az aks

Manage Azure Kubernetes Services.

Commands

az aks browse Show the dashboard for a Kubernetes cluster in a web browser.
az aks create Create a new managed Kubernetes cluster.
az aks delete Delete a managed Kubernetes cluster.
az aks disable-addons Disable Kubernetes addons.
az aks enable-addons Enable Kubernetes addons.
az aks get-credentials Get access credentials for a managed Kubernetes cluster.
az aks get-upgrades Get the upgrade versions available for a managed Kubernetes cluster.
az aks get-versions Get the versions available for creating a managed Kubernetes cluster.
az aks install-cli Download and install kubectl, the Kubernetes command-line tool.
az aks install-connector (PREVIEW) Install the ACI Connector on a managed Kubernetes cluster.
az aks list List managed Kubernetes clusters.
az aks remove-connector (PREVIEW) Remove the ACI Connector from a managed Kubernetes cluster.
az aks remove-dev-spaces (PREVIEW) Remove Azure Dev Spaces from a managed Kubernetes cluster.
az aks scale Scale the node pool in a managed Kubernetes cluster.
az aks show Show the details for a managed Kubernetes cluster.
az aks upgrade Upgrade a managed Kubernetes cluster to a newer version.
az aks upgrade-connector (PREVIEW) Upgrade the ACI Connector on a managed Kubernetes cluster.
az aks use-dev-spaces (PREVIEW) Use Azure Dev Spaces with a managed Kubernetes cluster.
az aks wait Wait for a managed Kubernetes cluster to reach a desired state.

az aks browse

Show the dashboard for a Kubernetes cluster in a web browser.

az aks browse --name
--resource-group
[--disable-browser]
[--listen-port]

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--disable-browser

Don't launch a web browser after establishing port-forwarding.

--listen-port

The listening port for the dashboard.

default value: 8001

az aks create

Create a new managed Kubernetes cluster.

az aks create --name
--resource-group
[--aad-client-app-id]
[--aad-server-app-id]
[--aad-server-app-secret]
[--aad-tenant-id]
[--admin-username]
[--client-secret]
[--disable-rbac]
[--dns-name-prefix]
[--dns-service-ip]
[--docker-bridge-address]
[--enable-addons]
[--enable-rbac]
[--generate-ssh-keys]
[--kubernetes-version]
[--location]
[--max-pods]
[--network-plugin]
[--no-ssh-key]
[--no-wait]
[--node-count]
[--node-osdisk-size]
[--node-vm-size]
[--pod-cidr]
[--service-cidr]
[--service-principal]
[--skip-subnet-role-assignment]
[--ssh-key-value]
[--tags]
[--vnet-subnet-id]
[--workspace-resource-id]

Examples

Create a Kubernetes cluster with an existing SSH public key.

az aks create -g MyResourceGroup -n MyManagedCluster --ssh-key-value /path/to/publickey

Create a Kubernetes cluster with a specific version.

az aks create -g MyResourceGroup -n MyManagedCluster --kubernetes-version 1.8.7

Create a Kubernetes cluster with a larger node pool.

az aks create -g MyResourceGroup -n MyManagedCluster --node-count 7

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--aad-client-app-id

(PREVIEW) The ID of an Azure Active Directory client application of type "Native". This application is for user login via kubectl.

--aad-server-app-id

(PREVIEW) The ID of an Azure Active Directory server application of type "Web app/API". This application represents the managed cluster's apiserver (Server application).

--aad-server-app-secret

(PREVIEW) The secret of an Azure Active Directory server application.

--aad-tenant-id

(PREVIEW) The ID of an Azure Active Directory tenant.

--admin-username -u

User account to create on node VMs for SSH access.

default value: azureuser
--client-secret

Secret associated with the service principal. This argument is required if --service-principal is specified.

--disable-rbac

Disable Kubernetes Role-Based Access Control.

--dns-name-prefix -p

Prefix for hostnames that are created. If not specified, generate a hostname using the managed cluster and resource group names.

--dns-service-ip

An IP address assigned to the Kubernetes DNS service.

--docker-bridge-address

An IP address and netmask assigned to the Docker bridge.

