az aks

Note

This reference is part of the aks-preview extension for Azure CLI and requires version 2.0.49 or higher. The extension will automatically install the first time you run an az aks command. Learn more about extensions.

Manage Azure Kubernetes Services.

Commands

az aks browse

Show the dashboard for a Kubernetes cluster in a web browser.

az aks create

Create a new managed Kubernetes cluster.

az aks disable-addons

Disable Kubernetes addons.

az aks enable-addons

Enable Kubernetes addons.

az aks get-credentials

Get access credentials for a managed Kubernetes cluster.

az aks get-upgrades

Get the upgrade versions available for a managed Kubernetes cluster.

az aks get-versions

Get the versions available for creating a managed Kubernetes cluster.

az aks kanalyze

Display diagnostic results for the Kubernetes cluster after kollect is done.

az aks kollect

Collecting diagnostic information for the Kubernetes cluster.

az aks nodepool

Commands to manage node pools in managed Kubernetes cluster.

az aks nodepool add

Add a node pool to the managed Kubernetes cluster.

az aks nodepool delete

Delete the agent pool in the managed Kubernetes cluster.

az aks nodepool get-upgrades

Get the available upgrade versions for an agent pool of the managed Kubernetes cluster.

az aks nodepool list

List node pools in the managed Kubernetes cluster.

az aks nodepool scale

Scale the node pool in a managed Kubernetes cluster.

az aks nodepool show

Show the details for a node pool in the managed Kubernetes cluster.

az aks nodepool update

Update a node pool to enable/disable cluster-autoscaler or change min-count or max-count.

az aks nodepool upgrade

Upgrade the node pool in a managed Kubernetes cluster.

az aks pod-identity

Commands to manage pod identities in managed Kubernetes cluster.

az aks pod-identity add

Add a pod identity to a managed Kubernetes cluster.

az aks pod-identity delete

Remove a pod identity from a managed Kubernetes cluster.

az aks pod-identity exception

Commands to manage pod identity exceptions in managed Kubernetes cluster.

az aks pod-identity exception add

Add a pod identity exception to a managed Kubernetes cluster.

az aks pod-identity exception delete

Remove a pod identity exception from a managed Kubernetes cluster.

az aks pod-identity exception list

List pod identity exceptions in a managed Kubernetes cluster.

az aks pod-identity exception update

Update a pod identity exception in a managed Kubernetes cluster.

az aks pod-identity list

List pod identities in a managed Kubernetes cluster.

az aks rotate-certs

Rotate certificates and keys on a managed Kubernetes cluster.

az aks scale

Scale the node pool in a managed Kubernetes cluster.

az aks show

Show the details for a managed Kubernetes cluster.

az aks start

Start Managed Cluster.

az aks stop

Stop Managed Cluster.

az aks update

Update a managed Kubernetes cluster properties, such as enable/disable cluster-autoscaler.

az aks upgrade

Upgrade a managed Kubernetes cluster to a newer version.

az aks wait

Wait for a managed Kubernetes cluster to reach a desired state.

az aks browse

Show the dashboard for a Kubernetes cluster in a web browser.

az aks browse --name
              --resource-group
              [--disable-browser]
              [--listen-address]
              [--listen-port]

Examples

Show the dashboard for a Kubernetes cluster in a web browser. (autogenerated)

az aks browse --name MyManagedCluster --resource-group MyResourceGroup

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--disable-browser

Don't launch a web browser after establishing port-forwarding.

--listen-address

The listening address for the dashboard.

default value: 127.0.0.1
--listen-port

The listening port for the dashboard.

default value: 8001

az aks create

Create a new managed Kubernetes cluster.

az aks create --name
              --resource-group
              [--aad-admin-group-object-ids]
              [--aad-client-app-id]
              [--aad-server-app-id]
              [--aad-server-app-secret]
              [--aad-tenant-id]
              [--aci-subnet-name]
              [--admin-username]
              [--aks-custom-headers]
              [--api-server-authorized-ip-ranges]
              [--appgw-id]
              [--appgw-name]
              [--appgw-subnet-cidr]
              [--appgw-subnet-id]
              [--appgw-subnet-prefix]
              [--appgw-watch-namespace]
              [--assign-identity]
              [--attach-acr]
              [--auto-upgrade-channel {none, patch, rapid, stable}]
              [--client-secret]
              [--cluster-autoscaler-profile]
              [--disable-rbac]
              [--dns-name-prefix]
              [--dns-service-ip]
              [--docker-bridge-address]
              [--enable-aad]
              [--enable-addons]
              [--enable-ahub]
              [--enable-azure-rbac]
              [--enable-cluster-autoscaler]
              [--enable-encryption-at-host {false, true}]
              [--enable-managed-identity]
              [--enable-node-public-ip]
              [--enable-pod-identity]
              [--enable-pod-security-policy]
              [--enable-private-cluster]
              [--enable-rbac]
              [--enable-sgxquotehelper]
              [--enable-vmss]
              [--generate-ssh-keys]
              [--kubelet-config]
              [--kubernetes-version]
              [--linux-os-config]
              [--load-balancer-idle-timeout]
              [--load-balancer-managed-outbound-ip-count]
              [--load-balancer-outbound-ip-prefixes]
              [--load-balancer-outbound-ips]
              [--load-balancer-outbound-ports]
              [--load-balancer-sku]
              [--location]
              [--max-count]
              [--max-pods]
              [--min-count]
              [--network-plugin {azure, kubenet}]
              [--network-policy]
              [--no-ssh-key]
              [--no-wait]
              [--node-count]
              [--node-osdisk-diskencryptionset-id]
              [--node-osdisk-size]
              [--node-osdisk-type]
              [--node-resource-group]
              [--node-vm-size]
              [--node-zones {1, 2, 3}]
              [--nodepool-labels]
              [--nodepool-name]
              [--nodepool-tags]
              [--outbound-type {loadBalancer, userDefinedRouting}]
              [--pod-cidr]
              [--pod-subnet-id]
              [--ppg]
              [--private-dns-zone]
              [--service-cidr]
              [--service-principal]
              [--skip-subnet-role-assignment]
              [--ssh-key-value]
              [--tags]
              [--uptime-sla]
              [--vm-set-type]
              [--vnet-subnet-id]
              [--windows-admin-password]
              [--windows-admin-username]
              [--workspace-resource-id]
              [--yes]

Examples

Create a Kubernetes cluster with an existing SSH public key.

az aks create -g MyResourceGroup -n MyManagedCluster --ssh-key-value /path/to/publickey

Create a Kubernetes cluster with a specific version.

az aks create -g MyResourceGroup -n MyManagedCluster --kubernetes-version 1.13.9

Create a Kubernetes cluster with a larger node pool.

az aks create -g MyResourceGroup -n MyManagedCluster --node-count 7

Create a kubernetes cluster with cluster autosclaler enabled.

az aks create -g MyResourceGroup -n MyManagedCluster --kubernetes-version 1.13.9 --node-count 3 --enable-cluster-autoscaler --min-count 1 --max-count 5

Create a kubernetes cluster with k8s 1.13.9 but use vmas.

az aks create -g MyResourceGroup -n MyManagedCluster --kubernetes-version 1.13.9 --vm-set-type AvailabilitySet

Create a kubernetes cluster with default kubernetes vesrion, default SKU load balancer(standard) and default vm set type(VirtualMachineScaleSets).

az aks create -g MyResourceGroup -n MyManagedCluster

Create a kubernetes cluster with standard SKU load balancer and two AKS created IPs for the load balancer outbound connection usage.

az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-managed-outbound-ip-count 2

Create a kubernetes cluster with standard SKU load balancer and use the provided public IPs for the load balancer outbound connection usage.

az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-outbound-ips <ip-resource-id-1,ip-resource-id-2>

Create a kubernetes cluster with standard SKU load balancer and use the provided public IP prefixes for the load balancer outbound connection usage.

az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-outbound-ip-prefixes <ip-prefix-resource-id-1,ip-prefix-resource-id-2>

Create a kubernetes cluster with a standard SKU load balancer, with two outbound AKS managed IPs an idle flow timeout of 5 minutes and 8000 allocated ports per machine

az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-managed-outbound-ip-count 2 --load-balancer-idle-timeout 5 --load-balancer-outbound-ports 8000

Create a kubernetes cluster with basic SKU load balancer and AvailabilitySet vm set type.

az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-sku basic --vm-set-type AvailabilitySet

Create a kubernetes cluster with authorized apiserver IP ranges.

az aks create -g MyResourceGroup -n MyManagedCluster --api-server-authorized-ip-ranges 193.168.1.0/24,194.168.1.0/24,195.168.1.0

Create a kubernetes cluster with server side encryption using your owned key.

az aks create -g MyResourceGroup -n MyManagedCluster --node-osdisk-diskencryptionset-id <disk-encryption-set-resource-id>

Create a kubernetes cluster with userDefinedRouting, standard load balancer SKU and a custom subnet preconfigured with a route table

az aks create -g MyResourceGroup -n MyManagedCluster --outbound-type userDefinedRouting --load-balancer-sku standard --vnet-subnet-id customUserSubnetVnetID

Create a kubernetes cluster with supporting Windows agent pools with AHUB enabled.

az aks create -g MyResourceGroup -n MyManagedCluster --load-balancer-sku Standard --network-plugin azure --windows-admin-username azure --windows-admin-password 'replacePassword1234$' --enable-ahub

Create a kubernetes cluster with managed AAD enabled.

az aks create -g MyResourceGroup -n MyManagedCluster --enable-aad --aad-admin-group-object-ids <id-1,id-2> --aad-tenant-id <id>

Create a kubernetes cluster with ephemeral os enabled.

az aks create -g MyResourceGroup -n MyManagedCluster --node-osdisk-type Ephemeral --node-osdisk-size 48

Create a kubernetes cluster with custom tags

az aks create -g MyResourceGroup -n MyManagedCluster --tags "foo=bar" "baz=qux"

Create a kubernetes cluster with EncryptionAtHost enabled.

az aks create -g MyResourceGroup -n MyManagedCluster --enable-encryption-at-host

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--aad-admin-group-object-ids

Comma seperated list of aad group object IDs that will be set as cluster admin.

--aad-client-app-id

The ID of an Azure Active Directory client application of type "Native". This application is for user login via kubectl.

--aad-server-app-id

The ID of an Azure Active Directory server application of type "Web app/API". This application represents the managed cluster's apiserver (Server application).

--aad-server-app-secret

The secret of an Azure Active Directory server application.

--aad-tenant-id

The ID of an Azure Active Directory tenant.

--aci-subnet-name

The name of a subnet in an existing VNet into which to deploy the virtual nodes.

--admin-username -u

User account to create on node VMs for SSH access.

default value: azureuser
--aks-custom-headers

Send custom headers. When specified, format should be Key1=Value1,Key2=Value2.

--api-server-authorized-ip-ranges

Comma seperated list of authorized apiserver IP ranges. Set to 0.0.0.0/32 to restrict apiserver traffic to node pools.

--appgw-id

Resource Id of an existing Application Gateway to use with AGIC. Use with ingress-azure addon.

--appgw-name

Name of the application gateway to create/use in the node resource group. Use with ingress-azure addon.

--appgw-subnet-cidr

Subnet CIDR to use for a new subnet created to deploy the Application Gateway. Use with ingress-azure addon.

--appgw-subnet-id

Resource Id of an existing Subnet used to deploy the Application Gateway. Use with ingress-azure addon.

--appgw-subnet-prefix

Subnet Prefix to use for a new subnet created to deploy the Application Gateway. Use with ingress-azure addon.

--appgw-watch-namespace

Specify the namespace, which AGIC should watch. This could be a single string value, or a comma-separated list of namespaces.

--assign-identity

(PREVIEW) Specify an existing user assigned identity to manage cluster resource group.

--attach-acr

Grant the 'acrpull' role assignment to the ACR specified by name or resource ID.

--auto-upgrade-channel

Specify the upgrade channel for autoupgrade. It could be rapid, stable, patch or none, none means disable autoupgrade.

accepted values: none, patch, rapid, stable
--client-secret

Secret associated with the service principal. This argument is required if --service-principal is specified.

--cluster-autoscaler-profile

Space-separated list of key=value pairs for configuring cluster autoscaler. Pass an empty string to clear the profile.

--disable-rbac

Disable Kubernetes Role-Based Access Control.

--dns-name-prefix -p

Prefix for hostnames that are created. If not specified, generate a hostname using the managed cluster and resource group names.

--dns-service-ip

An IP address assigned to the Kubernetes DNS service.

--docker-bridge-address

A specific IP address and netmask for the Docker bridge, using standard CIDR notation.

--enable-aad

Enable managed AAD feature for cluster.

--enable-addons -a

Enable the Kubernetes addons in a comma-separated list.

--enable-ahub

Enable Azure Hybrid User Benefits (AHUB) for Windows VMs.

--enable-azure-rbac

Whether to enable Azure RBAC for Kubernetes authorization.

--enable-cluster-autoscaler

Enable cluster autoscaler, default value is false.

--enable-encryption-at-host

Enable EncryptionAtHost on agent node pool.

accepted values: false, true
--enable-managed-identity

Using managed identity to manage cluster resource group. Default value is true, you can explicitly specify "--client-id" and "--secret" to disable managed identity.

default value: 1
--enable-node-public-ip

Enable VMSS node public IP.

--enable-pod-identity

(PREVIEW) Enable pod identity addon.

--enable-pod-security-policy

(PREVIEW) Enable pod security policy.

--enable-private-cluster

Enable private cluster.

--enable-rbac -r

Enable Kubernetes Role-Based Access Control. Default: enabled.

--enable-sgxquotehelper

Enable SGX quote helper for confcom addon.

--enable-vmss

To be deprecated. Use vm_set_type instead.

--generate-ssh-keys

Generate SSH public and private key files if missing.

--kubelet-config

Kubelet configurations for agent nodes.

--kubernetes-version -k

Version of Kubernetes to use for creating the cluster, such as "1.7.12" or "1.8.7".

value from: `az aks get-versions`
--linux-os-config

OS configurations for Linux agent nodes.

--load-balancer-idle-timeout

Load balancer idle timeout in minutes.

--load-balancer-managed-outbound-ip-count

Load balancer managed outbound IP count.

--load-balancer-outbound-ip-prefixes

Load balancer outbound IP prefix resource IDs.

--load-balancer-outbound-ips

Load balancer outbound IP resource IDs.

--load-balancer-outbound-ports

Load balancer outbound allocated ports.

--load-balancer-sku

Azure Load Balancer SKU selection for your cluster. basic or standard.

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--max-count

Maximum nodes count used for autoscaler, when "--enable-cluster-autoscaler" specified. Please specify the value in the range of [1, 100].

--max-pods -m

The maximum number of pods deployable to a node.

--min-count

Minimun nodes count used for autoscaler, when "--enable-cluster-autoscaler" specified. Please specify the value in the range of [1, 100].

--network-plugin

The Kubernetes network plugin to use.

accepted values: azure, kubenet
--network-policy

(PREVIEW) The Kubernetes network policy to use.

--no-ssh-key -x

Do not use or create a local SSH key.

--no-wait

Do not wait for the long-running operation to finish.

--node-count -c

Number of nodes in the Kubernetes node pool. It is required when --enable-cluster-autoscaler specified. After creating a cluster, you can change the size of its node pool with az aks scale.

default value: 3
--node-osdisk-diskencryptionset-id

ResourceId of the disk encryption set to use for enabling encryption at rest.

--node-osdisk-size

Size in GB of the OS disk for each node in the node pool. Minimum 30 GB.

--node-osdisk-type

OS disk type to be used for machines in a given agent pool. Defaults to 'Managed'. May not be changed for this pool after creation.

--node-resource-group

The node resource group is the resource group where all customer's resources will be created in, such as virtual machines.

--node-vm-size -s

Size of Virtual Machines to create as Kubernetes nodes.

default value: Standard_DS2_v2
--node-zones --zones -z

(--node-zones will be deprecated, use --zones) Space-separated list of availability zones where agent nodes will be placed.

accepted values: 1, 2, 3
--nodepool-labels

Space-separated labels: key[=value] [key[=value] ...]. You can not change the node labels through CLI after creation. See https://aka.ms/node-labels for syntax of labels.

--nodepool-name

Node pool name, upto 12 alphanumeric characters.

default value: nodepool1
--nodepool-tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--outbound-type

How outbound traffic will be configured for a cluster.

accepted values: loadBalancer, userDefinedRouting
--pod-cidr

A CIDR notation IP range from which to assign pod IPs when kubenet is used.

--pod-subnet-id

The ID of a subnet in an existing VNet into which to assign pods in the cluster (requires azure network-plugin).

--ppg

The ID of a PPG.

--private-dns-zone

(PREVIEW) private dns zone mode for private cluster.

--service-cidr

A CIDR notation IP range from which to assign service cluster IPs.

--service-principal

Service principal used for authentication to Azure APIs.

--skip-subnet-role-assignment

Skip role assignment for subnet (advanced networking).

--ssh-key-value

Public key path or key contents to install on node VMs for SSH access. For example, 'ssh-rsa AAAAB...snip...UcyupgH azureuser@linuxvm'.

default value: ~\.ssh\id_rsa.pub
--tags

The tags of the managed cluster. The managed cluster instance and all resources managed by the cloud provider will be tagged.

--uptime-sla

Enable a paid managed cluster service with a financially backed SLA.

--vm-set-type

Agent pool vm set type. VirtualMachineScaleSets or AvailabilitySet.

--vnet-subnet-id

The ID of a subnet in an existing VNet into which to deploy the cluster.

--windows-admin-password

User account password to use on windows node VMs.

