Azure Kubernetes Service (AKS) Cheatsheet
Cluster Management
- Create an AKS cluster with basic configuration
az aks create \
--resource-group <resource-group> \
--name <cluster-name> \
--node-count 3 \
--enable-addons monitoring \
--generate-ssh-keys
- Create AKS cluster with advanced networking
az aks create \
--resource-group <resource-group> \
--name <cluster-name> \
--network-plugin azure \
--vnet-subnet-id <subnet-id> \
--docker-bridge-address 172.17.0.1/16 \
--dns-service-ip 10.2.0.10 \
--service-cidr 10.2.0.0/24
az aks list --output table
az aks show --resource-group <resource-group> --name <cluster-name>
- Get AKS cluster credentials
az aks get-credentials --resource-group <resource-group> --name <cluster-name>
az aks delete --resource-group <resource-group> --name <cluster-name> --yes --no-wait
Node Pool Management
az aks nodepool list --resource-group <resource-group> --cluster-name <cluster-name>
az aks nodepool add \
--resource-group <resource-group> \
--cluster-name <cluster-name> \
--name <nodepool-name> \
--node-count 2 \
--node-vm-size Standard_DS2_v2
az aks nodepool scale \
--resource-group <resource-group> \
--cluster-name <cluster-name> \
--name <nodepool-name> \
--node-count 5
- Enable autoscaling for node pool
az aks nodepool update \
--resource-group <resource-group> \
--cluster-name <cluster-name> \
--name <nodepool-name> \
--enable-cluster-autoscaler \
--min-count 1 \
--max-count 10
az aks nodepool delete \
--resource-group <resource-group> \
--cluster-name <cluster-name> \
--name <nodepool-name>
Cluster Operations
- Start stopped AKS cluster
az aks start --resource-group <resource-group> --name <cluster-name>
az aks stop --resource-group <resource-group> --name <cluster-name>
az aks upgrade \
--resource-group <resource-group> \
--name <cluster-name> \
--kubernetes-version <version>
- Get available upgrade versions
az aks get-upgrades --resource-group <resource-group> --name <cluster-name>
- Rotate cluster certificates
az aks rotate-certs --resource-group <resource-group> --name <cluster-name>
Azure Container Registry (ACR) Integration
- Create Azure Container Registry
az acr create --resource-group <resource-group> --name <registry-name> --sku Basic
- Attach ACR to AKS cluster
az aks update \
--resource-group <resource-group> \
--name <cluster-name> \
--attach-acr <registry-name>
az acr import \
--name <registry-name> \
--source docker.io/library/nginx:latest \
--image nginx:latest
az acr repository list --name <registry-name>
Monitoring and Diagnostics
- Enable Azure Monitor for containers
az aks enable-addons \
--resource-group <resource-group> \
--name <cluster-name> \
--addons monitoring
az aks show --resource-group <resource-group> --name <cluster-name> --query "agentPoolProfiles[].diagnosticsProfile"
- Install kubectl if not available
az aks install-cli
- Check cluster health with kubectl
kubectl get nodes
kubectl get pods --all-namespaces
kubectl top nodes
kubectl top pods --all-namespaces
Security and RBAC
- Enable RBAC on existing cluster
az aks update \
--resource-group <resource-group> \
--name <cluster-name> \
--enable-rbac
- Create AKS cluster with Azure AD integration
az aks create \
--resource-group <resource-group> \
--name <cluster-name> \
--enable-aad \
--aad-admin-group-object-ids <group-id>
- Get admin credentials (bypass RBAC)
az aks get-credentials \
--resource-group <resource-group> \
--name <cluster-name> \
--admin
- Create role binding for Azure AD user
kubectl create clusterrolebinding <binding-name> \
--clusterrole=cluster-admin \
--user=<user-email>
Networking
- Enable HTTP application routing
az aks enable-addons \
--resource-group <resource-group> \
--name <cluster-name> \
--addons http_application_routing
- Get HTTP application routing zone name
az aks show \
--resource-group <resource-group> \
--name <cluster-name> \
--query "addonProfiles.httpApplicationRouting.config.HTTPApplicationRoutingZoneName"
- Create AKS cluster with load balancer SKU
az aks create \
--resource-group <resource-group> \
--name <cluster-name> \
--load-balancer-sku standard
- Configure authorized IP ranges
az aks update \
--resource-group <resource-group> \
--name <cluster-name> \
--api-server-authorized-ip-ranges <ip-range>
Storage
- Create Azure disk for persistent volume
az disk create \
--resource-group <node-resource-group> \
--name <disk-name> \
--size-gb 20 \
--sku Standard_LRS
- Create storage class for Azure Files
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azurefile
provisioner: kubernetes.io/azure-file
parameters:
skuName: Standard_LRS
location: <region>
- Create persistent volume claim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: azure-file-pvc
spec:
accessModes:
- ReadWriteMany
storageClassName: azurefile
resources:
requests:
storage: 5Gi
Troubleshooting
- Get AKS cluster resource group
az aks show \
--resource-group <resource-group> \
--name <cluster-name> \
--query "nodeResourceGroup"
kubectl get events --sort-by='.metadata.creationTimestamp'
kubectl describe pod <pod-name>
kubectl logs <pod-name> --previous
kubectl describe nodes | grep -A 5 "Conditions:"
- SSH into AKS node (requires node access)
kubectl debug node/<node-name> -it --image=mcr.microsoft.com/aks/fundamental/base-ubuntu:v0.0.11
PowerShell Commands
- Create AKS cluster with PowerShell
New-AzAksCluster -ResourceGroupName <resource-group> -Name <cluster-name> -NodeCount 3 -GenerateSshKey
- Import AKS credentials with PowerShell
Import-AzAksCredential -ResourceGroupName <resource-group> -Name <cluster-name>
- Scale node pool with PowerShell
Set-AzAksCluster -ResourceGroupName <resource-group> -Name <cluster-name> -NodeCount 5
Useful Aliases and Shortcuts
alias k='kubectl'
alias kgp='kubectl get pods'
alias kgs='kubectl get services'
alias kgn='kubectl get nodes'
alias kdp='kubectl describe pod'
alias kds='kubectl describe service'
- Quick cluster context switching
kubectl config get-contexts
kubectl config use-context <context-name>
- Port forward common services
kubectl port-forward service/kubernetes-dashboard 8443:443 -n kubernetes-dashboard
kubectl port-forward service/grafana 3000:80 -n monitoring