--enable-addons -a

Enable the Kubernetes addons in a comma-separated list.

--enable-rbac -r

Enable Kubernetes Role-Based Access Control. Default: enabled.

--generate-ssh-keys

Generate SSH public and private key files if missing.

--kubernetes-version -k

Version of Kubernetes to use for creating the cluster, such as "1.7.12" or "1.8.7".

value from: `az aks get-versions`
--location -l

Location. You can configure the default location using az configure --defaults location=<location>.

--max-pods -m

The maximum number of pods deployable to a node.

--network-plugin

The Kubernetes network plugin to use.

--no-ssh-key -x

Do not use or create a local SSH key.

--no-wait

Do not wait for the long-running operation to finish.

--node-count -c

Number of nodes in the Kubernetes node pool. After creating a cluster, you can change the size of its node pool with az aks scale.

default value: 3
--node-osdisk-size

Size in GB of the OS disk for each node in the node pool. Minimum 30 GB.

--node-vm-size -s

Size of Virtual Machines to create as Kubernetes nodes.

default value: Standard_DS2_v2
--pod-cidr

A CIDR notation IP range from which to assign pod IPs when kubenet is used.

--service-cidr

A CIDR notation IP range from which to assign service cluster IPs.

--service-principal

Service principal used for authentication to Azure APIs.

--skip-subnet-role-assignment

Skip role assignment for subnet (advanced networking).

--ssh-key-value

Public key path or key contents to install on node VMs for SSH access. For example, 'ssh-rsa AAAAB...snip...UcyupgH azureuser@linuxvm'.

default value: ~\.ssh\id_rsa.pub
--tags

Space-separated tags in 'key[=value]' format. Use "" to clear existing tags.

--vnet-subnet-id

The ID of a subnet in an existing VNet into which to deploy the cluster.

--workspace-resource-id

The resource ID of an existing Log Analytics Workspace to use for storing monitoring data. If not specified, uses the default Log Analytics Workspace if it exists, otherwise creates one.

az aks delete

Delete a managed Kubernetes cluster.

az aks delete --name
--resource-group
[--no-wait]
[--yes]

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

--yes -y

Do not prompt for confirmation.

az aks disable-addons

Disable Kubernetes addons.

az aks disable-addons --addons
--name
--resource-group
[--no-wait]

Required Parameters

--addons -a

Disable the Kubernetes addons in a comma-separated list.

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

az aks enable-addons

Enable Kubernetes addons.

az aks enable-addons --addons
--name
--resource-group
[--no-wait]
[--workspace-resource-id]

Required Parameters

--addons -a

Enable the Kubernetes addons in a comma-separated list.

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

--workspace-resource-id

The resource ID of an existing Log Analytics Workspace to use for storing monitoring data.

az aks get-credentials

Get access credentials for a managed Kubernetes cluster.

az aks get-credentials --name
--resource-group
[--admin]
[--file]

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--admin -a

Get cluster administrator credentials. Default: cluster user credentials.

--file -f

Kubernetes configuration file to update. Use "-" to print YAML to stdout instead.

default value: ~/.kube/config

az aks get-upgrades

Get the upgrade versions available for a managed Kubernetes cluster.

az aks get-upgrades --name
--resource-group

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az aks get-versions

Get the versions available for creating a managed Kubernetes cluster.

az aks get-versions --location

Required Parameters

--location -l

Location. You can configure the default location using az configure --defaults location=<location>.

az aks install-cli

Download and install kubectl, the Kubernetes command-line tool.

az aks install-cli [--client-version]
[--install-location]

Optional Parameters

--client-version
default value: latest
--install-location
default value: ~/.azure-kubectl/kubectl.exe

az aks install-connector

(PREVIEW) Install the ACI Connector on a managed Kubernetes cluster.

az aks install-connector --name
--resource-group
[--aci-resource-group]
[--chart-url]
[--client-secret]
[--connector-name]
[--image-tag]
[--location]
[--os-type {Both, Linux, Windows}]
[--service-principal]

Examples

Install the ACI Connector for Linux to a managed Kubernetes cluster.

az aks install-connector --name MyManagedCluster --resource-group MyResourceGroup