--windows-admin-username

User account to create on windows node VMs.

--workspace-resource-id

The resource ID of an existing Log Analytics Workspace to use for storing monitoring data. If not specified, uses the default Log Analytics Workspace if it exists, otherwise creates one.

--yes -y

Do not prompt for confirmation.

az aks disable-addons

Disable Kubernetes addons.

az aks disable-addons --addons
                      --name
                      --resource-group
                      [--no-wait]

Examples

Disable Kubernetes addons. (autogenerated)

az aks disable-addons --addons virtual-node --name MyManagedCluster --resource-group MyResourceGroup

Required Parameters

--addons -a

Disable the Kubernetes addons in a comma-separated list.

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

az aks enable-addons

Enable Kubernetes addons.

These addons are available: http_application_routing - configure ingress with automatic public DNS name creation. monitoring - turn on Log Analytics monitoring. Uses the Log Analytics Default Workspace if it exists, else creates one. Specify "--workspace-resource-id" to use an existing workspace. If monitoring addon is enabled --no-wait argument will have no effect virtual-node - enable AKS Virtual Node. Requires --subnet-name to provide the name of an existing subnet for the Virtual Node to use. azure-policy - enable Azure policy. The Azure Policy add-on for AKS enables at-scale enforcements and safeguards on your clusters in a centralized, consistent manner. Learn more at aka.ms/aks/policy. ingress-appgw - enable Application Gateway Ingress Controller addon (PREVIEW). open-service-mesh - enable Open Service Mesh addon (PREVIEW). gitops - Enable GitOps (PREVIEW).

az aks enable-addons --addons
                     --name
                     --resource-group
                     [--appgw-id]
                     [--appgw-name]
                     [--appgw-subnet-cidr]
                     [--appgw-subnet-id]
                     [--appgw-subnet-prefix]
                     [--appgw-watch-namespace]
                     [--enable-sgxquotehelper]
                     [--no-wait]
                     [--subnet-name]
                     [--workspace-resource-id]

Examples

Enable Kubernetes addons. (autogenerated)

az aks enable-addons --addons virtual-node --name MyManagedCluster --resource-group MyResourceGroup --subnet-name VirtualNodeSubnet

Enable ingress-appgw addon with subnet prefix.

az aks enable-addons --name MyManagedCluster --resource-group MyResourceGroup --addons ingress-appgw --appgw-subnet-cidr 10.2.0.0/16 --appgw-name gateway

Enable open-service-mesh addon.

az aks enable-addons --name MyManagedCluster --resource-group MyResourceGroup --addons open-service-mesh

Required Parameters

--addons -a

Enable the Kubernetes addons in a comma-separated list.

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--appgw-id

Resource Id of an existing Application Gateway to use with AGIC. Use with ingress-azure addon.

--appgw-name

Name of the application gateway to create/use in the node resource group. Use with ingress-azure addon.

--appgw-subnet-cidr

Subnet CIDR to use for a new subnet created to deploy the Application Gateway. Use with ingress-azure addon.

--appgw-subnet-id

Resource Id of an existing Subnet used to deploy the Application Gateway. Use with ingress-azure addon.

--appgw-subnet-prefix

Subnet Prefix to use for a new subnet created to deploy the Application Gateway. Use with ingress-azure addon.

--appgw-watch-namespace

Specify the namespace, which AGIC should watch. This could be a single string value, or a comma-separated list of namespaces. Use with ingress-azure addon.

--enable-sgxquotehelper

Enable SGX quote helper for confcom addon.

--no-wait

Do not wait for the long-running operation to finish.

--subnet-name -s

The subnet name for the virtual node to use.

--workspace-resource-id

The resource ID of an existing Log Analytics Workspace to use for storing monitoring data.

az aks get-credentials

Get access credentials for a managed Kubernetes cluster.

az aks get-credentials --name
                       --resource-group
                       [--admin]
                       [--context]
                       [--file]
                       [--overwrite-existing]
                       [--user]

Examples

Get access credentials for a managed Kubernetes cluster. (autogenerated)

az aks get-credentials --name MyManagedCluster --resource-group MyResourceGroup

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--admin -a

Get cluster administrator credentials. Default: cluster user credentials.

--context

If specified, overwrite the default context name.

--file -f

Kubernetes configuration file to update. Use "-" to print YAML to stdout instead.

default value: ~/.kube/config
--overwrite-existing

Overwrite any existing cluster entry with the same name.

