Azure Kubernetes Service (AKS): How to change Windows node pool password

Published by Pixel Robots. on

Reading Time: 2 minutes
Share:
Twitter
LinkedIn
Facebook
Reddit
Whatsapp
Follow by Email

With release 2021-04-22 of AKS you can now Update your Windows node passwords via the CLI. Before this update you were unable to. This can be super annoying as you can set the node pools up without specifying passwords.

So, if you needed to login to the node for any reason you were unable to. One reason might have been to set the time on the Windows nodes. By default, Windows containers use the node’s time zone which is always UTC. Some applications might need the time zone set to a local one. With Windows 2022 containers you can use virtual time zones within the containers, but that’s another story all together.

Below I will walk you through the steps to change your Windows node pool password.

Warning

Warning: Currently in preview

So, for this you will need the AKS-Preview extension of AZ CLI. If you do not already have this installed, you can add it using.

Shell

Or to update your existing use.

Shell

Now that you have this you can use the az aks update command below. Just change the resource group and cluster name to yours.

Shell

It will take some time as it seems to do some nodes updates. So, a new node will be created in the background so it can update your existing. In the portal you will see something like this.

In a different terminal tab you can run kubectl get nodes and you will see a new one spinning up.

Once the password update has happened you will notice that the original node is back. So, when doing a password update it does the same thing a Kubernetes version update would do.

Some things to note on the password. You have some rules to follow.

  •                 – Minimum-length: 14 characters
  •                 – Max-length: 123 characters
  •                 – Complexity requirements: 3 out of 4 conditions below need to be fulfilled
  •                   * Has lower characters
  •                   * Has upper characters
  •                   * Has a digit
  •                   * Has a special character (Regex match [\\W_])
  •                 – Disallowed values:  “[email protected]”, “[email protected]$$w0rd”, “[email protected]”, “[email protected]”, “Pa$$word”, “[email protected]”, “Password!”, “Password1”, “Password22”, “iloveyou!”

Reference: https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.compute.models.virtualmachinescalesetosprofile.adminpassword?view=azure-dotnet

I hope you found this post helpful. Any comments or questions feel free to reach out.

Share:
Twitter
LinkedIn
Facebook
Reddit
Whatsapp
Follow by Email
Categories: AKSAzureKubernetes
Tags:

Pixel Robots.

I’m Richard Hooper aka Pixel Robots. I started this blog in 2016 for a couple reasons. The first reason was basically just a place for me to store my step by step guides, troubleshooting guides and just plain ideas about being a sysadmin. The second reason was to share what I have learned and found out with other people like me. Hopefully, you can find something useful on the site.

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

AKS

AKS burst to ACI when node pool is full

Reading Time: 4 minutes Share: The other day someone reached out to me via LinkedIn and asked is it possible to have a Kubernetes deployment deploy on to an Azure Kubernetes Service (AKS) node pool first and when the Read more…

AKS

First Look: GitOps on Azure Kubernetes Service using the AKS addon (preview)

Reading Time: 5 minutes Share: Recently I have been going through the AKS-Preview az cli extension and found reference to a GitOps AKS addon. I have been waiting for something like this to come to AKS for a long Read more…

AKS

ExternalDNS and Azure Kubernetes Service (AKS)

Reading Time: 4 minutes Share: If like me, you have been working with Azure Kubernetes Service (AKS) or any Kubernetes cluster and want to assign a DNS record to an ingress resource you must manually do it or script Read more…