This KB has information about connecting the Azure Kubernetes Cluster using Azure CLI and kubectl commands.

Verify both Azure CLI and kubectl are configured in Applications Manager installed server as mentioned in our prerequisites.

This document provides the steps involving in connecting the Azure Kubernetes Cluster:

1. Login to the Azure account
   
2. Login and connect to the AKS cluster
   
1. Generate kubeconfig file for the cluster
   
2. Connect and run kubectl commands 
   

Before proceeding to connect to the AKS cluster, please ensure that all the steps in the pre-requisites have been done.

Login to the Azure account

1. To set the Azure Cloud type for the Azure CLI. Open command prompt, run the below command:
   
1. az cloud set --name <CloudType>
   
2. For the CloudType, use the below values accordingly:
   
1. Azure Global: AzureCloud
   
2. Azure US Gov Cloud: AzureUSGovernment
   
3. Azure China: AzureChinaCloud
2. To login to the Azure subscription, runthe below command:
   
1. az login --service-principal -u <APP_ID> -p <CLIENT_SECRET> --tenant <TENANT_ID>, Refer here for more details.
   
1. Format: az login --service-principal -u aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee -p aaaaaaa.bbbbbb~ccccc~ddd-eeeee~fff --tenant aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
   

Login and connect to Azure AKS Cluster:

a. Generate kubeconfig file for the cluster

1. Go to Azure Portal -> Kubernetes Services -> Select the required Cluster -> Overview -> Connect to find the entire command for the specific cluster itself or follow the below commands one by one by replacing with subscription Id, cluster name and resource group name.

1. Open command prompt, run the below command

az account set --subscription aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee

1. To generate kubeconfig file, run the below command
   

az aks get-credentials --resource-group resourcegroupname --name clustername

Above command will create the kubeconfig file in the user root directory. To get kubeconfig file in the specific location, use below command

1. az aks get-credentials --resource-group resourcegroupname --name clustername --file <specific_location>
   

 

b. Connect and run kubectl commands

1. (Optional) To bypass interactive login for kubectl commands:
   
kubelogin convert-kubeconfig -l azurecli --kubeconfig <FILEPATH>
2. Execute the below commands to verify the connectivity to the cluster, replace <FILEPATH> with the path where the KUBECONFIG file is created:
   
kubectl get nodes --kubeconfig <FILEPATH>
kubectl get pods -A --kubeconfig <FILEPATH>

List of kubectl commands used in Applications Manager

kubectl config set clusters.clustername.proxy-url proxyurl

If any issue persists, please reach out via mail to appmanager-support@manageengine.com with the below information:

1. Latest Support Information File (SIF), ensuring that 'print all logs' is enabled.
   
2. Command: az --version (To login to Azure account) --> Sample Output (For windows 10): azure-cli/2.31.0 Python/3.8.9 Windows/10 exe/AMD64 prompt/off)
   
3. Command: kubectl version --client (To connect to EKS cluster) --> Sample Output starts with: Client Version: v1.23.2
   
4. Check if the Applications Manager installed user has permission to access installed kubectl/azure-cli by verifying prerequisites mentioned above.
5. Screenshot of network configuration in Azure portal > Kubernetes services > Networking.
   
6. Connect to the cluster (refer this KB) and execute the below commands and get the output:
   
1. kubectl get nodes
   
2. kubectl get pods -A
7. If Microsoft Entra ID authentication is used out of the three supported modes, send the screenshot of the configuration of the user for the Kubernetes cluster.
1. For Example, if you chose 'Microsoft Entra ID authentication with Kubernetes RBAC', send the following details:
   
1. 
   
2. 
   
3. Screenshot of the owners of the groups.
   
4. Screenshot of the IAM role binding of the Kubernetes cluster from the prerequisites.