--user -u

Get credentials for the user. Only valid when --admin is False. Default: cluster user credentials.

default value: clusterUser

az aks get-upgrades

Get the upgrade versions available for a managed Kubernetes cluster.

az aks get-upgrades --name
                    --resource-group

Examples

Get the upgrade versions available for a managed Kubernetes cluster

az aks get-upgrades --name MyManagedCluster --resource-group MyResourceGroup

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az aks get-versions

Get the versions available for creating a managed Kubernetes cluster.

az aks get-versions --location

Examples

Get the versions available for creating a managed Kubernetes cluster

az aks get-versions --location westus2

Required Parameters

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

az aks kanalyze

Display diagnostic results for the Kubernetes cluster after kollect is done.

az aks kanalyze --name
                --resource-group

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az aks kollect

Collecting diagnostic information for the Kubernetes cluster.

Collect diagnostic information for the Kubernetes cluster and store it in the specified storage account. You can provide the storage account in three ways: storage account name and a shared access signature with write permission. resource Id to a storage account you own. the storagea account in diagnostics settings for your managed cluster.

az aks kollect --name
               --resource-group
               [--container-logs]
               [--kube-objects]
               [--node-logs]
               [--sas-token]
               [--storage-account]

Examples

using storage account name and a shared access signature token with write permission

az aks kollect -g MyResourceGroup -n MyManagedCluster --storage-account MyStorageAccount --sas-token "MySasToken"

using the resource id of a storagea account resource you own.

az aks kollect -g MyResourceGroup -n MyManagedCluster --storage-account "MyStoreageAccountResourceId"

using the storagea account in diagnostics settings for your managed cluster.

az aks kollect -g MyResourceGroup -n MyManagedCluster

customize the container logs to collect.

az aks kollect -g MyResourceGroup -n MyManagedCluster --container-logs "mynamespace1/mypod1 myns2"

customize the kubernetes objects to collect.

az aks kollect -g MyResourceGroup -n MyManagedCluster --kube-objects "mynamespace1/service myns2/deployment/deployment1"

customize the node log files to collect.

az aks kollect -g MyResourceGroup -n MyManagedCluster --node-logs "/var/log/azure-vnet.log /var/log/azure-vnet-ipam.log"

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--container-logs

The list of container logs to collect.

--kube-objects

The list of kubernetes objects to describe.

--node-logs

The list of node logs to collect. For example, /var/log/cloud-init.log.

--sas-token

The SAS token with writable permission for the storage account.

--storage-account

Name or ID of the storage account to save the diagnostic information.

az aks rotate-certs

Rotate certificates and keys on a managed Kubernetes cluster.

Kubernetes will be unavailable during cluster certificate rotation.

az aks rotate-certs --name
                    --resource-group
                    [--no-wait]
                    [--yes]

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

--yes -y

Do not prompt for confirmation.

az aks scale

Scale the node pool in a managed Kubernetes cluster.

az aks scale --name
             --node-count
             --resource-group
             [--no-wait]
             [--nodepool-name]

Required Parameters

--name -n

Name of the managed cluster.

--node-count -c

Number of nodes in the Kubernetes node pool.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

--nodepool-name

Node pool name, upto 12 alphanumeric characters.

az aks show

Show the details for a managed Kubernetes cluster.

az aks show --name
            --resource-group

Examples

Show the details for a managed Kubernetes cluster

az aks show --name MyManagedCluster --resource-group MyResourceGroup

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az aks start

Start Managed Cluster.

Starts a Stopped Managed Cluster.

az aks start --name
             --resource-group
             [--no-wait]

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

az aks stop

Stop Managed Cluster.

Stops a Running Managed Cluster.

az aks stop --name
            --resource-group
            [--no-wait]

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

az aks update

Update a managed Kubernetes cluster properties, such as enable/disable cluster-autoscaler.

az aks update --name
              --resource-group
              [--aad-admin-group-object-ids]
              [--aad-tenant-id]
              [--aks-custom-headers]
              [--api-server-authorized-ip-ranges]
              [--assign-identity]
              [--attach-acr]
              [--auto-upgrade-channel {none, patch, rapid, stable}]
              [--cluster-autoscaler-profile]
              [--detach-acr]
              [--disable-ahub]
              [--disable-cluster-autoscaler]
              [--disable-pod-identity]
              [--disable-pod-security-policy]
              [--enable-aad]
              [--enable-ahub]
              [--enable-cluster-autoscaler]
              [--enable-managed-identity]
              [--enable-pod-identity]
              [--enable-pod-security-policy]
              [--load-balancer-idle-timeout]
              [--load-balancer-managed-outbound-ip-count]
              [--load-balancer-outbound-ip-prefixes]
              [--load-balancer-outbound-ips]
              [--load-balancer-outbound-ports]
              [--max-count]
              [--min-count]
              [--no-uptime-sla]
              [--no-wait]
              [--tags]
              [--update-cluster-autoscaler]
              [--uptime-sla]
              [--yes]

