Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
For CVE-2019-5736 (runc container breakout)
# works with both Get-AzAks cluster object and az aks list | ConvertFrom-Json PSCustomObjects
function Get-AKSHotfixVersion {
$hotfixVersions = @{'12'='1.12.5'; '11'='1.11.7'; '10'='1.10.12'; '9'='1.9.11'}
foreach ($cluster in $AKSCluster) {
$currentVersion = $cluster.KubernetesVersion
[string]$majorRelease = $currentVersion.split('.')[1]
$hotfixVersion = $hotfixVersions.$majorRelease
$mySubscriptions = $(az account list --query [].id -o tsv)
foreach ($subscription in $mySubscriptions) {
$clusters = $(az aks list --subscription $subscription) | ConvertFrom-Json
foreach ($cluster in $clusters) {
$targetVersion = Get-AKSHotfixVersion -AKSCluster $cluster
az aks upgrade --resource-group $($cluster.resourceGroup) --name $($ --kubernetes-version $targetVersion --subscription $subscription --no-wait --yes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment