I have logged some time ago How I have moved my Ghost blog to Azure Kubernetes.

The point is that periodically Kubernetes gets updated and as described in Upgrade an Azure Kubernetes Service (AKS) cluster:

As part of the lifecycle of an AKS cluster, you often need to upgrade to the latest Kubernetes version. It is important you apply the latest Kubernetes security releases, or upgrade to get the latest features.

So from my Azure CLI I have run the following command:

damiano@Azure:~$ az aks get-upgrades --resource-group RG_CuriaKube --name CuriaKube --output table

that shows me the following table:

Name     ResourceGroup    MasterVersion    Upgrades
-------  ---------------  ---------------  ----------
default  RG_CuriaKube     1.15.10          1.16.7

This shows that there are updates available!

Then I have proceeded with the upgrade:

damiano@Azure:~$ az aks upgrade --resource-group RG_CuriaKube --name CuriaKube --kubernetes-version 1.16.7
Kubernetes may be unavailable during cluster upgrades.
Are you sure you want to perform this operation? (y/n): y
Since control-plane-only argument is not specified, this will upgrade the control plane AND all nodepools to version 1.16.7. Continue? (y/N): y

This will output a very big json file, containing also some sensitive information like subscriptions and RSA keys, so I won't copy it here.
But hopefully it starts with:

{- Finished ..

Finally you will want to verify the success of the upgrade:

damiano@Azure:~$ az aks show --resource-group RG_CuriaKube --name CuriaKube --output table

and get something like:

Name       Location    ResourceGroup    KubernetesVersion    ProvisioningState    Fqdn
---------  ----------  ---------------  -------------------  -------------------  --------------------------------------------------------------
CuriaKube  westeurope  RG_CuriaKube     1.16.7               Succeeded            curiakube-rgcuriakube-119967-b8505c74.hcp.westeurope.azmk8s.io