الملاحظات

az aks

  • Reference

Manage Azure Kubernetes Services.

Commands

az aks addon

Commands to manage and view single addon conditions.
az aks addon disable

Disable an enabled Kubernetes addon in a cluster.
az aks addon enable

Enable a Kubernetes addon.
az aks addon list

List status of all Kubernetes addons in given cluster.
az aks addon list-available

List available Kubernetes addons.
az aks addon show

Show status and configuration for an enabled Kubernetes addon in a given cluster.
az aks addon update

Update an already enabled Kubernetes addon.
az aks app

Commands to manage AKS app.
az aks app up

Deploy to AKS via GitHub actions.
az aks browse

Show the dashboard for a Kubernetes cluster in a web browser.
az aks check-acr

Validate an ACR is accessible from an AKS cluster.
az aks command

See detail usage in 'az aks command invoke', 'az aks command result'.
az aks command invoke

Run a shell command (with kubectl, helm) on your aks cluster, support attaching files as well.
az aks command result

Fetch result from previously triggered 'aks command invoke'.
az aks create

Create a new managed Kubernetes cluster.
az aks delete

Delete a managed Kubernetes cluster.
az aks disable-addons

Disable Kubernetes addons.
az aks egress-endpoints

Commands to manage egress endpoints in managed Kubernetes cluster.
az aks egress-endpoints list

List egress endpoints that are required or recommended to be whitelisted for a cluster.
az aks enable-addons

Enable Kubernetes addons.
az aks get-credentials

Get access credentials for a managed Kubernetes cluster.
az aks get-os-options

Get the OS options available for creating a managed Kubernetes cluster.
az aks get-upgrades

Get the upgrade versions available for a managed Kubernetes cluster.
az aks get-versions

Get the versions available for creating a managed Kubernetes cluster.
az aks install-cli

Download and install kubectl, the Kubernetes command-line tool. Download and install kubelogin, a client-go credential (exec) plugin implementing azure authentication.
az aks kanalyze

Display diagnostic results for the Kubernetes cluster after kollect is done.
az aks kollect

Collecting diagnostic information for the Kubernetes cluster.
az aks list

List managed Kubernetes clusters.
az aks maintenanceconfiguration

Commands to manage maintenance configurations in managed Kubernetes cluster.
az aks maintenanceconfiguration add

Add a maintenance configuration in managed Kubernetes cluster.
az aks maintenanceconfiguration delete

Delete a maintenance configuration in managed Kubernetes cluster.
az aks maintenanceconfiguration list

List maintenance configurations in managed Kubernetes cluster.
az aks maintenanceconfiguration show

Show the details of a maintenance configuration in managed Kubernetes cluster.
az aks maintenanceconfiguration update

Update a maintenance configuration of a managed Kubernetes cluster.
az aks nodepool

Commands to manage node pools in Kubernetes kubernetes cluster.
az aks nodepool add

Add a node pool to the managed Kubernetes cluster.
az aks nodepool delete

Delete the agent pool in the managed Kubernetes cluster.
az aks nodepool get-upgrades

Get the available upgrade versions for an agent pool of the managed Kubernetes cluster.
az aks nodepool list

List node pools in the managed Kubernetes cluster. To get list of nodes in the cluster run kubectl get nodes command.
az aks nodepool scale

Scale the node pool in a managed Kubernetes cluster.
az aks nodepool show

Show the details for a node pool in the managed Kubernetes cluster.
az aks nodepool snapshot

Commands to manage nodepool snapshots.
az aks nodepool snapshot create

Create a nodepool snapshot.
az aks nodepool snapshot delete

Delete a nodepool snapshot.
az aks nodepool snapshot list

List nodepool snapshots.
az aks nodepool snapshot show

Show the details of a nodepool snapshot.
az aks nodepool snapshot wait

Wait for a nodepool snapshot to reach a desired state.
az aks nodepool start

Start stopped agent pool in the managed Kubernetes cluster.
az aks nodepool stop

Stop running agent pool in the managed Kubernetes cluster.
az aks nodepool update

Update a node pool to enable/disable cluster-autoscaler or change min-count or max-count.
az aks nodepool upgrade

Upgrade the node pool in a managed Kubernetes cluster.
az aks nodepool wait

Wait for a node pool to reach a desired state.
az aks pod-identity

Commands to manage pod identities in managed Kubernetes cluster.
az aks pod-identity add

Add a pod identity to a managed Kubernetes cluster.
az aks pod-identity delete

Remove a pod identity from a managed Kubernetes cluster.
az aks pod-identity exception

Commands to manage pod identity exceptions in managed Kubernetes cluster.
az aks pod-identity exception add

Add a pod identity exception to a managed Kubernetes cluster.
az aks pod-identity exception delete

Remove a pod identity exception from a managed Kubernetes cluster.
az aks pod-identity exception list

List pod identity exceptions in a managed Kubernetes cluster.
az aks pod-identity exception update

Update a pod identity exception in a managed Kubernetes cluster.
az aks pod-identity list

List pod identities in a managed Kubernetes cluster.
az aks remove-dev-spaces

Remove Azure Dev Spaces from a managed Kubernetes cluster.
az aks rotate-certs

Rotate certificates and keys on a managed Kubernetes cluster.
az aks scale

Scale the node pool in a managed Kubernetes cluster.
az aks show

Show the details for a managed Kubernetes cluster.
az aks snapshot

Commands to manage nodepool snapshots.
az aks snapshot create

Create a nodepool snapshot.
az aks snapshot delete

Delete a nodepool snapshot.
az aks snapshot list

List nodepool snapshots.
az aks snapshot show

Show the details of a nodepool snapshot.
az aks snapshot wait

Wait for a nodepool snapshot to reach a desired state.
az aks start

Starts a previously stopped Managed Cluster.
az aks stop

Stops a Managed Cluster.
az aks update

Update a managed Kubernetes cluster.
az aks update-credentials

Update credentials for a managed Kubernetes cluster, like service principal.
az aks upgrade

Upgrade a managed Kubernetes cluster to a newer version.
az aks use-dev-spaces

Use Azure Dev Spaces with a managed Kubernetes cluster.
az aks wait

Wait for a managed Kubernetes cluster to reach a desired state.

az aks browse

Edit

Show the dashboard for a Kubernetes cluster in a web browser.

az aks browse --name
              --resource-group
              [--disable-browser]
              [--listen-address]
              [--listen-port]

Examples

Show the dashboard for a Kubernetes cluster in a web browser. (autogenerated)

az aks browse --name MyManagedCluster --resource-group MyResourceGroup

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--disable-browser

Don't launch a web browser after establishing port-forwarding.

