Deploy a managed Kubernetes Cluster (AKS).

Azure Public Test Date Azure Public Test Result

Azure US Gov Last Test Date Azure US Gov Last Test Result

Best Practice Check Cred Scan Check

Deploy To Azure

Visualize

This ARM template demonstrates the deployment of an AKS instance with advanced networking features into an existing virtual network. Additionally, the selected Service Principal is assigned the Network Contributor role against the subnet that contains the AKS cluster.

Tags: AKS, Kubernetes, Advanced Networking, Microsoft.Resources/deployments, Microsoft.Network/virtualNetworks/subnets/providers/roleAssignments, Microsoft.ContainerService/managedClusters, SystemAssigned, Microsoft.Network/virtualNetworks, subnets

Solution overview and deployed resources

Executing an AKS deployment using this ARM template will create an AKS instance. However, it will also assign the selected Service Principal the following roles:

  • 'Network Contributor' role against the pre-existing subnet.
  • 'Contributor' role against the automatically created resource group that contains the AKS cluster resources.

Prerequisites

Prior to deploying AKS using this ARM template, the following resources need to exist:

  • Azure Vnet, including a subnet of sufficient size
  • Service Principal

The following Azure CLI command can be used to create a Service Principal:

NOTE: The Service Principal Client Id is the Same as the App Id

az ad sp create-for-rbac -n "spn_name" --skip-assignment
az ad sp show --id <The AppId from the create-for-rbac command> --query objectId

Please note that using the 'create-for-rbac' function would assign the SPN the 'Contributor' role on subscription level, which may not be appropriate from a security standpoint.

Deployment steps

You can click the "deploy to Azure" button at the beginning of this document or follow the instructions for command line deployment using the Azure documentation: