How to upgrade Sitecore Managed Cloud Containers solutions to AKS 1.34


Description

The end of life of Azure Kubernetes Service (AKS) 1.33 is June 2026. Sitecore Managed Cloud Containers solutions, based on AKS 1.33, need to be updated to a newer version that uses AKS 1.34. For more details on AKS end of life and the consequences of deprecation refer to Microsoft documentation.

This article contains upgrade instructions for the Sitecore Managed Cloud Containers solution to the version that uses AKS 1.34.

Breaking Changes

No new breaking changes were introduced for AKS 1.34.

Upgrade Instructions

Follow these steps to upgrade the Sitecore Managed Cloud Containers solution to the version that uses AKS 1.34:

  1. Download an upgrade package for the needed topology and a version from the storage. There is a list of available upgrade packages:
    • Sitecore 10.2.0:
      • mcc.xp.upgrade.10.2.0-r.0.1.608691.nupkg
      • mcc.xm.upgrade.10.2.0-r.0.1.608691.nupkg
    • Sitecore 10.2.1:
      • mcc.xp.upgrade.10.2.1-r.0.1.608690.nupkg
      • mcc.xm.upgrade.10.2.1-r.0.1.608690.nupkg
    • Sitecore 10.2.2:
      • mcc.xp.upgrade.10.2.2-r.0.1.608677.nupkg
      • mcc.xm.upgrade.10.2.2-r.0.1.608677.nupkg
    • Sitecore 10.3.0:
      • mcc.xp.upgrade.10.3.0-r.0.1.608676.nupkg
      • mcc.xm.upgrade.10.3.0-r.0.1.608676.nupkg
    • Sitecore 10.3.1:
      • mcc.xp.upgrade.10.3.1-r.0.1.608665.nupkg
      • mcc.xm.upgrade.10.3.1-r.0.1.608665.nupkg
    • Sitecore 10.3.2:
      • mcc.xp.upgrade.10.3.2-r.0.1.608664.nupkg
      • mcc.xm.upgrade.10.3.2-r.0.1.608664.nupkg
    • Sitecore 10.3.3:
      • mcc.xp.upgrade.10.3.3-r.0.1.608660.nupkg
      • mcc.xm.upgrade.10.3.3-r.0.1.608660.nupkg
    • Sitecore 10.4.0:
      • mcc.xp.upgrade.10.4.0-r.0.1.608659.nupkg
      • mcc.xm.upgrade.10.4.0-r.0.1.608659.nupkg
    • Sitecore 10.4.1:
      • mcc.xp.upgrade.10.4.1-r.0.1.608547.nupkg
      • mcc.xm.upgrade.10.4.1-r.0.1.608547.nupkg
  2. Install the upgrade package to your solution (follow the guideline for Sitecore 10.2)
  3. Before merging the changes to the Infrastructure repo, the following steps need to be taken due to an update of terraform providers:
    • MCC with no DR
      1. Go to the infrastructure repo.
      2. In the feature branch, open the pipelines/compose/infrastructure.compose.yaml file and add the following code under the services: section.
            terraform-state-update:
            image: ${TERRAFORM_RUNNER_IMAGE}
            entrypoint: |
              /bin/sh -c "\
                cd terraform;
                terraform state list;
                terraform state rm 'module.sql-server[0].azurerm_sql_server.sql-server'
                terraform import 'module.sql-server[0].azurerm_mssql_server.sql-server' '/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${TF_VAR_resource_group_name}/providers/Microsoft.Sql/servers/${TF_VAR_resource_group_name}sql'
                terraform state rm 'module.sql-server[0].azurerm_sql_firewall_rule.firewall_azure_resources'
                terraform import 'module.sql-server[0].azurerm_mssql_firewall_rule.firewall_azure_resources' '/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${TF_VAR_resource_group_name}/providers/Microsoft.Sql/servers/${TF_VAR_resource_group_name}sql/firewallRules/allow_azure'
                terraform state list;
              "
            environment:
              - ARM_SUBSCRIPTION_ID
              - ARM_TENANT_ID
              - ARM_CLIENT_ID
              - ARM_CLIENT_SECRET
              - TF_VAR_resource_group_name
              - TF_VAR_azure_key_vault_name
              - TF_VAR_hadr_config
            volumes:
              - ${MOUNT_PATH}:/terraform
            networks:
              - terraform
      3. In the feature branch, open pipelines/templates/infrastructure.yaml and insert the following code before the Terraform plan task.
        - script: |
      docker compose -f infrastructure.compose.yaml --env-file .env up --exit-code-from terraform-state-update terraform-state-update
    displayName: "Terraform state update"
    workingDirectory: $(Build.SourcesDirectory)/pipelines/compose
      4. Run the infrastructure pipeline from the feature branch.
      5. Once completed, remove code added in steps 2 and 3 from the feature branch.
      6. Proceed with completing the Pull Request.
    • MCC with hot DR
      1. Go to the infrastructure repo.
      2. in the feature branch, open the config/remote-mcc-modules/modules.json file, and update the following the modules "acr-dr", "hadr-dr" and "sql-elasticpool-dr" to:
        • "1.0.18" in case of FrontDoor Standard