--listen-address

The listening address for the dashboard.

default value: 127.0.0.1
--listen-port

The listening port for the dashboard.

default value: 8001

az aks check-acr

Edit

Validate an ACR is accessible from an AKS cluster.

az aks check-acr --acr
                 --name
                 --resource-group

Examples

Validate the ACR is accessible from the AKS cluster.

az aks check-acr --name MyManagedCluster --resource-group MyResourceGroup --acr myacr.azurecr.io

Required Parameters

--acr

The FQDN of the ACR.

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az aks create

Edit

Create a new managed Kubernetes cluster.

az aks create --name
              --resource-group
              [--aad-admin-group-object-ids]
              [--aad-client-app-id]
              [--aad-server-app-id]
              [--aad-server-app-secret]
              [--aad-tenant-id]
              [--aci-subnet-name]
              [--admin-username]
              [--aks-custom-headers]
              [--api-server-authorized-ip-ranges]
              [--appgw-id]
              [--appgw-name]
              [--appgw-subnet-cidr]
              [--appgw-subnet-id]
              [--appgw-watch-namespace]
              [--assign-identity]
              [--assign-kubelet-identity]
              [--attach-acr]
              [--auto-upgrade-channel {node-image, none, patch, rapid, stable}]
              [--ca-profile]
              [--client-secret]
              [--disable-local-accounts]
              [--disable-public-fqdn]
              [--disable-rbac]
              [--dns-name-prefix]
              [--dns-service-ip]
              [--docker-bridge-address]
              [--edge-zone]
              [--enable-aad]
              [--enable-addons]
              [--enable-ahub]
              [--enable-azure-rbac]
              [--enable-cluster-autoscaler]
              [--enable-encryption-at-host]
              [--enable-fips-image]
              [--enable-managed-identity]
              [--enable-msi-auth-for-monitoring {false, true}]
              [--enable-node-public-ip]
              [--enable-private-cluster]
              [--enable-rbac]
              [--enable-secret-rotation]
              [--enable-sgxquotehelper]
              [--enable-ultra-ssd]
              [--enable-windows-gmsa]
              [--fqdn-subdomain]
              [--generate-ssh-keys]
              [--gmsa-dns-server]
              [--gmsa-root-domain-name]
              [--kubelet-config]
              [--kubernetes-version]
              [--linux-os-config]
              [--load-balancer-idle-timeout]
              [--load-balancer-managed-outbound-ip-count]
              [--load-balancer-outbound-ip-prefixes]
              [--load-balancer-outbound-ips]
              [--load-balancer-outbound-ports]
              [--load-balancer-sku]
              [--location]
              [--max-count]
              [--max-pods]
              [--min-count]
              [--nat-gateway-idle-timeout]
              [--nat-gateway-managed-outbound-ip-count]
              [--network-plugin {azure, kubenet}]
              [--network-policy]
              [--no-ssh-key]
              [--no-wait]
              [--node-count]
              [--node-osdisk-diskencryptionset-id]
              [--node-osdisk-size]
              [--node-osdisk-type {Ephemeral, Managed}]
              [--node-public-ip-prefix-id]
              [--node-vm-size]
              [--nodepool-labels]
              [--nodepool-name]
              [--nodepool-tags]
              [--os-sku {CBLMariner, Ubuntu}]
              [--outbound-type {loadBalancer, managedNATGateway, userAssignedNATGateway, userDefinedRouting}]
              [--pod-cidr]
              [--pod-subnet-id]
              [--ppg]
              [--private-dns-zone]
              [--rotation-poll-interval]
              [--service-cidr]
              [--service-principal]
              [--skip-subnet-role-assignment]
              [--snapshot-id]
              [--ssh-key-value]
              [--tags]
              [--uptime-sla]
              [--vm-set-type]
              [--vnet-subnet-id]
              [--windows-admin-password]
              [--windows-admin-username]
              [--workspace-resource-id]
              [--yes]
              [--zones {1, 2, 3}]

Examples

Create a Kubernetes cluster with an existing SSH public key.

az aks create -g MyResourceGroup -n MyManagedCluster --ssh-key-value /path/to/publickey

Create a Kubernetes cluster with a specific version.

az aks create -g MyResourceGroup -n MyManagedCluster --kubernetes-version 1.16.9

Create a Kubernetes cluster with a larger node pool.

az aks create -g MyResourceGroup -n MyManagedCluster --node-count 7

Create a kubernetes cluster with k8s 1.13.9 but use vmas.

az aks create -g MyResourceGroup -n MyManagedCluster --kubernetes-version 1.16.9 --vm-set-type AvailabilitySet

Create a kubernetes cluster with default kubernetes version, default SKU load balancer (Standard) and default vm set type (VirtualMachineScaleSets).

az aks create -g MyResourceGroup -n MyManagedCluster

Create a kubernetes cluster with standard SKU load balancer and two AKS created IPs for the load balancer outbound connection usage.

az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-managed-outbound-ip-count 2

Create a kubernetes cluster with a standard SKU load balancer, with two outbound AKS managed IPs an idle flow timeout of 5 minutes and 8000 allocated ports per machine

az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-managed-outbound-ip-count 2 --load-balancer-idle-timeout 5 --load-balancer-outbound-ports 8000

Create a kubernetes cluster with standard SKU load balancer and use the provided public IPs for the load balancer outbound connection usage.

az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-outbound-ips <ip-resource-id-1,ip-resource-id-2>

Create a kubernetes cluster with standard SKU load balancer and use the provided public IP prefixes for the load balancer outbound connection usage.

az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-outbound-ip-prefixes <ip-prefix-resource-id-1,ip-prefix-resource-id-2>

Create a kubernetes cluster with a AKS managed NAT gateway, with two outbound AKS managed IPs an idle flow timeout of 4 minutes

az aks create -g MyResourceGroup -n MyManagedCluster --nat-gateway-managed-outbound-ip-count 2 --nat-gateway-idle-timeout 4 --outbound-type managedNATGateway --generate-ssh-keys

Create a kubernetes cluster with basic SKU load balancer and AvailabilitySet vm set type.

az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-sku basic --vm-set-type AvailabilitySet

Create a kubernetes cluster with authorized apiserver IP ranges.

az aks create -g MyResourceGroup -n MyManagedCluster --api-server-authorized-ip-ranges 193.168.1.0/24,194.168.1.0/24,195.168.1.0

Create a kubernetes cluster which enables managed identity.