Install the ACI Connector for Windows to a managed Kubernetes cluster.

az aks install-connector --name MyManagedCluster --resource-group MyResourceGroup \
                           --connector-name aci-connector --os-type Windows

Install the ACI Connector for both Windows and Linux to a managed Kubernetes cluster.

az aks install-connector --name MyManagedCluster --resource-group MyResourceGroup \
                          --connector-name aci-connector --os-type Both

Install the ACI Connector using a specific service principal in a specific resource group.

az aks install-connector --name MyManagedCluster --resource-group MyResourceGroup \
                          --connector-name aci-connector --service-principal <SPN_ID> --client-secret <SPN_SECRET> \
                          --aci-resource-group <ACI resource group>

Install the ACI Connector from a custom Helm chart with custom tag.

az aks install-connector --name MyManagedCluster --resource-group MyResourceGroup \
                          --connector-name aci-connector --chart-url <CustomURL> --image-tag <VirtualKubeletImageTag>

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--aci-resource-group

The resource group to create the ACI container groups. Use the MC_* resource group if it is not specified.

--chart-url

URL of a Helm chart that installs ACI Connector.

default value: <a href="https://github.com/virtual-kubelet/virtual-kubelet/raw/master/charts/virtual-kubelet-for-aks-latest.tgz">https://github.com/virtual-kubelet/virtual-kubelet/raw/master/charts/virtual-kubelet-for-aks-latest.tgz</a>
--client-secret

Secret associated with the service principal. This argument is required if --service-principal is specified.

--connector-name

Name of the ACI Connector.

default value: aci-connector
--image-tag

The image tag of the virtual kubelet. Use 'latest' if it is not specified.

--location -l

The location to create the ACI container groups. Use the location of the MC_* resource group if it is not specified.

--os-type

Install support for deploying ACIs of this operating system type.

accepted values: Both, Linux, Windows
default value: Linux
--service-principal

Service principal used for authentication to Azure APIs.

az aks list

List managed Kubernetes clusters.

az aks list [--resource-group]

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az aks remove-connector

(PREVIEW) Remove the ACI Connector from a managed Kubernetes cluster.

az aks remove-connector --name
--resource-group
[--connector-name]
[--graceful]
[--location]
[--os-type {Both, Linux, Windows}]

Examples

Remove the ACI Connector from a cluster using the graceful mode.

az aks remove-connector --name MyManagedCluster --resource-group MyResourceGroup \
                          --connector-name MyConnector --graceful

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--connector-name

Name of the ACI Connector.

default value: aci-connector
--graceful

Use a "cordon and drain" strategy to evict pods safely before removing the ACI node.

--location -l

Location. You can configure the default location using az configure --defaults location=<location>.

--os-type

Remove support for deploying ACIs of this operating system type.

accepted values: Both, Linux, Windows
default value: Linux

az aks remove-dev-spaces

(PREVIEW) Remove Azure Dev Spaces from a managed Kubernetes cluster.

az aks remove-dev-spaces --name
--resource-group
[--yes]

Examples

Remove Azure Dev Spaces from a managed Kubernetes cluster.

az aks remove-dev-spaces -g my-aks-group -n my-aks

Remove Azure Dev Spaces from a managed Kubernetes cluster without prompting.

az aks remove-dev-spaces -g my-aks-group -n my-aks --yes

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--yes -y

Do not prompt for confirmation.

az aks scale

Scale the node pool in a managed Kubernetes cluster.

az aks scale --name
--node-count
--resource-group
[--no-wait]

Required Parameters

--name -n

Name of the managed cluster.

