Reading Time: 2 minutes

With release 2021-04-22 of AKS you can now Update your Windows node passwords via the CLI. Before this update you were unable to. This can be super annoying as you can set the node pools up without specifying passwords.

So, if you needed to login to the node for any reason you were unable to. One reason might have been to set the time on the Windows nodes. By default, Windows containers use the node’s time zone which is always UTC. Some applications might need the time zone set to a local one. With Windows 2022 containers you can use virtual time zones within the containers, but that’s another story all together.

Below I will walk you through the steps to change your Windows node pool password.

Warning

Warning: Currently in preview

So, for this you will need the AKS-Preview extension of AZ CLI. If you do not already have this installed, you can add it using.

Shell

Or to update your existing use.

Shell

Now that you have this you can use the az aks update command below. Just change the resource group and cluster name to yours.

Shell

It will take some time as it seems to do some nodes updates. So, a new node will be created in the background so it can update your existing. In the portal you will see something like this.

In a different terminal tab you can run kubectl get nodes and you will see a new one spinning up.

Once the password update has happened you will notice that the original node is back. So, when doing a password update it does the same thing a Kubernetes version update would do.

Some things to note on the password. You have some rules to follow.

  •                 – Minimum-length: 14 characters
  •                 – Max-length: 123 characters
  •                 – Complexity requirements: 3 out of 4 conditions below need to be fulfilled
  •                   * Has lower characters
  •                   * Has upper characters
  •                   * Has a digit
  •                   * Has a special character (Regex match [\\W_])
  •                 – Disallowed values:  “abc@123”, “P@$$w0rd”, “P@ssw0rd”, “P@ssword123”, “Pa$$word”, “pass@word1”, “Password!”, “Password1”, “Password22”, “iloveyou!”

Reference: https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.compute.models.virtualmachinescalesetosprofile.adminpassword?view=azure-dotnet

I hope you found this post helpful. Any comments or questions feel free to reach out.


Pixel Robots.

I’m Richard Hooper aka Pixel Robots. I started this blog in 2016 for a couple reasons. The first reason was basically just a place for me to store my step by step guides, troubleshooting guides and just plain ideas about being a sysadmin. The second reason was to share what I have learned and found out with other people like me. Hopefully, you can find something useful on the site.

1 Comment

Matt Boyd · March 8, 2023 at 2:55 pm

This is great, thanks saved me a lot of time!! Thanks!!

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *