Fully Loaded Azure Kubernetes Service CLI command
I wanted to share a fully loaded az cli command that I use to provision an AKS cluster. This saves lot of my time and allows me to continue doing the other work while the AKS cluster is being provisioned.
Pre-requisites
- An Azure subscription. If you don’t have one, sign up here for free
- Install az cli
- Run az login and authenticate to your Azure subscription
- A Log Analytics Workspace that can be attached to your AKS cluster.
Command
Login to your Azure Container Registry first.
az acr login -n {ACR name}Get the subnet ID
az network vnet subnet list -g teamResources --vnet-name vnet --query "[0].id" --output tsvNow Create an AKS Clusteraz aks create \
--resource-group aksRG \
--location eastus \
--zones 1,2,3 \
--kubernetes-version 1.18.2 \
--name allamrajuaks \
--node-count 2 \
--network-plugin azure \
--docker-bridge-address 172.17.0.1/16 \
--dns-service-ip 10.0.0.10 \
--service-cidr 10.0.0.0/16 \
--windows-admin-password xxxx123456# \
--windows-admin-username kumara \
--generate-ssh-keys \
--network-policy azure \
--enable-addons monitoring \
--workspace-resource-id /subscriptions/4b94c4c4-c372-44f8-9be5-555xxxx/resourcegroups/teamresources/providers/microsoft.operationalinsights/workspaces/allamrajulaw \
--vm-set-type VirtualMachineScaleSets \
--nodepool-name kalinuxpool1 \
--attach-acr allamrajuacr \
--api-server-authorized-ip-ranges 72.x.x.x/24 \
--service-principal 1f2555c3–47ee-44a1–8793-xxx \
--client-secret csP2/w1ixs-qChh4=2CTTJstxxxx \
--aad-server-app-id xxxx749–47e5–4702–xxxx–9a7e88e73e5f \
--aad-server-app-secret D8U=xxxxWRXF9BRLouZ-O-qt-:N/Z \
--aad-client-app-id df8ed406-e6f7–xxxx–913c-ffxxxxf8e9ae \
--aad-tenant-id 0e8xxxx0–6533–47dc-a293–7b96xxx57f8 \ --vnet-subnet-id "/subscriptions/xxx-c372-44f8-9be5-5551b44c16df/resourceGroups/teamResources/providers/Microsoft.Network/virtualNetworks/vnet/subnets/vm-subnet" \
--no-wait
The above command creates an AKS cluster named “allamrajuaks” in a resource group “aksRG” in East US region. A linux nodepool named “kalinuxpool1”, an existing azure container registry “allamrajuACR” will be attached to this cluster as well. I’m also using Azure’s advanced networking plugin, enabling monitoring and attaching an existing Log Analytics workspace. The parameters windows-admin-password and windows-admin-password are needed to provision Windows Node Pools afterwards. Finally this AKS cluster is integrated with Azure Active Directory so that authorized users/groups that are part of AAD will be able to view/deploy the pods to your AKS cluster. You need to following this tutorial to get the values of aad-server, aad-client values before provisioning the AKS cluster. Feel free to change the values as you see it fit.
Hope you will find it useful.