az aks

Manage Azure Kubernetes Services.

Commands

az aks browse Show the dashboard for a Kubernetes cluster in a web browser.
az aks create Create a new managed Kubernetes cluster.
az aks disable-addons Disable Kubernetes addons.
az aks enable-addons Enable Kubernetes addons.
az aks get-credentials Get access credentials for a managed Kubernetes cluster.
az aks get-upgrades Get the upgrade versions available for a managed Kubernetes cluster.
az aks get-versions Get the versions available for creating a managed Kubernetes cluster.
az aks nodepool Commands to manage node pools in Kubernetes kubernetes cluster.
az aks nodepool add Add a node pool to the managed Kubernetes cluster.
az aks nodepool delete Delete the agent pool in the managed Kubernetes cluster.
az aks nodepool list List node pools in the managed Kubernetes cluster.
az aks nodepool scale Scale the node pool in a managed Kubernetes cluster.
az aks nodepool show Show the details for a node pool in the managed Kubernetes cluster.
az aks nodepool update Update a node pool to enable/disable cluster-autoscaler or change min-count or max-count.
az aks nodepool upgrade Upgrade the node pool in a managed Kubernetes cluster.
az aks scale Scale the node pool in a managed Kubernetes cluster.
az aks show Show the details for a managed Kubernetes cluster.
az aks update Update a managed Kubernetes cluster to enable/disable cluster-autoscaler or change min-count or max-count.
az aks upgrade Upgrade a managed Kubernetes cluster to a newer version.
az aks wait Wait for a managed Kubernetes cluster to reach a desired state.

az aks browse

Show the dashboard for a Kubernetes cluster in a web browser.

az aks browse --name
--resource-group
[--disable-browser]
[--listen-address]
[--listen-port]

Examples

Show the dashboard for a Kubernetes cluster in a web browser. (autogenerated)

az aks browse --name MyManagedCluster --resource-group MyResourceGroup

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--disable-browser

Don't launch a web browser after establishing port-forwarding.

--listen-address

The listening address for the dashboard.

default value: 127.0.0.1
--listen-port

The listening port for the dashboard.

default value: 8001

az aks create

Create a new managed Kubernetes cluster.

az aks create --name
--resource-group
[--aad-client-app-id]
[--aad-server-app-id]
[--aad-server-app-secret]
[--aad-tenant-id]
[--admin-username]
[--client-secret]
[--disable-rbac]
[--dns-name-prefix]
[--dns-service-ip]
[--docker-bridge-address]
[--enable-addons]
[--enable-cluster-autoscaler]
[--enable-pod-security-policy]
[--enable-rbac]
[--enable-vmss]
[--generate-ssh-keys]
[--kubernetes-version]
[--load-balancer-sku]
[--location]
[--max-count]
[--max-pods]
[--min-count]
[--network-plugin]
[--network-policy]
[--no-ssh-key]
[--no-wait]
[--node-count]
[--node-osdisk-size]
[--node-resource-group]
[--node-vm-size]
[--node-zones {1, 2, 3}]
[--nodepool-name]
[--pod-cidr]
[--service-cidr]
[--service-principal]
[--skip-subnet-role-assignment]
[--ssh-key-value]
[--tags]
[--vnet-subnet-id]
[--windows-admin-password]
[--windows-admin-username]
[--workspace-resource-id]

Examples

Create a Kubernetes cluster with an existing SSH public key.

az aks create -g MyResourceGroup -n MyManagedCluster --ssh-key-value /path/to/publickey

Create a Kubernetes cluster with a specific version.

az aks create -g MyResourceGroup -n MyManagedCluster --kubernetes-version 1.11.2

Create a Kubernetes cluster with a larger node pool.

az aks create -g MyResourceGroup -n MyManagedCluster --node-count 7

Create a kubernetes cluster with preview api version and cluster autosclaler enabled.

az aks create -g MyResourceGroup -n MyManagedCluster --kubernetes-version 1.11.2 --node-count 3 --enable-cluster-autoscaler --min-count 1 --max-count 5

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--aad-client-app-id

(PREVIEW) The ID of an Azure Active Directory client application of type "Native". This application is for user login via kubectl.

--aad-server-app-id

(PREVIEW) The ID of an Azure Active Directory server application of type "Web app/API". This application represents the managed cluster's apiserver (Server application).

--aad-server-app-secret

(PREVIEW) The secret of an Azure Active Directory server application.

--aad-tenant-id

(PREVIEW) The ID of an Azure Active Directory tenant.

--admin-username -u

User account to create on node VMs for SSH access.

default value: azureuser
--client-secret

Secret associated with the service principal. This argument is required if --service-principal is specified.

--disable-rbac

Disable Kubernetes Role-Based Access Control.

--dns-name-prefix -p

Prefix for hostnames that are created. If not specified, generate a hostname using the managed cluster and resource group names.

--dns-service-ip

An IP address assigned to the Kubernetes DNS service.

--docker-bridge-address

A specific IP address and netmask for the Docker bridge, using standard CIDR notation.

--enable-addons -a

Enable the Kubernetes addons in a comma-separated list.

--enable-cluster-autoscaler

Enable cluster autoscaler, default value is false.

--enable-pod-security-policy

(PREVIEW) Enable pod security policy.

--enable-rbac -r

Enable Kubernetes Role-Based Access Control. Default: enabled.

--enable-vmss

(PREVIEW) Enable VMSS agent type.

--generate-ssh-keys

Generate SSH public and private key files if missing.

--kubernetes-version -k

Version of Kubernetes to use for creating the cluster, such as "1.7.12" or "1.8.7".

value from: `az aks get-versions`
--load-balancer-sku

Azure Load Balancer SKU selection for your cluster. Basic or Standard.

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--max-count

Maximum nodes count used for auto scaler, when "--enable-cluster-autoscaler" specified. Please specifying the value in the range of [1, 100].

--max-pods -m

The maximum number of pods deployable to a node.

--min-count

Minimun nodes count used for auto scaler, when "--enable-cluster-autoscaler" specified. Please specifying the value in the range of [1, 100].

--network-plugin

The Kubernetes network plugin to use.

--network-policy

(PREVIEW) The Kubernetes network policy to use.

--no-ssh-key -x

Do not use or create a local SSH key.

--no-wait

Do not wait for the long-running operation to finish.

--node-count -c

Number of nodes in the Kubernetes node pool. It is required when --enable-cluster-autoscaler specified. After creating a cluster, you can change the size of its node pool with az aks scale.

default value: 3
--node-osdisk-size

Size in GB of the OS disk for each node in the node pool. Minimum 30 GB.

--node-resource-group

The node resource group is the resource group where all customer's resources will be created in, such as virtual machines.

--node-vm-size -s

Size of Virtual Machines to create as Kubernetes nodes.

default value: Standard_DS2_v2
--node-zones

(PREVIEW) Space-separated list of availability zones where agent nodes will be placed.

accepted values: 1, 2, 3
--nodepool-name

Node pool name, upto 12 alphanumeric characters.

default value: nodepool1
--pod-cidr

A CIDR notation IP range from which to assign pod IPs when kubenet is used.

--service-cidr

A CIDR notation IP range from which to assign service cluster IPs.

--service-principal

Service principal used for authentication to Azure APIs.

--skip-subnet-role-assignment

Skip role assignment for subnet (advanced networking).

--ssh-key-value

Public key path or key contents to install on node VMs for SSH access. For example, 'ssh-rsa AAAAB...snip...UcyupgH azureuser@linuxvm'.

default value: ~\.ssh\id_rsa.pub
--tags

Space-separated tags in 'key[=value]' format. Use "" to clear existing tags.

--vnet-subnet-id

The ID of a subnet in an existing VNet into which to deploy the cluster.

--windows-admin-password

User account password to use on windows node VMs.

--windows-admin-username

User account to create on windows node VMs.

--workspace-resource-id

The resource ID of an existing Log Analytics Workspace to use for storing monitoring data. If not specified, uses the default Log Analytics Workspace if it exists, otherwise creates one.

az aks disable-addons

Disable Kubernetes addons.

az aks disable-addons --addons
--name
--resource-group
[--no-wait]

Examples

Disable Kubernetes addons. (autogenerated)

az aks disable-addons --addons virtual-node --name MyManagedCluster --resource-group MyResourceGroup

Required Parameters

--addons -a

Disable the Kubernetes addons in a comma-separated list.

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

az aks enable-addons

Enable Kubernetes addons.

az aks enable-addons --addons
--name
--resource-group
[--no-wait]
[--subnet-name]
[--workspace-resource-id]

Examples

Enable Kubernetes addons. (autogenerated)

az aks enable-addons --addons virtual-node --name MyManagedCluster --resource-group MyResourceGroup --subnet-name VirtualNodeSubnet

Required Parameters

--addons -a

Enable the Kubernetes addons in a comma-separated list.

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

--subnet-name -s

The subnet name for the virtual node to use.