Examples

Enable cluster-autoscaler within node count range [1,5]

az aks update --enable-cluster-autoscaler --min-count 1 --max-count 5 -g MyResourceGroup -n MyManagedCluster

Disable cluster-autoscaler for an existing cluster

az aks update --disable-cluster-autoscaler -g MyResourceGroup -n MyManagedCluster

Update min-count or max-count for cluster autoscaler.

az aks update --update-cluster-autoscaler --min-count 1 --max-count 10 -g MyResourceGroup -n MyManagedCluster

Enable pod security policy.

az aks update --enable-pod-security-policy -g MyResourceGroup -n MyManagedCluster

Disable pod security policy.

az aks update --disable-pod-security-policy -g MyResourceGroup -n MyManagedCluster

Update a kubernetes cluster with standard SKU load balancer to use two AKS created IPs for the load balancer outbound connection usage.

az aks update -g MyResourceGroup -n MyManagedCluster --load-balancer-managed-outbound-ip-count 2

Update a kubernetes cluster with standard SKU load balancer to use the provided public IPs for the load balancer outbound connection usage.

az aks update -g MyResourceGroup -n MyManagedCluster --load-balancer-outbound-ips <ip-resource-id-1,ip-resource-id-2>

Update a kubernetes cluster with standard SKU load balancer to use the provided public IP prefixes for the load balancer outbound connection usage.

az aks update -g MyResourceGroup -n MyManagedCluster --load-balancer-outbound-ip-prefixes <ip-prefix-resource-id-1,ip-prefix-resource-id-2>

Update a kubernetes cluster with two outbound AKS managed IPs an idle flow timeout of 5 minutes and 8000 allocated ports per machine

az aks update -g MyResourceGroup -n MyManagedCluster --load-balancer-managed-outbound-ip-count 2 --load-balancer-idle-timeout 5 --load-balancer-outbound-ports 8000

Update a kubernetes cluster with authorized apiserver ip ranges.

az aks update -g MyResourceGroup -n MyManagedCluster --api-server-authorized-ip-ranges 193.168.1.0/24,194.168.1.0/24

Disable authorized apiserver ip ranges feature for a kubernetes cluster.

az aks update -g MyResourceGroup -n MyManagedCluster --api-server-authorized-ip-ranges ""

Restrict apiserver traffic in a kubernetes cluster to agentpool nodes.

az aks update -g MyResourceGroup -n MyManagedCluster --api-server-authorized-ip-ranges 0.0.0.0/32

Update a AKS-managed AAD cluster with tenant ID or admin group object IDs.

az aks update -g MyResourceGroup -n MyManagedCluster --aad-admin-group-object-ids <id-1,id-2> --aad-tenant-id <id>

Migrate a AKS AAD-Integrated cluster or a non-AAAAD cluster to a AKS-managed AAD cluster.

az aks update -g MyResourceGroup -n MyManagedCluster --enable-aad --aad-admin-group-object-ids <id-1,id-2> --aad-tenant-id <id>

Enable Azure Hybrid User Benefits featture for a kubernetes cluster.

az aks update -g MyResourceGroup -n MyManagedCluster --enable-ahub

Disable Azure Hybrid User Benefits featture for a kubernetes cluster.

az aks update -g MyResourceGroup -n MyManagedCluster --disable-ahub

Update the cluster to use system assigned managed identity in control plane.

az aks update -g MyResourceGroup -n MyManagedCluster --enable-managed-identity

Update the cluster to use user assigned managed identity in control plane.

az aks update -g MyResourceGroup -n MyManagedCluster --enable-managed-identity --assign-identity <user_assigned_identity_resource_id>

Enable pod identity addon.

az aks update -g MyResourceGroup -n MyManagedCluster --enable-pod-identity

Disable pod identity addon.

az aks update -g MyResourceGroup -n MyManagedCluster --disable-pod-identity

Update the tags of a kubernetes cluster

az aks update -g MyResourceGroup -n MyManagedCLuster --tags "foo=bar" "baz=qux"

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--aad-admin-group-object-ids

Comma seperated list of aad group object IDs that will be set as cluster admin.

