az aks

Manage Azure Kubernetes Services.

Commands

az aks browse Show the dashboard for a Kubernetes cluster in a web browser.
az aks create Create a new managed Kubernetes cluster.
az aks disable-addons Disable Kubernetes addons.
az aks enable-addons Enable Kubernetes addons.
az aks get-credentials Get access credentials for a managed Kubernetes cluster.
az aks get-upgrades Get the upgrade versions available for a managed Kubernetes cluster.
az aks get-versions Get the versions available for creating a managed Kubernetes cluster.
az aks kollect Collecting diagnostic information for the Kubernetes cluster.
az aks nodepool Commands to manage node pools in Kubernetes kubernetes cluster.
az aks nodepool add Add a node pool to the managed Kubernetes cluster.
az aks nodepool delete Delete the agent pool in the managed Kubernetes cluster.
az aks nodepool list List node pools in the managed Kubernetes cluster.
az aks nodepool scale Scale the node pool in a managed Kubernetes cluster.
az aks nodepool show Show the details for a node pool in the managed Kubernetes cluster.
az aks nodepool update Update a node pool to enable/disable cluster-autoscaler or change min-count or max-count.
az aks nodepool upgrade Upgrade the node pool in a managed Kubernetes cluster.
az aks scale Scale the node pool in a managed Kubernetes cluster.
az aks show Show the details for a managed Kubernetes cluster.
az aks update Update a managed Kubernetes cluster to enable/disable cluster-autoscaler or change min-count or max-count.
az aks upgrade Upgrade a managed Kubernetes cluster to a newer version.
az aks wait Wait for a managed Kubernetes cluster to reach a desired state.

az aks browse

Show the dashboard for a Kubernetes cluster in a web browser.

az aks browse --name
--resource-group
[--disable-browser]
[--listen-address]
[--listen-port]

Examples

Show the dashboard for a Kubernetes cluster in a web browser. (autogenerated)

az aks browse --name MyManagedCluster --resource-group MyResourceGroup

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--disable-browser

Don't launch a web browser after establishing port-forwarding.

--listen-address

The listening address for the dashboard.

default value: 127.0.0.1
--listen-port

The listening port for the dashboard.

default value: 8001

az aks create

Create a new managed Kubernetes cluster.

az aks create --name
--resource-group
[--aad-client-app-id]
[--aad-server-app-id]
[--aad-server-app-secret]
[--aad-tenant-id]
[--admin-username]
[--attach-acr]
[--client-secret]
[--disable-rbac]
[--dns-name-prefix]
[--dns-service-ip]
[--docker-bridge-address]
[--enable-addons]
[--enable-cluster-autoscaler]
[--enable-managed-identity]
[--enable-pod-security-policy]
[--enable-private-cluster]
[--enable-rbac]
[--enable-vmss]
[--generate-ssh-keys]
[--kubernetes-version]
[--load-balancer-managed-outbound-ip-count]
[--load-balancer-outbound-ip-prefixes]
[--load-balancer-outbound-ips]
[--load-balancer-sku]
[--location]
[--max-count]
[--max-pods]
[--min-count]
[--network-plugin]
[--network-policy]
[--no-ssh-key]
[--no-wait]
[--node-count]
[--node-osdisk-size]
[--node-resource-group]
[--node-vm-size]
[--node-zones {1, 2, 3}]
[--nodepool-name]
[--pod-cidr]
[--service-cidr]
[--service-principal]
[--skip-subnet-role-assignment]
[--ssh-key-value]
[--tags]
[--vm-set-type]
[--vnet-subnet-id]
[--windows-admin-password]
[--windows-admin-username]
[--workspace-resource-id]

Examples

Create a Kubernetes cluster with an existing SSH public key.

az aks create -g MyResourceGroup -n MyManagedCluster --ssh-key-value /path/to/publickey

Create a Kubernetes cluster with a specific version.

az aks create -g MyResourceGroup -n MyManagedCluster --kubernetes-version 1.13.9

Create a Kubernetes cluster with a larger node pool.

az aks create -g MyResourceGroup -n MyManagedCluster --node-count 7

Create a kubernetes cluster with cluster autosclaler enabled.

az aks create -g MyResourceGroup -n MyManagedCluster --kubernetes-version 1.13.9 --node-count 3 --enable-cluster-autoscaler --min-count 1 --max-count 5

Create a kubernetes cluster with k8s 1.13.9 but use vmas.

az aks create -g MyResourceGroup -n MyManagedCluster --kubernetes-version 1.13.9 --vm-set-type AvailabilitySet

Create a kubernetes cluster with default kubernetes vesrion, default SKU load balancer(basic) and default vm set type(AvailabilitySet).

az aks create -g MyResourceGroup -n MyManagedCluster

Create a kubernetes cluster with standard SKU load balancer and two AKS created IPs for the load balancer outbound connection usage.

az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-managed-outbound-ip-count 2

Create a kubernetes cluster with standard SKU load balancer and use the provided public IPs for the load balancer outbound connection usage.

az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-outbound-ips <ip-resource-id-1,ip-resource-id-2>

Create a kubernetes cluster with standard SKU load balancer and use the provided public IP prefixes for the load balancer outbound connection usage.

az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-outbound-ip-prefixes <ip-prefix-resource-id-1,ip-prefix-resource-id-2>

Create a kubernetes cluster with basic SKU load balancer and AvailabilitySet vm set type.

az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-sku basic --vm-set-type AvailabilitySet

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--aad-client-app-id

The ID of an Azure Active Directory client application of type "Native". This application is for user login via kubectl.

--aad-server-app-id

The ID of an Azure Active Directory server application of type "Web app/API". This application represents the managed cluster's apiserver (Server application).

--aad-server-app-secret

The secret of an Azure Active Directory server application.

--aad-tenant-id

The ID of an Azure Active Directory tenant.

--admin-username -u

User account to create on node VMs for SSH access.

default value: azureuser
--attach-acr

Grant the 'acrpull' role assignment to the ACR specified by name or resource ID.

--client-secret

Secret associated with the service principal. This argument is required if --service-principal is specified.

--disable-rbac

Disable Kubernetes Role-Based Access Control.

--dns-name-prefix -p

Prefix for hostnames that are created. If not specified, generate a hostname using the managed cluster and resource group names.

--dns-service-ip

An IP address assigned to the Kubernetes DNS service.

--docker-bridge-address

A specific IP address and netmask for the Docker bridge, using standard CIDR notation.

--enable-addons -a

Enable the Kubernetes addons in a comma-separated list.

--enable-cluster-autoscaler

Enable cluster autoscaler, default value is false.

--enable-managed-identity

(PREVIEW) Using a system assigned managed identity to manage cluster resource group.

--enable-pod-security-policy

(PREVIEW) Enable pod security policy.

--enable-private-cluster

(PREVIEW) Enable private cluster.

--enable-rbac -r

Enable Kubernetes Role-Based Access Control. Default: enabled.

--enable-vmss

To be deprecated. Use vm_set_type instead.

--generate-ssh-keys

Generate SSH public and private key files if missing.

--kubernetes-version -k

Version of Kubernetes to use for creating the cluster, such as "1.7.12" or "1.8.7".

value from: `az aks get-versions`
--load-balancer-managed-outbound-ip-count

Load balancer managed outbound IP count.

--load-balancer-outbound-ip-prefixes

Load balancer outbound IP prefix resource IDs.

--load-balancer-outbound-ips

Load balancer outbound IP resource IDs.

--load-balancer-sku

Azure Load Balancer SKU selection for your cluster. basic or standard.

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--max-count

Maximum nodes count used for autoscaler, when "--enable-cluster-autoscaler" specified. Please specifying the value in the range of [1, 100].

--max-pods -m

The maximum number of pods deployable to a node.

--min-count

Minimun nodes count used for autoscaler, when "--enable-cluster-autoscaler" specified. Please specifying the value in the range of [1, 100].

--network-plugin

The Kubernetes network plugin to use.

--network-policy

(PREVIEW) The Kubernetes network policy to use.

--no-ssh-key -x

Do not use or create a local SSH key.

--no-wait

Do not wait for the long-running operation to finish.

--node-count -c

Number of nodes in the Kubernetes node pool. It is required when --enable-cluster-autoscaler specified. After creating a cluster, you can change the size of its node pool with az aks scale.

default value: 3
--node-osdisk-size

Size in GB of the OS disk for each node in the node pool. Minimum 30 GB.

--node-resource-group

The node resource group is the resource group where all customer's resources will be created in, such as virtual machines.

--node-vm-size -s

Size of Virtual Machines to create as Kubernetes nodes.

default value: Standard_DS2_v2
--node-zones

(PREVIEW) Space-separated list of availability zones where agent nodes will be placed.

accepted values: 1, 2, 3
--nodepool-name

Node pool name, upto 12 alphanumeric characters.

default value: nodepool1
--pod-cidr

A CIDR notation IP range from which to assign pod IPs when kubenet is used.

--service-cidr

A CIDR notation IP range from which to assign service cluster IPs.

--service-principal

Service principal used for authentication to Azure APIs.

--skip-subnet-role-assignment

Skip role assignment for subnet (advanced networking).

