Create a Private AKS Cluster

Last updated: 9/21/2020

This sample shows how to create a private AKS cluster in a virtual network along with a jumpbox virtual machine.

This Azure Resource Manager template was created by a member of the community and not by Microsoft. Each Resource Manager template is licensed to you under a license agreement by its owner, not Microsoft. Microsoft is not responsible for Resource Manager templates provided and licensed by community members and does not screen for security, compatibility, or performance. Community Resource Manager templates are not supported under any Microsoft support program or service, and are made available AS IS without warranty of any kind.

Parameters

Parameter Name Description
location Specifies the location of AKS cluster.
aksClusterName Specifies the name of the AKS cluster.
aksClusterDnsPrefix Specifies the DNS prefix specified when creating the managed cluster.
aksClusterTags Specifies the tags of the AKS cluster.
aksClusterNetworkPlugin Specifies the network plugin used for building Kubernetes network. - azure or kubenet.
aksClusterNetworkPolicy Specifies the network policy used for building Kubernetes network. - calico or azure
aksClusterPodCidr Specifies the CIDR notation IP range from which to assign pod IPs when kubenet is used.
aksClusterServiceCidr A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges.
aksClusterDnsServiceIP Specifies the IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr.
aksClusterDockerBridgeCidr Specifies the CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range.
aksClusterLoadBalancerSku Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools.
aksClusterSkuTier Specifies the tier of a managed cluster SKU: Paid or Free
aksClusterKubernetesVersion Specifies the version of Kubernetes specified when creating the managed cluster.
aksClusterAdminUsername Specifies the administrator username of Linux virtual machines.
aksClusterSshPublicKey Specifies the SSH RSA public key string for the Linux nodes.
aadEnabled Specifies whether enabling AAD integration.
aadProfileTenantId Specifies the tenant id of the Azure Active Directory used by the AKS cluster for authentication.
aadProfileAdminGroupObjectIDs Specifies the AAD group object IDs that will have admin role of the cluster.
aksClusterEnablePrivateCluster Specifies whether to create the cluster as a private cluster or not.
aadProfileManaged Specifies whether to enable managed AAD integration.
aadProfileEnableAzureRBAC Specifies whether to to enable Azure RBAC for Kubernetes authorization.
nodePoolName Specifies the unique name of the node pool profile in the context of the subscription and resource group.
nodePoolVmSize Specifies the vm size of nodes in the node pool.
nodePoolOsDiskSizeGB Specifies the OS Disk Size in GB to be used to specify the disk size for every machine in this master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified..
nodePoolCount Specifies the number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 1.
nodePoolOsType Specifies the OS type for the vms in the node pool. Choose from Linux and Windows. Default to Linux.
nodePoolMaxPods Specifies the maximum number of pods that can run on a node. The maximum number of pods per node in an AKS cluster is 250. The default maximum number of pods per node varies between kubenet and Azure CNI networking, and the method of cluster deployment.
nodePoolMaxCount Specifies the maximum number of nodes for auto-scaling for the node pool.
nodePoolMinCount Specifies the minimum number of nodes for auto-scaling for the node pool.
nodePoolEnableAutoScaling Specifies whether to enable auto-scaling for the node pool.
nodePoolScaleSetPriority Specifies the virtual machine scale set priority: Spot or Regular.
nodePoolNodeLabels Specifies the Agent pool node labels to be persisted across all nodes in agent pool.
nodePoolNodeTaints Specifies the taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. - string
nodePoolMode Specifies the mode of an agent pool: System or User
nodePoolType Specifies the type of a node pool: VirtualMachineScaleSets or AvailabilitySet
nodePoolAvailabilityZones Specifies the availability zones for nodes. Requirese the use of VirtualMachineScaleSets as node pool type.
virtualNetworkName Specifies the name of the virtual network.
virtualNetworkAddressPrefixes Specifies the address prefixes of the virtual network.
aksSubnetName Specifies the name of the default subnet hosting the AKS cluster.
aksSubnetAddressPrefix Specifies the address prefix of the subnet hosting the AKS cluster.
logAnalyticsWorkspaceName Specifies the name of the Log Analytics Workspace.
logAnalyticsSku Specifies the service tier of the workspace: Free, Standalone, PerNode, Per-GB.
logAnalyticsRetentionInDays Specifies the workspace data retention in days. -1 means Unlimited retention for the Unlimited Sku. 730 days is the maximum allowed for all other Skus.
vmSubnetName Specifies the name of the subnet which contains the virtual machine.
vmSubnetAddressPrefix Specifies the address prefix of the subnet which contains the virtual machine.
vmName Specifies the name of the virtual machine.
vmSize Specifies the size of the virtual machine.
imagePublisher Specifies the image publisher of the disk image used to create the virtual machine.
imageOffer Specifies the offer of the platform image or marketplace image used to create the virtual machine.
imageSku Specifies the Ubuntu version for the VM. This will pick a fully patched image of this given Ubuntu version.
authenticationType Specifies the type of authentication when accessing the Virtual Machine. SSH key is recommended.
vmAdminUsername Specifies the name of the administrator account of the virtual machine.
vmAdminPasswordOrKey Specifies the SSH Key or password for the virtual machine. SSH key is recommended.
diskStorageAccounType Specifies the storage account type for OS and data disk.
numDataDisks Specifies the number of data disks of the virtual machine.
osDiskSize Specifies the size in GB of the OS disk of the VM.
dataDiskSize Specifies the size in GB of the OS disk of the virtual machine.
dataDiskCaching Specifies the caching requirements for the data disks.
blobStorageAccountName Specifies the globally unique name for the storage account used to store the boot diagnostics logs of the virtual machine.
blobStorageAccountPrivateEndpointName Specifies the name of the private link to the boot diagnostics storage account.
bastionSubnetAddressPrefix Specifies the Bastion subnet IP prefix. This prefix must be within vnet IP prefix address space.
bastionHostName Specifies the name of the Azure Bastion resource.

Use the template

PowerShell

New-AzResourceGroup -Name <resource-group-name> -Location <resource-group-location> #use this command when you need to create a new resource group for your deployment
New-AzResourceGroupDeployment -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-private-aks-cluster/azuredeploy.json
Install and configure Azure PowerShell

Command line

az group create --name <resource-group-name> --location <resource-group-location> #use this command when you need to create a new resource group for your deployment
az group deployment create --resource-group <my-resource-group> --template-uri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-private-aks-cluster/azuredeploy.json
Install and Configure the Azure Cross-Platform Command-Line Interface