--node-count -c

Number of nodes in the Kubernetes node pool.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

az aks show

Show the details for a managed Kubernetes cluster.

az aks show --name
--resource-group

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az aks upgrade

Upgrade a managed Kubernetes cluster to a newer version.

az aks upgrade --kubernetes-version
--name
--resource-group
[--no-wait]
[--yes]

Required Parameters

--kubernetes-version -k

Version of Kubernetes to upgrade the cluster to, such as "1.7.12" or "1.8.7".

value from: `az aks get-upgrades`
--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

--yes -y

Do not prompt for confirmation.

az aks upgrade-connector

(PREVIEW) Upgrade the ACI Connector on a managed Kubernetes cluster.

az aks upgrade-connector --name
--resource-group
[--aci-resource-group]
[--chart-url]
[--client-secret]
[--connector-name]
[--image-tag]
[--location]
[--os-type {Both, Linux, Windows}]
[--service-principal]

Examples

Upgrade the ACI Connector for Linux to a managed Kubernetes cluster.

az aks upgrade-connector --name MyManagedCluster --resource-group MyResourceGroup \
                          --connector-name aci-connector

Upgrade the ACI Connector for Windows to a managed Kubernetes cluster.

az aks upgrade-connector --name MyManagedCluster --resource-group MyResourceGroup \
                           --connector-name aci-connector --os-type Windows

Upgrade the ACI Connector for both Windows and Linux to a managed Kubernetes cluster.

az aks upgrade-connector --name MyManagedCluster --resource-group MyResourceGroup \
                          --connector-name aci-connector --os-type Both

Upgrade the ACI Connector to use a specific service principal in a specific resource group.

az aks upgrade-connector --name MyManagedCluster --resource-group MyResourceGroup \
                          --connector-name aci-connector --service-principal <SPN_ID> --client-secret <SPN_SECRET> \
                          --aci-resource-group <ACI resource group>

Upgrade the ACI Connector from a custom Helm chart with custom tag.

az aks upgrade-connector --name MyManagedCluster --resource-group MyResourceGroup \
                          --connector-name aci-connector --chart-url <CustomURL> --image-tag <VirtualKubeletImageTag>

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--aci-resource-group

The resource group to create the ACI container groups. Use the MC_* resource group if it is not specified.

--chart-url

URL of a Helm chart that installs ACI Connector.

default value: <a href="https://github.com/virtual-kubelet/virtual-kubelet/raw/master/charts/virtual-kubelet-for-aks-latest.tgz">https://github.com/virtual-kubelet/virtual-kubelet/raw/master/charts/virtual-kubelet-for-aks-latest.tgz</a>
--client-secret

Secret associated with the service principal. This argument is required if --service-principal is specified.

--connector-name

Name of the ACI Connector.

default value: aci-connector
--image-tag

The image tag of the virtual kubelet. Use 'latest' if it is not specified.

--location -l

The location to create the ACI container groups. Use the location of the MC_* resource group if it is not specified.

--os-type

Install support for deploying ACIs of this operating system type.

accepted values: Both, Linux, Windows
default value: Linux
--service-principal

Service principal used for authentication to Azure APIs.

az aks use-dev-spaces

(PREVIEW) Use Azure Dev Spaces with a managed Kubernetes cluster.

az aks use-dev-spaces --name
--resource-group
[--space]
[--update]
[--yes]

Examples

Use Azure Dev Spaces with a managed Kubernetes cluster, interactively selecting a dev space.

az aks use-dev-spaces -g my-aks-group -n my-aks

Use Azure Dev Spaces with a managed Kubernetes cluster, updating to the latest Azure Dev Spaces client components and selecting a new or existing dev space 'my-space'.

az aks use-dev-spaces -g my-aks-group -n my-aks --update --space my-space

Use Azure Dev Spaces with a managed Kubernetes cluster, selecting a new or existing dev space 'develop/my-space' without prompting for confirmation.

az aks use-dev-spaces -g my-aks-group -n my-aks -s develop/my-space -y

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--space -s

Name of the new or existing dev space to select. Defaults to an interactive selection experience.

--update

Update to the latest Azure Dev Spaces client components.

--yes -y

Do not prompt for confirmation. Requires --space.

az aks wait

Wait for a managed Kubernetes cluster to reach a desired state.

az aks wait --name
--resource-group
[--created]
[--custom]
[--deleted]
[--exists]
[--interval]
[--timeout]
[--updated]

Examples

Wait for a cluster to be upgraded, polling every minute for up to thirty minutes.

az aks wait -g MyResourceGroup -n MyManagedCluster --updated --interval 60 --timeout 1800

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

--exists

Wait until the resource exists.

--interval

Polling interval in seconds.

default value: 30
--timeout

Maximum wait in seconds.

default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.