--ssh-key-value

Public key path or key contents to install on node VMs for SSH access. For example, 'ssh-rsa AAAAB...snip...UcyupgH azureuser@linuxvm'.

default value: ~\.ssh\id_rsa.pub
--tags

Space-separated tags in 'key[=value]' format. Use "" to clear existing tags.

--vm-set-type

Agent pool vm set type. VirtualMachineScaleSets or AvailabilitySet.

--vnet-subnet-id

The ID of a subnet in an existing VNet into which to deploy the cluster.

--windows-admin-password

User account password to use on windows node VMs.

--windows-admin-username

User account to create on windows node VMs.

--workspace-resource-id

The resource ID of an existing Log Analytics Workspace to use for storing monitoring data. If not specified, uses the default Log Analytics Workspace if it exists, otherwise creates one.

az aks disable-addons

Disable Kubernetes addons.

az aks disable-addons --addons
--name
--resource-group
[--no-wait]

Examples

Disable Kubernetes addons. (autogenerated)

az aks disable-addons --addons virtual-node --name MyManagedCluster --resource-group MyResourceGroup

Required Parameters

--addons -a

Disable the Kubernetes addons in a comma-separated list.

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

az aks enable-addons

Enable Kubernetes addons.

az aks enable-addons --addons
--name
--resource-group
[--no-wait]
[--subnet-name]
[--workspace-resource-id]

Examples

Enable Kubernetes addons. (autogenerated)

az aks enable-addons --addons virtual-node --name MyManagedCluster --resource-group MyResourceGroup --subnet-name VirtualNodeSubnet

Required Parameters

--addons -a

Enable the Kubernetes addons in a comma-separated list.

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

--subnet-name -s

The subnet name for the virtual node to use.

--workspace-resource-id

The resource ID of an existing Log Analytics Workspace to use for storing monitoring data.

az aks get-credentials

Get access credentials for a managed Kubernetes cluster.

az aks get-credentials --name
--resource-group
[--admin]
[--file]
[--overwrite-existing]

Examples

Get access credentials for a managed Kubernetes cluster. (autogenerated)

az aks get-credentials --name MyManagedCluster --resource-group MyResourceGroup

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--admin -a

Get cluster administrator credentials. Default: cluster user credentials.

--file -f

Kubernetes configuration file to update. Use "-" to print YAML to stdout instead.

default value: ~/.kube/config
--overwrite-existing

Overwrite any existing cluster entry with the same name.

az aks get-upgrades

Get the upgrade versions available for a managed Kubernetes cluster.

az aks get-upgrades --name
--resource-group

Examples

Get the upgrade versions available for a managed Kubernetes cluster

az aks get-upgrades --name MyManagedCluster --resource-group MyResourceGroup

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az aks get-versions

Get the versions available for creating a managed Kubernetes cluster.

az aks get-versions --location

Examples

Get the versions available for creating a managed Kubernetes cluster

az aks get-versions --location westus2

Required Parameters

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

az aks kollect

Collecting diagnostic information for the Kubernetes cluster.

az aks kollect --name
--resource-group
[--sas-token]
[--storage-account]

Examples

using storage account name and a shared access signature token with write permission

az aks kollect -g MyResourceGroup -n MyManagedCluster --storage-account MyStorageAccount --sas-token "MySasToken"

using the resource id of a storagea account resource you own.

az aks kollect -g MyResourceGroup -n MyManagedCluster --storage-account "MyStoreageAccountResourceId"

using the storagea account in diagnostics settings for your managed cluster.

az aks kollect -g MyResourceGroup -n MyManagedCluster

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--sas-token

The SAS token with writable permission for the storage account.

--storage-account

Name or ID of the storage account to save the diagnostic information.

az aks scale

Scale the node pool in a managed Kubernetes cluster.

az aks scale --name
--node-count
--resource-group
[--no-wait]
[--nodepool-name]

Required Parameters

--name -n

Name of the managed cluster.

--node-count -c

Number of nodes in the Kubernetes node pool.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

--nodepool-name

Node pool name, upto 12 alphanumeric characters.

az aks show

Show the details for a managed Kubernetes cluster.

az aks show --name
--resource-group

Examples

Show the details for a managed Kubernetes cluster

az aks show --name MyManagedCluster --resource-group MyResourceGroup

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az aks update

Update a managed Kubernetes cluster to enable/disable cluster-autoscaler or change min-count or max-count.

az aks update --name
--resource-group
[--api-server-authorized-ip-ranges]
[--attach-acr]
[--detach-acr]
[--disable-cluster-autoscaler]
[--disable-pod-security-policy]
[--enable-cluster-autoscaler]
[--enable-pod-security-policy]
[--load-balancer-managed-outbound-ip-count]
[--load-balancer-outbound-ip-prefixes]
[--load-balancer-outbound-ips]
[--max-count]
[--min-count]
[--no-wait]
[--update-cluster-autoscaler]

