Azure Kubernetes Service (AKS): How to change Windows node pool password

Reading Time: 2 minutes

With release 2021-04-22 of AKS you can now Update your Windows node passwords via the CLI. Before this update you were unable to. This can be super annoying as you can set the node pools up without specifying passwords.

So, if you needed to login to the node for any reason you were unable to. One reason might have been to set the time on the Windows nodes. By default, Windows containers use the node’s time zone which is always UTC. Some applications might need the time zone set to a local one. With Windows 2022 containers you can use virtual time zones within the containers, but that’s another story all together.

Below I will walk you through the steps to change your Windows node pool password.

So, for this you will need the AKS-Preview extension of AZ CLI. If you do not already have this installed, you can add it using.

Or to update your existing use.

Now that you have this you can use the az aks update command below. Just change the resource group and cluster name to yours.

It will take some time as it seems to do some nodes updates. So, a new node will be created in the background so it can update your existing. In the portal you will see something like this.

In a different terminal tab you can run kubectl get nodes and you will see a new one spinning up.

Once the password update has happened you will notice that the original node is back. So, when doing a password update it does the same thing a Kubernetes version update would do.

Some things to note on the password. You have some rules to follow.

•                 – Minimum-length: 14 characters
•                 – Max-length: 123 characters
•                 – Complexity requirements: 3 out of 4 conditions below need to be fulfilled
•                   * Has lower characters
•                   * Has upper characters
•                   * Has a digit
•                   * Has a special character (Regex match [\\W_])
•                 – Disallowed values:  “abc@123”, “P@$$w0rd”, “P@ssw0rd”, “P@ssword123”, “Pa$$word”, “pass@word1”, “Password!”, “Password1”, “Password22”, “iloveyou!”

Reference: https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.compute.models.virtualmachinescalesetosprofile.adminpassword?view=azure-dotnet

I hope you found this post helpful. Any comments or questions feel free to reach out.