Access Kubernetes resources from the Azure portal
The Azure portal includes a Kubernetes resource view for easy access to the Kubernetes resources in your Azure Kubernetes Service (AKS) cluster. Viewing Kubernetes resources from the Azure portal reduces context switching between the Azure portal and the
kubectl command-line tool, streamlining the experience for viewing and editing your Kubernetes resources. The resource viewer currently includes multiple resource types, such as deployments, pods, and replica sets.
The Kubernetes resource view from the Azure portal replaces the AKS dashboard add-on, which is deprecated.
To view Kubernetes resources in the Azure portal, you need an AKS cluster. Any cluster is supported, but if using Azure Active Directory (Azure AD) integration, your cluster must use AKS-managed Azure AD integration. If your cluster uses legacy Azure AD, you can upgrade your cluster in the portal or with the Azure CLI. You can also use the Azure portal to create a new AKS cluster.
View Kubernetes resources
To see the Kubernetes resources, navigate to your AKS cluster in the Azure portal. The navigation pane on the left is used to access your resources. The resources include:
- Namespaces displays the namespaces of your cluster. The filter at the top of the namespace list provides a quick way to filter and display your namespace resources.
- Workloads shows information about deployments, pods, replica sets, stateful sets, daemon sets, jobs, and cron jobs deployed to your cluster. The screenshot below shows the default system pods in an example AKS cluster.
- Services and ingresses shows all of your cluster's service and ingress resources.
- Storage shows your Azure storage classes and persistent volume information.
- Configuration shows your cluster's config maps and secrets.
Deploy an application
In this example, we'll use our sample AKS cluster to deploy the Azure Vote application from the AKS quickstart.
- Select Add from any of the resource views (Namespace, Workloads, Services and ingresses, Storage, or Configuration).
- Paste the YAML for the Azure Vote application from the AKS quickstart.
- Select Add at the bottom of the YAML editor to deploy the application.
Once the YAML file is added, the resource viewer shows both Kubernetes services that were created: the internal service (azure-vote-back), and the external service (azure-vote-front) to access the Azure Vote application. The external service includes a linked external IP address so you can easily view the application in your browser.
Monitor deployment insights
AKS clusters with Azure Monitor for containers enabled can quickly view deployment and other insights. From the Kubernetes resources view, users can see the live status of individual deployments, including CPU and memory usage, as well as transition to Azure monitor for more in-depth information about specific nodes and containers. Here's an example of deployment insights from a sample AKS cluster:
The Kubernetes resource view also includes a YAML editor. A built-in YAML editor means you can update or create services and deployments from within the portal and apply changes immediately.
After editing the YAML, changes are applied by selecting Review + save, confirming the changes, and then saving again.
Performing direct production changes via UI or CLI is not recommended, you should leverage continuous integration (CI) and continuous deployment (CD) best practices. The Azure Portal Kubernetes management capabilities and the YAML editor are built for learning and flighting new deployments in a development and testing setting.
This section addresses common problems and troubleshooting steps.
To access the Kubernetes resources, you must have access to the AKS cluster, the Kubernetes API, and the Kubernetes objects. Ensure that you're either a cluster administrator or a user with the appropriate permissions to access the AKS cluster. For more information on cluster security, see Access and identity options for AKS.
The kubernetes resource view in the Azure Portal is only supported by managed-AAD enabled clusters or non-AAD enabled clusters. If you are using a managed-AAD enabled cluster, your AAD user or identity needs to have the respective roles/role bindings to access the kubernetes API, in addition to the permission to pull the user
Enable resource view
For existing clusters, you may need to enable the Kubernetes resource view. To enable the resource view, follow the prompts in the portal for your cluster.
The AKS feature for API server authorized IP ranges can be added to limit API server access to only the firewall's public endpoint. Another option for such clusters is updating
--api-server-authorized-ip-ranges to include access for a local client computer or IP address range (from which portal is being browsed). To allow this access, you need the computer's public IPv4 address. You can find this address with below command or by searching "what is my IP address" in an internet browser.
# Retrieve your IP address CURRENT_IP=$(dig @resolver1.opendns.com ANY myip.opendns.com +short) # Add to AKS approved list az aks update -g $RG -n $AKSNAME --api-server-authorized-ip-ranges $CURRENT_IP/32
This article showed you how to access Kubernetes resources for your AKS cluster. See Deployments and YAML manifests for a deeper understanding of cluster resources and the YAML files that are accessed with the Kubernetes resource viewer.