--aad-tenant-id

The ID of an Azure Active Directory tenant.

--aks-custom-headers

Send custom headers. When specified, format should be Key1=Value1,Key2=Value2.

--api-server-authorized-ip-ranges

Comma seperated list of authorized apiserver IP ranges. Set to "" to allow all traffic on a previously restricted cluster. Set to 0.0.0.0/32 to restrict apiserver traffic to node pools.

--assign-identity

(PREVIEW) Specify an existing user assigned identity to manage cluster resource group.

--attach-acr

Grant the 'acrpull' role assignment to the ACR specified by name or resource ID.

--auto-upgrade-channel

Specify the upgrade channel for autoupgrade. It could be rapid, stable, patch or none, none means disable autoupgrade.

accepted values: none, patch, rapid, stable
--cluster-autoscaler-profile

Space-separated list of key=value pairs for configuring cluster autoscaler. Pass an empty string to clear the profile.

--detach-acr

Disable the 'acrpull' role assignment to the ACR specified by name or resource ID.

--disable-ahub

Disable Azure Hybrid User Benefits (AHUB) feature for cluster.

--disable-cluster-autoscaler -d

Disable cluster autoscaler.

--disable-pod-identity

(PREVIEW) Disable Pod Identity addon for cluster.

--disable-pod-security-policy

(PREVIEW) Disable pod security policy.

--enable-aad

Enable managed AAD feature for cluster.

--enable-ahub

Enable Azure Hybrid User Benefits (AHUB) feature for cluster.

--enable-cluster-autoscaler -e

Enable cluster autoscaler.

--enable-managed-identity

(PREVIEW) Update current cluster to managed identity to manage cluster resource group.

--enable-pod-identity

(PREVIEW) Enable Pod Identity addon for cluster.

--enable-pod-security-policy

(PREVIEW) Enable pod security policy.

--load-balancer-idle-timeout

Load balancer idle timeout in minutes.

--load-balancer-managed-outbound-ip-count

Load balancer managed outbound IP count.

--load-balancer-outbound-ip-prefixes

Load balancer outbound IP prefix resource IDs.

--load-balancer-outbound-ips

Load balancer outbound IP resource IDs.

--load-balancer-outbound-ports

Load balancer outbound allocated ports.

--max-count

Maximum nodes count used for autoscaler, when "--enable-cluster-autoscaler" specified. Please specify the value in the range of [1, 100].

--min-count

Minimun nodes count used for autoscaler, when "--enable-cluster-autoscaler" specified. Please specify the value in the range of [1, 100].

--no-uptime-sla

Change a paid managed cluster to a free one.

--no-wait

Do not wait for the long-running operation to finish.

--tags

The tags of the managed cluster. The managed cluster instance and all resources managed by the cloud provider will be tagged.

--update-cluster-autoscaler -u

Update min-count or max-count for cluster autoscaler.

--uptime-sla

Enable a paid managed cluster service with a financially backed SLA.

--yes -y

Do not prompt for confirmation.

az aks upgrade

Upgrade a managed Kubernetes cluster to a newer version.

Kubernetes will be unavailable during cluster upgrades.

az aks upgrade --name
               --resource-group
               [--control-plane-only]
               [--kubernetes-version]
               [--no-wait]
               [--node-image-only]
               [--yes]

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--control-plane-only

Upgrade the cluster control plane only. If not specified, control plane AND all node pools will be upgraded.

--kubernetes-version -k

Version of Kubernetes to upgrade the cluster to, such as "1.11.12".

value from: `az aks get-upgrades`
--no-wait

Do not wait for the long-running operation to finish.

--node-image-only

Only upgrade node image for agent pools.

--yes -y

Do not prompt for confirmation.

az aks wait

Wait for a managed Kubernetes cluster to reach a desired state.

If an operation on a cluster was interrupted or was started with --no-wait, use this command to wait for it to complete.

az aks wait --name
            --resource-group
            [--created]
            [--custom]
            [--deleted]
            [--exists]
            [--interval]
            [--timeout]
            [--updated]

Examples

Wait for a cluster to be upgraded, polling every minute for up to thirty minutes.

az aks wait -g MyResourceGroup -n MyManagedCluster --updated --interval 60 --timeout 1800

Wait for a managed Kubernetes cluster to reach a desired state (autogenerated)

az aks wait --created --interval 60 --name MyManagedCluster --resource-group MyResourceGroup --timeout 1800

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

--exists

Wait until the resource exists.

--interval

Polling interval in seconds.

default value: 30
--timeout

Maximum wait in seconds.

default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.