az aks create -g MyResourceGroup -n MyManagedCluster --enable-managed-identity

Create a kubernetes cluster with userDefinedRouting, standard load balancer SKU and a custom subnet preconfigured with a route table

az aks create -g MyResourceGroup -n MyManagedCluster --outbound-type userDefinedRouting --load-balancer-sku standard --vnet-subnet-id customUserSubnetVnetID

Create a kubernetes cluster with supporting Windows agent pools.

az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-sku Standard --network-plugin azure --windows-admin-username azure --windows-admin-password 'replacePassword1234$'

Create a kubernetes cluster with supporting Windows agent pools with AHUB enabled.

az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-sku Standard --network-plugin azure --windows-admin-username azure --windows-admin-password 'replacePassword1234$' --enable-ahub

Create a kubernetes cluster with managed AAD enabled.

az aks create -g MyResourceGroup -n MyManagedCluster --enable-aad --aad-admin-group-object-ids <id-1,id-2> --aad-tenant-id <id>

Create a kubernetes cluster with server side encryption using your owned key.

az aks create -g MyResourceGroup -n MyManagedCluster --node-osdisk-diskencryptionset-id <disk-encryption-set-resource-id>

Create a kubernetes cluster with ephemeral OS enabled.

az aks create -g MyResourceGroup -n MyManagedCluster --node-osdisk-type Ephemeral --node-osdisk-size 48

Create a kubernetes cluster with EncryptionAtHost enabled.

az aks create -g MyResourceGroup -n MyManagedCluster --enable-encryption-at-host

Create a kubernetes cluster with UltraSSD enabled.

az aks create -g MyResourceGroup -n MyManagedCluster --enable-ultra-ssd

Create a kubernetes cluster with Azure RBAC enabled.

az aks create -g MyResourceGroup -n MyManagedCluster --enable-aad --enable-azure-rbac

Create a kubernetes cluster with custom control plane identity and kubelet identity.

az aks create -g MyResourceGroup -n MyManagedCluster --assign-identity <control-plane-identity-resource-id> --assign-kubelet-identity <kubelet-identity-resource-id>

Create a kubernetes cluster in the Edge Zone.

az aks create -g MyResourceGroup -n MyManagedCluster --location <location> --kubernetes-version 1.20.7 --edge-zone <edge-zone-name>

Create a kubernetes cluster with a specific OS SKU

az aks create -g MyResourceGroup -n MyManagedCluster --os-sku Ubuntu

Create a kubernetes cluster with custom tags

az aks create -g MyResourceGroup -n MyManagedCluster --tags "foo=bar" "baz=qux"

Create a kubernetes cluster with custom headers

az aks create -g MyResourceGroup -n MyManagedCluster --aks-custom-headers WindowsContainerRuntime=containerd,AKSHTTPCustomFeatures=Microsoft.ContainerService/CustomNodeConfigPreview

Create a kubernetes cluster with FIPS-enabled OS

az aks create -g MyResourceGroup -n MyManagedCluster --enable-fips-image

Create a kubernetes cluster with enabling Windows gmsa and with setting DNS server in the vnet used by the cluster.

az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-sku Standard --network-plugin azure --windows-admin-username azure --windows-admin-password 'replacePassword1234$' --enable-windows-gmsa

Create a kubernetes cluster with enabling Windows gmsa but without setting DNS server in the vnet used by the cluster.

az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-sku Standard --network-plugin azure --windows-admin-username azure --windows-admin-password 'replacePassword1234$' --enable-windows-gmsa --gmsa-dns-server "10.240.0.4" --gmsa-root-domain-name "contoso.com"

create a kubernetes cluster with a snapshot id.

az aks create -g MyResourceGroup -n MyManagedCluster --kubernetes-version 1.20.9 --snapshot-id "/subscriptions/00000/resourceGroups/AnotherResourceGroup/providers/Microsoft.ContainerService/snapshots/mysnapshot1"

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--aad-admin-group-object-ids

Comma seperated list of aad group object IDs that will be set as cluster admin.

--aad-client-app-id

The ID of an Azure Active Directory client application of type "Native". This application is for user login via kubectl.

--aad-server-app-id

The ID of an Azure Active Directory server application of type "Web app/API". This application represents the managed cluster's apiserver (Server application).

--aad-server-app-secret

The secret of an Azure Active Directory server application.

--aad-tenant-id

The ID of an Azure Active Directory tenant.

--aci-subnet-name

The name of a subnet in an existing VNet into which to deploy the virtual nodes.

--admin-username -u

User account to create on node VMs for SSH access.

default value: azureuser
--aks-custom-headers

Comma-separated key-value pairs to specify custom headers.

--api-server-authorized-ip-ranges

Comma seperated list of authorized apiserver IP ranges. Set to 0.0.0.0/32 to restrict apiserver traffic to node pools.

--appgw-id

Resource Id of an existing Application Gateway to use with AGIC. Use with ingress-azure addon.

--appgw-name

Name of the application gateway to create/use in the node resource group. Use with ingress-azure addon.

--appgw-subnet-cidr

Subnet CIDR to use for a new subnet created to deploy the Application Gateway. Use with ingress-azure addon.

--appgw-subnet-id

Resource Id of an existing Subnet used to deploy the Application Gateway. Use with ingress-azure addon.

--appgw-watch-namespace

Specify the namespace, which AGIC should watch. This could be a single string value, or a comma-separated list of namespaces.

--assign-identity

Specify an existing user assigned identity for control plane's usage in order to manage cluster resource group.

--assign-kubelet-identity

Specify an existing user assigned identity for kubelet's usage, which is typically used to pull image from ACR.

--attach-acr

Grant the 'acrpull' role assignment to the ACR specified by name or resource ID.

--auto-upgrade-channel

Specify the upgrade channel for autoupgrade.

accepted values: node-image, none, patch, rapid, stable
--ca-profile --cluster-autoscaler-profile

Space-separated list of key=value pairs for configuring cluster autoscaler. Pass an empty string to clear the profile.

--client-secret

Secret associated with the service principal. This argument is required if --service-principal is specified.

--disable-local-accounts

If set to true, getting static credential will be disabled for this cluster.

--disable-public-fqdn

Disable public fqdn feature for private cluster.

--disable-rbac

Disable Kubernetes Role-Based Access Control.

--dns-name-prefix -p

Prefix for hostnames that are created. If not specified, generate a hostname using the managed cluster and resource group names.

--dns-service-ip

An IP address assigned to the Kubernetes DNS service.

--docker-bridge-address

A specific IP address and netmask for the Docker bridge, using standard CIDR notation.

--edge-zone

The name of the Edge Zone.

--enable-aad

Enable managed AAD feature for cluster.

--enable-addons -a

Enable the Kubernetes addons in a comma-separated list.

--enable-ahub

Enable Azure Hybrid User Benefits (AHUB) for Windows VMs.

--enable-azure-rbac

Enable Azure RBAC to control authorization checks on cluster.

--enable-cluster-autoscaler

Enable cluster autoscaler, default value is false.

--enable-encryption-at-host

Enable EncryptionAtHost, default value is false.

--enable-fips-image

Use FIPS-enabled OS on agent nodes.

--enable-managed-identity

Using a system assigned managed identity to manage cluster resource group.

default value: 1
--enable-msi-auth-for-monitoring

Enable Managed Identity Auth for Monitoring addon.

accepted values: false, true
--enable-node-public-ip

Enable VMSS node public IP.

--enable-private-cluster

Enable private cluster.

--enable-rbac -r

Enable Kubernetes Role-Based Access Control. Default: enabled.

--enable-secret-rotation

Enable secret rotation. Use with azure-keyvault-secrets-provider addon.

--enable-sgxquotehelper

Enable SGX quote helper for confcom addon.

--enable-ultra-ssd

Enable UltraSSD, default value is false.

--enable-windows-gmsa

Enable Windows gmsa.

--fqdn-subdomain

Prefix for FQDN that is created for private cluster with custom private dns zone scenario.

--generate-ssh-keys

Generate SSH public and private key files if missing. The keys will be stored in the ~/.ssh directory.

--gmsa-dns-server

Specify DNS server for Windows gmsa for this cluster.

--gmsa-root-domain-name

Specify root domain name for Windows gmsa for this cluster.

--kubelet-config

Path to JSON file containing Kubelet configurations for agent nodes. https://aka.ms/aks/custom-node-config.

--kubernetes-version -k

Version of Kubernetes to use for creating the cluster, such as "1.16.9".

value from: `az aks get-versions`
--linux-os-config

Path to JSON file containing OS configurations for Linux agent nodes. https://aka.ms/aks/custom-node-config.

--load-balancer-idle-timeout

Load balancer idle timeout in minutes.

--load-balancer-managed-outbound-ip-count

Load balancer managed outbound IP count.

--load-balancer-outbound-ip-prefixes

Load balancer outbound IP prefix resource IDs.

--load-balancer-outbound-ips

Load balancer outbound IP resource IDs.

--load-balancer-outbound-ports

Load balancer outbound allocated ports.

--load-balancer-sku

Azure Load Balancer SKU selection for your cluster. basic or standard.

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--max-count

Maximum nodes count used for autoscaler, when "--enable-cluster-autoscaler" specified. Please specify the value in the range of [1, 1000].

--max-pods -m

The maximum number of pods deployable to a node.

--min-count

Minimum nodes count used for autoscaler, when "--enable-cluster-autoscaler" specified. Please specify the value in the range of [1, 1000].

--nat-gateway-idle-timeout

NAT gateway idle timeout in minutes.

--nat-gateway-managed-outbound-ip-count

NAT gateway managed outbound IP count.

--network-plugin

The Kubernetes network plugin to use.

accepted values: azure, kubenet
--network-policy

The Kubernetes network policy to use.

--no-ssh-key -x

Do not use or create a local SSH key.

--no-wait

Do not wait for the long-running operation to finish.

--node-count -c

Number of nodes in the Kubernetes node pool. After creating a cluster, you can change the size of its node pool with az aks scale.

default value: 3
--node-osdisk-diskencryptionset-id -d

ResourceId of the disk encryption set to use for enabling encryption at rest on agent node os disk.

--node-osdisk-size

Size in GB of the OS disk for each node in the node pool. Minimum 30 GB.

--node-osdisk-type

OS disk type to be used for machines in a given agent pool: Ephemeral or Managed. Defaults to 'Ephemeral' when possible in conjunction with VM size and OS disk size. May not be changed for this pool after creation.

accepted values: Ephemeral, Managed
--node-public-ip-prefix-id

Public IP prefix ID used to assign public IPs to VMSS nodes.

--node-vm-size -s

Size of Virtual Machines to create as Kubernetes nodes.

--nodepool-labels

Space-separated labels: key[=value] [key[=value] ...]. See https://aka.ms/node-labels for syntax of labels.

--nodepool-name

Node pool name, up to 12 alphanumeric characters.

default value: nodepool1
--nodepool-tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--os-sku

The OS SKU of the agent node pool. Ubuntu or CBLMariner.

accepted values: CBLMariner, Ubuntu
--outbound-type

How outbound traffic will be configured for a cluster.

accepted values: loadBalancer, managedNATGateway, userAssignedNATGateway, userDefinedRouting
--pod-cidr

A CIDR notation IP range from which to assign pod IPs when kubenet is used.

--pod-subnet-id

The ID of a subnet in an existing VNet into which to assign pods in the cluster (requires azure network-plugin).

--ppg

The ID of a PPG.

--private-dns-zone

Private dns zone mode for private cluster.

--rotation-poll-interval

Set interval of rotation poll. Use with azure-keyvault-secrets-provider addon.

--service-cidr

A CIDR notation IP range from which to assign service cluster IPs.

--service-principal

Service principal used for authentication to Azure APIs.

--skip-subnet-role-assignment

Skip role assignment for subnet (advanced networking).

--snapshot-id

The source snapshot id used to create this cluster.

--ssh-key-value

Public key path or key contents to install on node VMs for SSH access. For example, 'ssh-rsa AAAAB...snip...UcyupgH azureuser@linuxvm'.

default value: ~\.ssh\id_rsa.pub
--tags

The tags of the managed cluster. The managed cluster instance and all resources managed by the cloud provider will be tagged.

--uptime-sla

Enable a paid managed cluster service with a financially backed SLA.

--vm-set-type

Agent pool vm set type. VirtualMachineScaleSets or AvailabilitySet.

--vnet-subnet-id

The ID of a subnet in an existing VNet into which to deploy the cluster.

--windows-admin-password

User account password to use on windows node VMs.

--windows-admin-username

User account to create on windows node VMs.

--workspace-resource-id

The resource ID of an existing Log Analytics Workspace to use for storing monitoring data. If not specified, uses the default Log Analytics Workspace if it exists, otherwise creates one.

--yes -y

Do not prompt for confirmation.

--zones -z

Availability zones where agent nodes will be placed.

accepted values: 1, 2, 3

az aks delete

Edit

Delete a managed Kubernetes cluster.

az aks delete --name
              --resource-group
              [--no-wait]
              [--yes]

Examples

Delete a managed Kubernetes cluster. (autogenerated)

az aks delete --name MyManagedCluster --resource-group MyResourceGroup

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

--yes -y

Do not prompt for confirmation.

az aks disable-addons

Edit

Disable Kubernetes addons.

az aks disable-addons --addons
                      --name
                      --resource-group
                      [--no-wait]

Examples

Disable Kubernetes addons. (autogenerated)

az aks disable-addons --addons virtual-node --name MyManagedCluster --resource-group MyResourceGroup

Required Parameters

--addons -a

Disable the Kubernetes addons in a comma-separated list.

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

az aks enable-addons

Edit

Enable Kubernetes addons.

These addons are available: - http_application_routing : configure ingress with automatic public DNS name creation. - monitoring : turn on Log Analytics monitoring. Requires "--workspace-resource-id". Requires "--enable_msi_auth_for_monitoring" for managed identity auth. If monitoring addon is enabled --no-wait argument will have no effect - virtual-node : enable AKS Virtual Node. Requires --subnet-name to provide the name of an existing subnet for the Virtual Node to use. - azure-policy : enable Azure policy. The Azure Policy add-on for AKS enables at-scale enforcements and safeguards on your clusters in a centralized, consistent manner. Learn more at aka.ms/aks/policy. - ingress-appgw : enable Application Gateway Ingress Controller addon. - open-service-mesh : enable Open Service Mesh addon. - azure-keyvault-secrets-provider : enable Azure Keyvault Secrets Provider addon.

az aks enable-addons --addons
                     --name
                     --resource-group
                     [--appgw-id]
                     [--appgw-name]
                     [--appgw-subnet-cidr]
                     [--appgw-subnet-id]
                     [--appgw-watch-namespace]
                     [--enable-msi-auth-for-monitoring]
                     [--enable-secret-rotation]
                     [--enable-sgxquotehelper]
                     [--no-wait]
                     [--rotation-poll-interval]
                     [--subnet-name]
                     [--workspace-resource-id]

Examples

Enable Kubernetes addons. (autogenerated)

az aks enable-addons --addons virtual-node --name MyManagedCluster --resource-group MyResourceGroup --subnet MySubnetName

Enable ingress-appgw addon with subnet prefix.

az aks enable-addons --name MyManagedCluster --resource-group MyResourceGroup --addons ingress-appgw --appgw-subnet-cidr 10.2.0.0/16 --appgw-name gateway

Enable open-service-mesh addon.

az aks enable-addons --name MyManagedCluster --resource-group MyResourceGroup --addons open-service-mesh

Required Parameters

--addons -a

Enable the Kubernetes addons in a comma-separated list.

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--appgw-id

Resource Id of an existing Application Gateway to use with AGIC. Use with ingress-azure addon.

--appgw-name

Name of the application gateway to create/use in the node resource group. Use with ingress-azure addon.

--appgw-subnet-cidr

Subnet CIDR to use for a new subnet created to deploy the Application Gateway. Use with ingress-azure addon.

--appgw-subnet-id

Resource Id of an existing Subnet used to deploy the Application Gateway. Use with ingress-azure addon.

--appgw-watch-namespace

Specify the namespace, which AGIC should watch. This could be a single string value, or a comma-separated list of namespaces.

--enable-msi-auth-for-monitoring

Enable Managed Identity Auth for Monitoring addon.

--enable-secret-rotation

Enable secret rotation. Use with azure-keyvault-secrets-provider addon.

--enable-sgxquotehelper

Enable SGX quote helper for confcom addon.

--no-wait

Do not wait for the long-running operation to finish.

--rotation-poll-interval

Set interval of rotation poll. Use with azure-keyvault-secrets-provider addon.

--subnet-name -s

Name of an existing subnet to use with the virtual-node add-on.

--workspace-resource-id

The resource ID of an existing Log Analytics Workspace to use for storing monitoring data.

az aks get-credentials

Edit

Get access credentials for a managed Kubernetes cluster.

By default, the credentials are merged into the .kube/config file so kubectl can use them. See -f parameter for details.

az aks get-credentials --name
                       --resource-group
                       [--admin]
                       [--context]
                       [--file]
                       [--format]
                       [--overwrite-existing]
                       [--public-fqdn]

Examples

Get access credentials for a managed Kubernetes cluster. (autogenerated)

az aks get-credentials --name MyManagedCluster --resource-group MyResourceGroup

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--admin -a

Get cluster administrator credentials. Default: cluster user credentials.

--context

If specified, overwrite the default context name. The --admin parameter takes precedence over --context.

--file -f

Kubernetes configuration file to update. Use "-" to print YAML to stdout instead.

default value: ~/.kube/config
--format

Specify the format of the returned credential. Available values are ["exec", "azure"]. Only take effect when requesting clusterUser credential of AAD clusters.

--overwrite-existing

Overwrite any existing cluster entry with the same name.

--public-fqdn

Get private cluster credential with server address to be public fqdn.

az aks get-os-options

Get the OS options available for creating a managed Kubernetes cluster.

az aks get-os-options --location

Examples

Get the OS options available for creating a managed Kubernetes cluster

az aks get-os-options --location westus2

Required Parameters

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

az aks get-upgrades

Edit

Get the upgrade versions available for a managed Kubernetes cluster.

az aks get-upgrades --name
                    --resource-group

Examples

Get the upgrade versions available for a managed Kubernetes cluster

az aks get-upgrades --name MyManagedCluster --resource-group MyResourceGroup

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az aks get-versions

Edit

Get the versions available for creating a managed Kubernetes cluster.

az aks get-versions --location

Examples

Get the versions available for creating a managed Kubernetes cluster

az aks get-versions --location westus2

Required Parameters

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

az aks install-cli

Edit

Download and install kubectl, the Kubernetes command-line tool. Download and install kubelogin, a client-go credential (exec) plugin implementing azure authentication.

az aks install-cli [--base-src-url]
                   [--client-version]
                   [--install-location]
                   [--kubelogin-base-src-url]
                   [--kubelogin-install-location]
                   [--kubelogin-version]

Optional Parameters

--base-src-url

Base download source URL for kubectl releases.

--client-version

Version of kubectl to install.

default value: latest
--install-location

Path at which to install kubectl.

default value: ~/.azure-kubectl/kubectl.exe
--kubelogin-base-src-url -l

Base download source URL for kubelogin releases.

