
️✔️latest
️✔️3.12
️✔️3.14
️✔️netappfiles
️✔️latest
️✔️3.12
️✔️3.14
️✔️network
️✔️latest
️✔️3.12
️✔️3.14
️✔️policyinsights
️✔️latest
️✔️3.12
️✔️3.14
️✔️postgresql
️✔️latest
️✔️3.12
️✔️3.14
️✔️privatedns
️✔️latest
️✔️3.12
️✔️3.14
️✔️profile
️✔️latest
️✔️3.12
️✔️3.14
️✔️rdbms
️✔️latest
️✔️3.12
️✔️3.14
️✔️redis
️✔️latest
️✔️3.12
️✔️3.14
️✔️relay
️✔️latest
️✔️3.12
️✔️3.14
️✔️resource
️✔️latest
️✔️3.12
️✔️3.14
️✔️role
️✔️latest
️✔️3.12
️✔️3.14
️✔️search
️✔️latest
️✔️3.12
️✔️3.14
️✔️security
️✔️latest
️✔️3.12
️✔️3.14
️✔️servicebus
️✔️latest
️✔️3.12
️✔️3.14
️✔️serviceconnector
️✔️latest
️✔️3.12
️✔️3.14
️✔️servicefabric
️✔️latest
️✔️3.12
️✔️3.14
️✔️signalr
️✔️latest
️✔️3.12
️✔️3.14
️✔️sql
️✔️latest
️✔️3.12
️✔️3.14
️✔️sqlvm
️✔️latest
️✔️3.12
️✔️3.14
️✔️storage
️✔️latest
️✔️3.12
️✔️3.14
️✔️synapse
️✔️latest
️✔️3.12
️✔️3.14
️✔️telemetry
️✔️latest
️✔️3.12
️✔️3.14
️✔️util
️✔️latest
️✔️3.12
️✔️3.14
️✔️vm
️✔️latest
️✔️3.12
️✔️3.14

@azure-client-tools-bot-prd

azure-client-tools-bot-prd Bot commented Jul 1, 2026

Copy link
Copy Markdown
️✔️AzureCLI-BreakingChangeTest
️✔️Non Breaking Changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Ports the AKS upgrade fix from aks-preview into the core acs module so az aks upgrade avoids RP OperationNotAllowed errors by skipping Machines-mode agent pools during node-image-only and Kubernetes version upgrades.

Changes:

  • Skip Machines-mode agent pools during az aks upgrade --node-image-only, logging a warning instead of calling node image upgrade on unsupported pools.
  • Skip Machines-mode agent pools during “upgrade all nodepools” Kubernetes version upgrades, logging a warning instead of setting orchestrator_version.
  • Add unit tests covering both skip paths, and document the behavior in HISTORY.rst.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
src/azure-cli/HISTORY.rst Documents the new skip behavior for az aks upgrade.
src/azure-cli/azure/cli/command_modules/acs/custom.py Implements Machines-mode pool skipping for node-image-only and Kubernetes version upgrades with warnings.
src/azure-cli/azure/cli/command_modules/acs/_consts.py Introduces a constant for the Machines nodepool mode string.
src/azure-cli/azure/cli/command_modules/acs/tests/latest/test_custom.py Adds unit tests to ensure Machines-mode pools are not upgraded in either path.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/azure-cli/azure/cli/command_modules/acs/custom.py
Comment thread src/azure-cli/azure/cli/command_modules/acs/custom.py
@yonzhan

yonzhan commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

AKS

Comment thread src/azure-cli/HISTORY.rst Outdated

**AKS**

* `az aks upgrade`: Skip Machines mode agent pools during `--node-image-only` and Kubernetes version upgrade, which do not support these operations, instead of surfacing the raw RP OperationNotAllowed error

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please avoid adding release history here manually, it will automatically use the PR title or description as the history note.

@xuexu6666 xuexu6666 Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

Comment thread src/azure-cli/azure/cli/command_modules/acs/custom.py
@FumingZhang

Copy link
Copy Markdown
Member

Please also follow the guidance https://github.com/Azure/azure-cli/tree/dev/doc/authoring_command_modules#submitting-pull-requests to update your PR title, use [AKS] as prefix to leave a note in the next release

… HISTORY

- Make the Machines-mode comparison case-insensitive and None-safe in both
  the --node-image-only and Kubernetes version upgrade loops (per reviewer).
- Remove the manually-added HISTORY.rst entry; the release note is generated
  from the PR title/description.
@xuexu6666 xuexu6666 changed the title {AKS} skip Machines mode agent pool during upgrade [AKS] az aks upgrade: Skip Machines mode agent pools during node image and Kubernetes version upgrade Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

act-observability-squad AKS az aks/acs/openshift Auto-Assign Auto assign by bot

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants