diff --git a/cluster/ansible/manifests/group_vars/k8s_cluster/k8s-cluster.yml b/cluster/ansible/manifests/group_vars/k8s_cluster/k8s-cluster.yml
index 3ae96d13..47c79207 100644
--- a/cluster/ansible/manifests/group_vars/k8s_cluster/k8s-cluster.yml
+++ b/cluster/ansible/manifests/group_vars/k8s_cluster/k8s-cluster.yml
@@ -46,7 +46,7 @@ kube_oidc_auth: true
 ## Variables for OpenID Connect Configuration https://kubernetes.io/docs/admin/authentication/
 ## To use OpenID you have to deploy additional an OpenID Provider (e.g Dex, Keycloak, ...)
 
-kube_oidc_url: https://login.microsoftonline.com/cf151ee8-5c2c-4fe7-a1c4-809ba43c9f24
+kube_oidc_url: https://login.microsoftonline.com/cf151ee8-5c2c-4fe7-a1c4-809ba43c9f24/v2.0
 kube_oidc_client_id: 7cd1df19-24ea-46d7-acd3-5336283139e0
 ## Optional settings for OIDC
 # kube_oidc_ca_file: "{{ kube_cert_dir }}/ca.pem"
diff --git a/cluster/ansible/upgrade-cluster.sh b/cluster/ansible/upgrade-cluster.sh
new file mode 100755
index 00000000..5a6db765
--- /dev/null
+++ b/cluster/ansible/upgrade-cluster.sh
@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+set -eu -o pipefail
+
+# Check if `init.sh` has not run
+if [ ! -d venv ]; then
+    echo "Please run init.sh first."
+    exit 1
+fi
+
+# Check if kubespray has not been cloned and its empty
+if [ ! -d ../../3rd/kubespray ]; then
+    echo "Please run 'git submoudle --init --recursive' first."
+    exit 1
+fi
+
+# Check if `inventory.ini` has not been created
+if [ ! -f ../../cluster/ansible/manifests/inventory.ini ]; then
+    echo "Please create your own inventory.ini first."
+    exit 1
+fi
+
+cd ../../3rd/kubespray && ansible-playbook -i ../../cluster/ansible/manifests/inventory.ini ./upgrade-cluster.yml -kK -b
\ No newline at end of file