--kubelogin-install-location

Path at which to install kubelogin.

default value: ~/.azure-kubelogin/kubelogin.exe
--kubelogin-version

Version of kubelogin to install.

default value: latest

az aks kanalyze

Display diagnostic results for the Kubernetes cluster after kollect is done.

az aks kanalyze --name
                --resource-group

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az aks kollect

Collecting diagnostic information for the Kubernetes cluster.

Collect diagnostic information for the Kubernetes cluster and store it in the specified storage account. You can provide the storage account in three ways: storage account name and a shared access signature with write permission. resource Id to a storage account you own. the storagea account in diagnostics settings for your managed cluster.

az aks kollect --name
               --resource-group
               [--container-logs]
               [--kube-objects]
               [--node-logs]
               [--sas-token]
               [--storage-account]

Examples

using storage account name and a shared access signature token with write permission

az aks kollect -g MyResourceGroup -n MyManagedCluster --storage-account MyStorageAccount --sas-token "MySasToken"

using the resource id of a storagea account resource you own.

az aks kollect -g MyResourceGroup -n MyManagedCluster --storage-account "MyStoreageAccountResourceId"

using the storagea account in diagnostics settings for your managed cluster.

az aks kollect -g MyResourceGroup -n MyManagedCluster

customize the container logs to collect.

az aks kollect -g MyResourceGroup -n MyManagedCluster --container-logs "mynamespace1/mypod1 myns2"

customize the kubernetes objects to collect.

az aks kollect -g MyResourceGroup -n MyManagedCluster --kube-objects "mynamespace1/service myns2/deployment/deployment1"

customize the node log files to collect.

az aks kollect -g MyResourceGroup -n MyManagedCluster --node-logs "/var/log/azure-vnet.log /var/log/azure-vnet-ipam.log"

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--container-logs

The list of container logs to collect.

--kube-objects

The list of kubernetes objects to describe.

--node-logs

The list of node logs to collect. For example, /var/log/cloud-init.log.

--sas-token

The SAS token with writable permission for the storage account.

--storage-account

Name or ID of the storage account to save the diagnostic information.

az aks list

Edit

List managed Kubernetes clusters.

az aks list [--resource-group]

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az aks remove-dev-spaces

Edit

Remove Azure Dev Spaces from a managed Kubernetes cluster.

az aks remove-dev-spaces --name
                         --resource-group
                         [--yes]

Examples

Remove Azure Dev Spaces from a managed Kubernetes cluster.

az aks remove-dev-spaces -g my-aks-group -n my-aks

Remove Azure Dev Spaces from a managed Kubernetes cluster without prompting.

az aks remove-dev-spaces -g my-aks-group -n my-aks --yes

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--yes -y

Do not prompt for confirmation.

az aks rotate-certs

Edit

Rotate certificates and keys on a managed Kubernetes cluster.

Kubernetes will be unavailable during cluster certificate rotation.

az aks rotate-certs --name
                    --resource-group
                    [--no-wait]
                    [--yes]

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

--yes -y

Do not prompt for confirmation.

az aks scale

Edit

Scale the node pool in a managed Kubernetes cluster.

az aks scale --name
             --node-count
             --resource-group
             [--no-wait]
             [--nodepool-name]

Examples

Scale the node pool in a managed Kubernetes cluster. (autogenerated)

az aks scale --name MyManagedCluster --node-count 3 --resource-group MyResourceGroup

Required Parameters

--name -n

Name of the managed cluster.

--node-count -c

Number of nodes in the Kubernetes node pool.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

--nodepool-name

Node pool name, up to 12 alphanumeric characters.

az aks show

Edit

Show the details for a managed Kubernetes cluster.

az aks show --name
            --resource-group

Examples

Show the details for a managed Kubernetes cluster

az aks show --name MyManagedCluster --resource-group MyResourceGroup

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az aks start

Edit

Starts a previously stopped Managed Cluster.

See starting a cluster for more details about starting a cluster.

az aks start --name
             --resource-group
             [--no-wait]

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

az aks stop

Edit

Stops a Managed Cluster.

This can only be performed on Azure Virtual Machine Scale set backed clusters. Stopping a cluster stops the control plane and agent nodes entirely, while maintaining all object and cluster state. A cluster does not accrue charges while it is stopped. See stopping a cluster for more details about stopping a cluster.

az aks stop --name
            --resource-group
            [--no-wait]

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

az aks update

Edit

Update a managed Kubernetes cluster.

az aks update --name
              --resource-group
              [--aad-admin-group-object-ids]
              [--aad-tenant-id]
              [--aks-custom-headers]
              [--api-server-authorized-ip-ranges]
              [--assign-identity]
              [--attach-acr]
              [--auto-upgrade-channel {node-image, none, patch, rapid, stable}]
              [--ca-profile]
              [--detach-acr]
              [--disable-ahub]
              [--disable-azure-rbac]
              [--disable-cluster-autoscaler]
              [--disable-local-accounts]
              [--disable-public-fqdn]
              [--disable-secret-rotation]
              [--enable-aad]
              [--enable-ahub]
              [--enable-azure-rbac]
              [--enable-cluster-autoscaler]
              [--enable-local-accounts]
              [--enable-managed-identity]
              [--enable-public-fqdn]
              [--enable-secret-rotation]
              [--enable-windows-gmsa]
              [--gmsa-dns-server]
              [--gmsa-root-domain-name]
              [--load-balancer-idle-timeout]
              [--load-balancer-managed-outbound-ip-count]
              [--load-balancer-outbound-ip-prefixes]
              [--load-balancer-outbound-ips]
              [--load-balancer-outbound-ports]
              [--max-count]
              [--min-count]
              [--nat-gateway-idle-timeout]
              [--nat-gateway-managed-outbound-ip-count]
              [--no-uptime-sla]
              [--no-wait]
              [--nodepool-labels]
              [--rotation-poll-interval]
              [--tags]
              [--update-cluster-autoscaler]
              [--uptime-sla]
              [--windows-admin-password]
              [--yes]

Examples

Update a kubernetes cluster with standard SKU load balancer to use two AKS created IPs for the load balancer outbound connection usage.

az aks update -g MyResourceGroup -n MyManagedCluster --load-balancer-managed-outbound-ip-count 2

Update a kubernetes cluster with standard SKU load balancer to use the provided public IPs for the load balancer outbound connection usage.

az aks update -g MyResourceGroup -n MyManagedCluster --load-balancer-outbound-ips <ip-resource-id-1,ip-resource-id-2>

Create a kubernetes cluster with a standard SKU load balancer, with two outbound AKS managed IPs an idle flow timeout of 5 minutes and 8000 allocated ports per machine

az aks update -g MyResourceGroup -n MyManagedCluster --load-balancer-managed-outbound-ip-count 2 --load-balancer-idle-timeout 5 --load-balancer-outbound-ports 8000