--workspace-resource-id

The resource ID of an existing Log Analytics Workspace to use for storing monitoring data.

az aks get-credentials

Get access credentials for a managed Kubernetes cluster.

az aks get-credentials --name
--resource-group
[--admin]
[--overwrite-existing]
[--path]

Examples

Get access credentials for a managed Kubernetes cluster. (autogenerated)

az aks get-credentials --name MyManagedCluster --resource-group MyResourceGroup

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--admin
--overwrite-existing

Overwrite any existing cluster entry with the same name.

--path
default value: ~/.kube/config

az aks get-upgrades

Get the upgrade versions available for a managed Kubernetes cluster.

az aks get-upgrades --name
--resource-group

Examples

Get the upgrade versions available for a managed Kubernetes cluster

az aks get-upgrades --name MyManagedCluster --resource-group MyResourceGroup

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az aks get-versions

Get the versions available for creating a managed Kubernetes cluster.

az aks get-versions --location

Examples

Get the versions available for creating a managed Kubernetes cluster

az aks get-versions --location westus2

Required Parameters

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

az aks scale

Scale the node pool in a managed Kubernetes cluster.

az aks scale --name
--node-count
--resource-group
[--no-wait]
[--nodepool-name]

Required Parameters

--name -n

Name of the managed cluster.

--node-count -c

Number of nodes in the Kubernetes node pool.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

--nodepool-name

Node pool name, upto 12 alphanumeric characters.

az aks show

Show the details for a managed Kubernetes cluster.

az aks show --name
--resource-group

Examples

Show the details for a managed Kubernetes cluster

az aks show --name MyManagedCluster --resource-group MyResourceGroup

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az aks update

Update a managed Kubernetes cluster to enable/disable cluster-autoscaler or change min-count or max-count.

az aks update --name
--resource-group
[--api-server-authorized-ip-ranges]
[--disable-cluster-autoscaler]
[--disable-pod-security-policy]
[--enable-cluster-autoscaler]
[--enable-pod-security-policy]
[--max-count]
[--min-count]
[--no-wait]
[--update-cluster-autoscaler]

Examples

Enable cluster-autoscaler within node count range [1,5]

az aks update --enable-cluster-autoscaler --min-count 1 --max-count 5 -g MyResourceGroup -n MyManagedCluster

Disable cluster-autoscaler for an existing cluster

az aks update --disable-cluster-autoscaler -g MyResourceGroup -n MyManagedCluster

Update min-count or max-count for cluster auto-scaler.

az aks update --update-cluster-autoscaler --min-count 1 --max-count 10 -g MyResourceGroup -n MyManagedCluster

Enable authorized IP ranges for apiserver.

az aks update --api-server-authorized-ip-ranges 172.0.0.10/16,168.10.0.10/18 -g MyResourceGroup -n MyManagedCluster

Enable pod security policy.

az aks update --enable-pod-security-policy -g MyResourceGroup -n MyManagedCluster

Disable pod security policy.

az aks update --disable-pod-security-policy -g MyResourceGroup -n MyManagedCluster

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--api-server-authorized-ip-ranges

List of authorized IP ranges (separated by comma) for apiserver. Set to "" for disabling it.

--disable-cluster-autoscaler -d

Disable cluster autoscaler.

--disable-pod-security-policy

(PREVIEW) Disable pod security policy.

--enable-cluster-autoscaler -e

Enable cluster autoscaler.

--enable-pod-security-policy

(PREVIEW) Enable pod security policy.

--max-count

Maximum nodes count used for auto scaler, when "--enable-cluster-autoscaler" specified. Please specifying the value in the range of [1, 100].

--min-count

Minimun nodes count used for auto scaler, when "--enable-cluster-autoscaler" specified. Please specifying the value in the range of [1, 100].

--no-wait

Do not wait for the long-running operation to finish.

--update-cluster-autoscaler -u

Update min-count or max-count for cluser auto-scaler.

az aks upgrade

Upgrade a managed Kubernetes cluster to a newer version.

az aks upgrade --kubernetes-version
--name
--resource-group
[--no-wait]
[--yes]

Required Parameters

--kubernetes-version -k

Version of Kubernetes to upgrade the cluster to, such as "1.11.12".

value from: `az aks get-upgrades`
--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

--yes -y

Do not prompt for confirmation.

az aks wait

Wait for a managed Kubernetes cluster to reach a desired state.

az aks wait --name
--resource-group
[--created]
[--custom]
[--deleted]
[--exists]
[--interval]
[--timeout]
[--updated]

Examples

Wait for a cluster to be upgraded, polling every minute for up to thirty minutes.

az aks wait -g MyResourceGroup -n MyManagedCluster --updated --interval 60 --timeout 1800

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

--exists

Wait until the resource exists.

--interval

Polling interval in seconds.

default value: 30
--timeout

Maximum wait in seconds.

default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.