Examples

Enable cluster-autoscaler within node count range [1,5]

az aks update --enable-cluster-autoscaler --min-count 1 --max-count 5 -g MyResourceGroup -n MyManagedCluster

Disable cluster-autoscaler for an existing cluster

az aks update --disable-cluster-autoscaler -g MyResourceGroup -n MyManagedCluster

Update min-count or max-count for cluster autoscaler.

az aks update --update-cluster-autoscaler --min-count 1 --max-count 10 -g MyResourceGroup -n MyManagedCluster

Enable authorized IP ranges for apiserver.

az aks update --api-server-authorized-ip-ranges 172.0.0.10/16,168.10.0.10/18 -g MyResourceGroup -n MyManagedCluster

Enable pod security policy.

az aks update --enable-pod-security-policy -g MyResourceGroup -n MyManagedCluster

Disable pod security policy.

az aks update --disable-pod-security-policy -g MyResourceGroup -n MyManagedCluster

Update a kubernetes cluster with standard SKU load balancer to use two AKS created IPs for the load balancer outbound connection usage.

az aks update -g MyResourceGroup -n MyManagedCluster --load-balancer-managed-outbound-ip-count 2

Update a kubernetes cluster with standard SKU load balancer to use the provided public IPs for the load balancer outbound connection usage.

az aks update -g MyResourceGroup -n MyManagedCluster --load-balancer-outbound-ips <ip-resource-id-1,ip-resource-id-2>

Update a kubernetes cluster with standard SKU load balancer to use the provided public IP prefixes for the load balancer outbound connection usage.

az aks update -g MyResourceGroup -n MyManagedCluster --load-balancer-outbound-ip-prefixes <ip-prefix-resource-id-1,ip-prefix-resource-id-2>

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--api-server-authorized-ip-ranges

List of authorized IP ranges (separated by comma) for apiserver. Set to "" for disabling it.

--attach-acr

Grant the 'acrpull' role assignment to the ACR specified by name or resource ID.

--detach-acr

Disable the 'acrpull' role assignment to the ACR specified by name or resource ID.

--disable-cluster-autoscaler -d

Disable cluster autoscaler.

--disable-pod-security-policy

(PREVIEW) Disable pod security policy.

--enable-cluster-autoscaler -e

Enable cluster autoscaler.

--enable-pod-security-policy

(PREVIEW) Enable pod security policy.

--load-balancer-managed-outbound-ip-count

Load balancer managed outbound IP count.

--load-balancer-outbound-ip-prefixes

Load balancer outbound IP prefix resource IDs.

--load-balancer-outbound-ips

Load balancer outbound IP resource IDs.

--max-count

Maximum nodes count used for autoscaler, when "--enable-cluster-autoscaler" specified. Please specifying the value in the range of [1, 100].

--min-count

Minimun nodes count used for autoscaler, when "--enable-cluster-autoscaler" specified. Please specifying the value in the range of [1, 100].

--no-wait

Do not wait for the long-running operation to finish.

--update-cluster-autoscaler -u

Update min-count or max-count for cluster autoscaler.

az aks upgrade

Upgrade a managed Kubernetes cluster to a newer version.

az aks upgrade --kubernetes-version
--name
--resource-group
[--control-plane-only]
[--no-wait]
[--yes]

Required Parameters

--kubernetes-version -k

Version of Kubernetes to upgrade the cluster to, such as "1.11.12".

value from: `az aks get-upgrades`
--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--control-plane-only

Upgrade the cluster control plane only. If not specified, control plane AND all node pools will be upgraded.

--no-wait

Do not wait for the long-running operation to finish.

--yes -y

Do not prompt for confirmation.

az aks wait

Wait for a managed Kubernetes cluster to reach a desired state.

az aks wait --name
--resource-group
[--created]
[--custom]
[--deleted]
[--exists]
[--interval]
[--timeout]
[--updated]

Examples

Wait for a cluster to be upgraded, polling every minute for up to thirty minutes.

az aks wait -g MyResourceGroup -n MyManagedCluster --updated --interval 60 --timeout 1800

Wait for a managed Kubernetes cluster to reach a desired state (autogenerated)

az aks wait --created --interval 60 --name MyManagedCluster --resource-group MyResourceGroup --timeout 1800

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

--exists

Wait until the resource exists.

--interval

Polling interval in seconds.

default value: 30
--timeout

Maximum wait in seconds.

default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.