Update a kubernetes cluster with standard SKU load balancer to use the provided public IP prefixes for the load balancer outbound connection usage.

az aks update -g MyResourceGroup -n MyManagedCluster --load-balancer-outbound-ip-prefixes <ip-prefix-resource-id-1,ip-prefix-resource-id-2>

Update a kubernetes cluster of managedNATGateway outbound type with two outbound AKS managed IPs an idle flow timeout of 4 minutes

az aks update -g MyResourceGroup -n MyManagedCluster --nat-gateway-managed-outbound-ip-count 2 --nat-gateway-idle-timeout 4

Attach AKS cluster to ACR by name "acrName"

az aks update -g MyResourceGroup -n MyManagedCluster --attach-acr acrName

Update a kubernetes cluster with authorized apiserver ip ranges.

az aks update -g MyResourceGroup -n MyManagedCluster --api-server-authorized-ip-ranges 193.168.1.0/24,194.168.1.0/24

Disable authorized apiserver ip ranges feature for a kubernetes cluster.

az aks update -g MyResourceGroup -n MyManagedCluster --api-server-authorized-ip-ranges ""

Restrict apiserver traffic in a kubernetes cluster to agentpool nodes.

az aks update -g MyResourceGroup -n MyManagedCluster --api-server-authorized-ip-ranges 0.0.0.0/32

Update a AKS-managed AAD cluster with tenant ID or admin group object IDs.

az aks update -g MyResourceGroup -n MyManagedCluster --aad-admin-group-object-ids <id-1,id-2> --aad-tenant-id <id>

Migrate a AKS AAD-Integrated cluster or a non-AAD cluster to a AKS-managed AAD cluster.

az aks update -g MyResourceGroup -n MyManagedCluster --enable-aad --aad-admin-group-object-ids <id-1,id-2> --aad-tenant-id <id>

Enable Azure Hybrid User Benefits featture for a kubernetes cluster.

az aks update -g MyResourceGroup -n MyManagedCluster --enable-ahub

Disable Azure Hybrid User Benefits featture for a kubernetes cluster.

az aks update -g MyResourceGroup -n MyManagedCluster --disable-ahub

Update Windows password of a kubernetes cluster

az aks update -g MyResourceGroup -n MyManagedCLuster --windows-admin-password "Repl@cePassw0rd12345678"

Update the cluster to use system assigned managed identity in control plane.

az aks update -g MyResourceGroup -n MyManagedCluster --enable-managed-identity

Update the cluster to use user assigned managed identity in control plane.

az aks update -g MyResourceGroup -n MyManagedCluster --enable-managed-identity --assign-identity <user_assigned_identity_resource_id>

Update a non managed AAD AKS cluster to use Azure RBAC

az aks update -g MyResourceGroup -n MyManagedCluster --enable-aad --enable-azure-rbac

Update a managed AAD AKS cluster to use Azure RBAC

az aks update -g MyResourceGroup -n MyManagedCluster --enable-azure-rbac

Disable Azure RBAC in a managed AAD AKS cluster

az aks update -g MyResourceGroup -n MyManagedCluster --disable-azure-rbac

Update the tags of a kubernetes cluster

az aks update -g MyResourceGroup -n MyManagedCLuster --tags "foo=bar" "baz=qux"

Update a kubernetes cluster with custom headers

az aks update -g MyResourceGroup -n MyManagedCluster --aks-custom-headers WindowsContainerRuntime=containerd,AKSHTTPCustomFeatures=Microsoft.ContainerService/CustomNodeConfigPreview

Enable Windows gmsa for a kubernetes cluster with setting DNS server in the vnet used by the cluster.

az aks update -g MyResourceGroup -n MyManagedCluster --enable-windows-gmsa

Enable Windows gmsa for a kubernetes cluster without setting DNS server in the vnet used by the cluster.

az aks update -g MyResourceGroup -n MyManagedCluster --enable-windows-gmsa --gmsa-dns-server "10.240.0.4" --gmsa-root-domain-name "contoso.com"

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--aad-admin-group-object-ids

Comma seperated list of aad group object IDs that will be set as cluster admin.

--aad-tenant-id

The ID of an Azure Active Directory tenant.

--aks-custom-headers

Comma-separated key-value pairs to specify custom headers.

--api-server-authorized-ip-ranges

Comma seperated list of authorized apiserver IP ranges. Set to "" to allow all traffic on a previously restricted cluster. Set to 0.0.0.0/32 to restrict apiserver traffic to node pools.

--assign-identity

Specify an existing user assigned identity to manage cluster resource group.

--attach-acr

Grant the 'acrpull' role assignment to the ACR specified by name or resource ID.

--auto-upgrade-channel

Specify the upgrade channel for autoupgrade.

accepted values: node-image, none, patch, rapid, stable
--ca-profile --cluster-autoscaler-profile

Space-separated list of key=value pairs for configuring cluster autoscaler. Pass an empty string to clear the profile.

--detach-acr

Disable the 'acrpull' role assignment to the ACR specified by name or resource ID.

--disable-ahub

Disable Azure Hybrid User Benefits (AHUB) feature for cluster.

--disable-azure-rbac

Disable Azure RBAC to control authorization checks on cluster.

--disable-cluster-autoscaler -d

Disable cluster autoscaler.

--disable-local-accounts

If set to true, getting static credential will be disabled for this cluster.

--disable-public-fqdn

Disable public fqdn feature for private cluster.

--disable-secret-rotation

Disable secret rotation. Use with azure-keyvault-secrets-provider addon.

--enable-aad

Enable managed AAD feature for cluster.

--enable-ahub

Enable Azure Hybrid User Benefits (AHUB) feature for cluster.

--enable-azure-rbac

Enable Azure RBAC to control authorization checks on cluster.

--enable-cluster-autoscaler -e

Enable cluster autoscaler.

--enable-local-accounts

If set to true, will enable getting static credential for this cluster.

--enable-managed-identity

Update current cluster to use managed identity to manage cluster resource group.

--enable-public-fqdn

Enable public fqdn feature for private cluster.

--enable-secret-rotation

Enable secret rotation. Use with azure-keyvault-secrets-provider addon.

--enable-windows-gmsa

Enable Windows gmsa on cluster.

--gmsa-dns-server

Specify DNS server for Windows gmsa on cluster.

--gmsa-root-domain-name

Specify root domain name for Windows gmsa on cluster.

--load-balancer-idle-timeout

Load balancer idle timeout in minutes.