        • "1.0.18.1" in case of FrontDoor Classic
      3. In the feature branch, open the pipelines/compose/infrastructure.compose.yaml file and perform the following steps:
        • Add the code below under services: section:
            terraform-state-update:
    image: ${TERRAFORM_RUNNER_IMAGE}
    entrypoint: |
      /bin/sh -c "\
        cd terraform;
        terraform state list;
        terraform state rm 'module.sql-server[0].azurerm_sql_server.sql-server'
        terraform import 'module.sql-server[0].azurerm_mssql_server.sql-server' '/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${TF_VAR_resource_group_name}/providers/Microsoft.Sql/servers/${TF_VAR_resource_group_name}sql'
        terraform state rm 'module.sql-server[0].azurerm_sql_firewall_rule.firewall_azure_resources'
        terraform import 'module.sql-server[0].azurerm_mssql_firewall_rule.firewall_azure_resources' '/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${TF_VAR_resource_group_name}/providers/Microsoft.Sql/servers/${TF_VAR_resource_group_name}sql/firewallRules/allow_azure'
        terraform state rm 'module.sql-server[0].azurerm_sql_firewall_rule.sql_firewall_azure_resources'
        terraform import 'module.sql-server[0].azurerm_mssql_firewall_rule.sql_firewall_azure_resources' '/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${TF_VAR_resource_group_name}dr/providers/Microsoft.Sql/servers/${TF_VAR_resource_group_name}sql-secondary/firewallRules/allow_azure'
        terraform state rm 'module.sql-server[0].azurerm_sql_failover_group.this'
        terraform import 'module.sql-server[0].azurerm_mssql_failover_group.this' '/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${TF_VAR_resource_group_name}/providers/Microsoft.Sql/servers/${TF_VAR_resource_group_name}sql/failoverGroups/${TF_VAR_resource_group_name}fg'
        terraform state rm 'module.sql-server[0].azurerm_sql_server.secondary'
        terraform import 'module.sql-server[0].azurerm_mssql_server.secondary' '/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${TF_VAR_resource_group_name}dr/providers/Microsoft.Sql/servers/${TF_VAR_resource_group_name}sql-secondary'
        terraform state list;
      "
    environment:
      - ARM_SUBSCRIPTION_ID
      - ARM_TENANT_ID
      - ARM_CLIENT_ID
      - ARM_CLIENT_SECRET
      - TF_VAR_resource_group_name
      - TF_VAR_azure_key_vault_name
      - TF_VAR_hadr_config
    volumes:
      - ${MOUNT_PATH}:/terraform
    networks:
      - terraform
  terraform-state-update-secondary:
    image: ${TERRAFORM_RUNNER_IMAGE}
    entrypoint: |
      /bin/sh -c "\
        cd terraform;
        terraform state list;
        terraform state rm 'module.hadr[0].module.dr-automation-runbook-failure[0].azurerm_template_deployment.automation_runbook_failure_alert'
        terraform import 'module.hadr[0].module.dr-automation-runbook-failure[0].azurerm_resource_group_template_deployment.automation_runbook_failure_alert' '/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${TF_VAR_resource_group_name}drc/providers/Microsoft.Resources/deployments/<RESOURCE_GROUP_DAA_DEPLOYMENT_NAME>'
        terraform state rm 'module.hadr[0].module.dr-control-automation-account[0].azurerm_template_deployment.automation_runbook_webhook'
        terraform import 'module.hadr[0].module.dr-control-automation-account[0].azurerm_resource_group_template_deployment.automation_runbook_webhook' '/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${TF_VAR_resource_group_name}drc/providers/Microsoft.Resources/deployments/<RESOURCE_GROUP_INGRESSWEBHOOK_DEPLOYMENT_NAME>'
        terraform state list;
      "
    environment:
      - ARM_SUBSCRIPTION_ID
      - ARM_TENANT_ID
      - ARM_CLIENT_ID
      - ARM_CLIENT_SECRET
      - TF_VAR_resource_group_name
      - TF_VAR_azure_key_vault_name
      - TF_VAR_hadr_config
    volumes:
      - ${MOUNT_PATH}:/terraform
    networks:
      - terraform
        • Replace the <RESOURCE_GROUP_DAA_DEPLOYMENT_NAME> and <RESOURCE_GROUP_INGRESSWEBHOOK_DEPLOYMENT_NAME> with the proper deployment names found under the <infrastructure-id>drc resource group.
      4. In the feature branch, open the pipelines/templates/infrastructure.yaml file, and add the code below before the Terraform plan task:
        - ${{ if eq(parameters.isSecondaryRegion,'True') }}:
  - script: |
      docker compose -f infrastructure.compose.yaml --env-file .env up --exit-code-from terraform-state-update-secondary terraform-state-update-secondary
    displayName: "Terraform state update"
    workingDirectory: $(Build.SourcesDirectory)/pipelines/compose
- ${{ else }}:
  - script: |