--load-balancer-managed-outbound-ip-count

Load balancer managed outbound IP count.

--load-balancer-outbound-ip-prefixes

Load balancer outbound IP prefix resource IDs.

--load-balancer-outbound-ips

Load balancer outbound IP resource IDs.

--load-balancer-outbound-ports

Load balancer outbound allocated ports.

--max-count

Maximum nodes count used for autoscaler, when "--enable-cluster-autoscaler" specified. Please specify the value in the range of [1, 1000].

--min-count

Minimum nodes count used for autoscaler, when "--enable-cluster-autoscaler" specified. Please specify the value in the range of [1, 1000].

--nat-gateway-idle-timeout

NAT gateway idle timeout in minutes.

--nat-gateway-managed-outbound-ip-count

NAT gateway managed outbound IP count.

--no-uptime-sla

Change a paid managed cluster to a free one.

--no-wait

Do not wait for the long-running operation to finish.

--nodepool-labels

Space-separated labels: key[=value] [key[=value] ...]. See https://aka.ms/node-labels for syntax of labels.

--rotation-poll-interval

Set interval of rotation poll. Use with azure-keyvault-secrets-provider addon.

--tags

The tags of the managed cluster. The managed cluster instance and all resources managed by the cloud provider will be tagged.

--update-cluster-autoscaler -u

Update min-count or max-count for cluster autoscaler.

--uptime-sla

Enable a paid managed cluster service with a financially backed SLA.

--windows-admin-password

User account password to use on windows node VMs.

--yes -y

Do not prompt for confirmation.

az aks update-credentials

Edit

Update credentials for a managed Kubernetes cluster, like service principal.

az aks update-credentials --name
                          --resource-group
                          [--aad-client-app-id]
                          [--aad-server-app-id]
                          [--aad-server-app-secret]
                          [--aad-tenant-id]
                          [--client-secret]
                          [--no-wait]
                          [--reset-aad]
                          [--reset-service-principal]
                          [--service-principal]

Examples

Update an existing Kubernetes cluster with new service principal.

az aks update-credentials -g MyResourceGroup -n MyManagedCluster --reset-service-principal --service-principal MyNewServicePrincipalID --client-secret MyNewServicePrincipalSecret

Update an existing Azure Active Directory Kubernetes cluster with new server app secret key.

az aks update-credentials -g MyResourceGroup -n MyManagedCluster --reset-aad --aad-server-app-id MyExistingAADServerAppID --aad-server-app-secret MyNewAADServerAppSecret --aad-client-app-id MyExistingAADClientAppID --aad-tenant-id MyAADTenantID

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--aad-client-app-id

The ID of an Azure Active Directory client application. This argument is required if --reset-aad is specified.

--aad-server-app-id

The ID of an Azure Active Directory server application. This argument is required if --reset-aad is specified.

--aad-server-app-secret

The secret of an Azure Active Directory server application. This argument is required if --reset-aad is specified.

--aad-tenant-id

Tenant ID associated with Azure Active Directory.

--client-secret

Secret associated with the service principal. This argument is required if --service-principal is specified.

--no-wait

Do not wait for the long-running operation to finish.

--reset-aad

Reset Azure Active Directory configuration for a managed cluster.

--reset-service-principal

Reset service principal for a managed cluster.

--service-principal

Service principal used for authentication to Azure APIs. This argument is required if --reset-service-principal is specified.

az aks upgrade

Edit

Upgrade a managed Kubernetes cluster to a newer version.

Kubernetes will be unavailable during cluster upgrades.

az aks upgrade --name
               --resource-group
               [--control-plane-only]
               [--kubernetes-version]
               [--no-wait]
               [--node-image-only]
               [--yes]

Examples

Upgrade a managed Kubernetes cluster to a newer version. (autogenerated)

az aks upgrade --kubernetes-version 1.12.6 --name MyManagedCluster --resource-group MyResourceGroup

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--control-plane-only

Upgrade the cluster control plane only. If not specified, both control plane AND all node pools will be upgraded.

--kubernetes-version -k

Version of Kubernetes to upgrade the cluster to, such as "1.16.9".

value from: `az aks get-upgrades`
--no-wait

Do not wait for the long-running operation to finish.

--node-image-only

Only upgrade node image for agent pools.

--yes -y

Do not prompt for confirmation.

az aks use-dev-spaces

Edit

Use Azure Dev Spaces with a managed Kubernetes cluster.

az aks use-dev-spaces --name
                      --resource-group
                      [--endpoint {None, Private, Public}]
                      [--space]
                      [--update]
                      [--yes]

Examples

Use Azure Dev Spaces with a managed Kubernetes cluster, interactively selecting a dev space.

az aks use-dev-spaces -g my-aks-group -n my-aks

Use Azure Dev Spaces with a managed Kubernetes cluster, updating to the latest Azure Dev Spaces client components and selecting a new or existing dev space 'my-space'.

az aks use-dev-spaces -g my-aks-group -n my-aks --update --space my-space

Use Azure Dev Spaces with a managed Kubernetes cluster, selecting a new or existing dev space 'develop/my-space' without prompting for confirmation.

az aks use-dev-spaces -g my-aks-group -n my-aks -s develop/my-space -y

Use Azure Dev Spaces with a managed Kubernetes cluster with a private endpoint.

az aks use-dev-spaces -g my-aks-group -n my-aks -e private

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--endpoint -e

The endpoint type to be used for a Azure Dev Spaces controller. See https://aka.ms/azds-networking for more information.

accepted values: None, Private, Public
default value: Public
--space -s

Name of the new or existing dev space to select. Defaults to an interactive selection experience.

--update

Update to the latest Azure Dev Spaces client components.

--yes -y

Do not prompt for confirmation. Requires --space.

az aks wait

Edit

Wait for a managed Kubernetes cluster to reach a desired state.

If an operation on a cluster was interrupted or was started with --no-wait, use this command to wait for it to complete.

az aks wait --name
            --resource-group
            [--created]
            [--custom]
            [--deleted]
            [--exists]
            [--interval]
            [--timeout]
            [--updated]

Examples

Wait for a cluster to be upgraded, polling every minute for up to thirty minutes.

az aks wait -g MyResourceGroup -n MyManagedCluster --updated --interval 60 --timeout 1800

Wait for a managed Kubernetes cluster to reach a desired state (autogenerated)

az aks wait --created --interval 60 --name MyManagedCluster --resource-group MyResourceGroup --timeout 1800

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

--exists

Wait until the resource exists.

--interval

Polling interval in seconds.

default value: 30
--timeout

Maximum wait in seconds.

default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.