      docker compose -f infrastructure.compose.yaml --env-file .env up --exit-code-from terraform-state-update terraform-state-update
    displayName: "Terraform state update"
    workingDirectory: $(Build.SourcesDirectory)/pipelines/compose
      5. Run the infrastructure pipeline from the feature branch with the Synchronize primary to secondary checkbox selected:
        image-20260218-144940.png
      6. Once completed, remove code added in steps 3 and 4 from the feature branch.
      7. Proceed with completing the Pull Request.
    • MCC with cold DR
      1. Go to the infrastructure repo.
      2. In the feature branch, open the config/remote-mcc-modules/modules.json file, and update the following the modules "acr-dr", "hadr-dr" and "sql-elasticpool-dr" to:
        • "1.0.18" in case of FrontDoor Standard.
        • "1.0.18.1" in case of FrontDoor Classic.
      3. In the feature branch, open the pipelines/compose/infrastructure.compose.yaml file, and add code below under services: section:
          terraform-state-update:
    image: ${TERRAFORM_RUNNER_IMAGE}
    entrypoint: |
      /bin/sh -c "\
        cd terraform;
        terraform state list;
        terraform state rm 'module.sql-server[0].azurerm_sql_server.sql-server'
        terraform import 'module.sql-server[0].azurerm_mssql_server.sql-server' '/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${TF_VAR_resource_group_name}/providers/Microsoft.Sql/servers/${TF_VAR_resource_group_name}sql'
        terraform state rm 'module.sql-server[0].azurerm_sql_firewall_rule.firewall_azure_resources'
        terraform import 'module.sql-server[0].azurerm_mssql_firewall_rule.firewall_azure_resources' '/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${TF_VAR_resource_group_name}/providers/Microsoft.Sql/servers/${TF_VAR_resource_group_name}sql/firewallRules/allow_azure'
        terraform state rm 'module.sql-server[0].azurerm_sql_firewall_rule.sql_firewall_azure_resources'
        terraform import 'module.sql-server[0].azurerm_mssql_firewall_rule.sql_firewall_azure_resources' '/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${TF_VAR_resource_group_name}dr/providers/Microsoft.Sql/servers/${TF_VAR_resource_group_name}sql-secondary/firewallRules/allow_azure'
        terraform state rm 'module.sql-server[0].azurerm_sql_failover_group.this'
        terraform import 'module.sql-server[0].azurerm_mssql_failover_group.this' '/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${TF_VAR_resource_group_name}/providers/Microsoft.Sql/servers/${TF_VAR_resource_group_name}sql/failoverGroups/${TF_VAR_resource_group_name}fg'
        terraform state rm 'module.sql-server[0].azurerm_sql_server.secondary'
        terraform import 'module.sql-server[0].azurerm_mssql_server.secondary' '/subscriptions/${ARM_SUBSCRIPTION_ID}/resourceGroups/${TF_VAR_resource_group_name}dr/providers/Microsoft.Sql/servers/${TF_VAR_resource_group_name}sql-secondary'
        terraform state list;
      "
    environment:
      - ARM_SUBSCRIPTION_ID
      - ARM_TENANT_ID
      - ARM_CLIENT_ID
      - ARM_CLIENT_SECRET
      - TF_VAR_resource_group_name
      - TF_VAR_azure_key_vault_name
      - TF_VAR_hadr_config
    volumes:
      - ${MOUNT_PATH}:/terraform
    networks:
      - terraform
      4. Open the pipelines/templates/infrastructure.yaml file in the feature branch, and add code below before the Terraform plan task:
        - script: |
      docker compose -f infrastructure.compose.yaml --env-file .env up --exit-code-from terraform-state-update terraform-state-update
    displayName: "Terraform state update"
    workingDirectory: $(Build.SourcesDirectory)/pipelines/compose
      5. Run the infrastructure pipeline from the feature branch with the Update outage app checkbox cleared:
        image-20260218-145857.png
      6. Once completed, remove code added in steps 3 and 4 from the feature branch.
      7. Proceed with merging the Pull Request.
  4. After merging changes to Infrastructure repo, proceed as follows:
    • If the environment does not have DR installed, run the Infrastructure pipeline.
    • If the environment uses DR Managed Hot, run the Infrastructure pipeline with Synchronize primary to secondary selected.
    • If the environment uses DR Basic Cold Standby, run the Infrastructure pipeline with Update outage app selected.
  5. After merging changes to Application repo, run the Application pipeline.
  6. Run the check cluster upgrades pipeline.
  7. Run the cluster version upgrade pipeline (Kubernetes_version 1.34.0).
  8. If the environment uses DR Managed Hot, run the dr cluster version upgrade pipeline (Kubernetes_version 1.34.0).