az connectedk8s

Note

This reference is part of the connectedk8s extension for the Azure CLI (version 2.64.0 or higher). The extension will automatically install the first time you run an az connectedk8s command. Learn more about extensions.

Commands to manage connected kubernetes clusters.

Commands

Name	Description	Type	Status
az connectedk8s connect	Onboard a connected kubernetes cluster to azure.	Extension	GA
az connectedk8s delete	Delete a connected kubernetes cluster along with connected cluster agents.	Extension	GA
az connectedk8s disable-features	Disables the selective features on the connected cluster.	Extension	Preview
az connectedk8s enable-features	Enables the selective features on the connected cluster.	Extension	Preview
az connectedk8s list	List connected kubernetes clusters.	Extension	GA
az connectedk8s proxy	Get access to a connected kubernetes cluster.	Extension	GA
az connectedk8s show	Show details of a connected kubernetes cluster.	Extension	GA
az connectedk8s troubleshoot	Perform diagnostic checks on an Arc enabled Kubernetes cluster.	Extension	Preview
az connectedk8s update	Update properties of the arc onboarded kubernetes cluster.	Extension	GA
az connectedk8s upgrade	Atomically upgrade onboarded agents to the specific version or default to the latest version.	Extension	GA

az connectedk8s connect

Onboard a connected kubernetes cluster to azure.

az connectedk8s connect --name
                        --resource-group
                        [--azure-hybrid-benefit {False, NotApplicable, True}]
                        [--config]
                        [--config-protected]
                        [--container-log-path]
                        [--correlation-id]
                        [--custom-ca-cert]
                        [--custom-locations-oid]
                        [--disable-auto-upgrade]
                        [--distribution {aks, aks_edge_k3s, aks_edge_k8s, aks_engine, aks_management, aks_workload, canonical, capz, eks, generic, gke, k3s, karbon, kind, minikube, openshift, rancher_rke, tkg}]
                        [--distribution-version]
                        [--enable-oidc-issuer {false, true}]
                        [--enable-private-link {false, true}]
                        [--enable-wi {false, true}]
                        [--gateway-resource-id]
                        [--infrastructure {LTSCWindows 10 Enterprise LTSC, Windows 10 Enterprise, Windows 10 Enterprise LTSC 2019, Windows 10 Enterprise LTSC 2021, Windows 10 Enterprise N, Windows 10 Enterprise N LTSC 2019, Windows 10 Enterprise N LTSC 2021, Windows 10 IoT Enterprise, Windows 10 IoT Enterprise LTSC 2019, Windows 10 IoT Enterprise LTSC 2021, Windows 10 Pro, Windows 11 Enterprise, Windows 11 Enterprise N, Windows 11 IoT Enterprise, Windows 11 Pro, Windows Server 2019, Windows Server 2019 Datacenter, Windows Server 2019 Standard, Windows Server 2022, Windows Server 2022 Datacenter, Windows Server 2022 Standard, aws, azure, azure_stack_edge, azure_stack_hci, azure_stack_hub, gcp, generic, vsphere, windows_server}]
                        [--kube-config]
                        [--kube-context]
                        [--location]
                        [--no-wait]
                        [--onboarding-timeout]
                        [--pls-arm-id]
                        [--proxy-http]
                        [--proxy-https]
                        [--proxy-skip-range]
                        [--self-hosted-issuer]
                        [--skip-ssl-verification]
                        [--tags]
                        [--yes]

Examples

Onboard a connected kubernetes cluster with default kube config and kube context.

az connectedk8s connect -g resourceGroupName -n connectedClusterName

Onboard a connected kubernetes cluster with default kube config and kube context and disabling auto upgrade of arc agents.

az connectedk8s connect -g resourceGroupName -n connectedClusterName --disable-auto-upgrade

Onboard a connected kubernetes cluster by specifying the kubeconfig and kubecontext.

az connectedk8s connect -g resourceGroupName -n connectedClusterName --kube-config /path/to/kubeconfig --kube-context kubeContextName

Onboard a connected kubernetes cluster by specifying the https proxy, http proxy, no proxy settings.

az connectedk8s connect -g resourceGroupName -n connectedClusterName --proxy-https https://proxy-url --proxy-http http://proxy-url --proxy-skip-range excludedIP,excludedCIDR,exampleCIDRfollowed,10.0.0.0/24

Onboard a connected kubernetes cluster by specifying the https proxy, http proxy, no proxy with cert settings.

az connectedk8s connect -g resourceGroupName -n connectedClusterName --proxy-cert /path/to/crt --proxy-https https://proxy-url --proxy-http http://proxy-url --proxy-skip-range excludedIP,excludedCIDR,exampleCIDRfollowed,10.0.0.0/24

Onboard a connected kubernetes cluster with private link feature enabled by specifying private link parameters.

az connectedk8s connect -g resourceGroupName -n connectedClusterName --enable-private-link true --private-link-scope-resource-id pls/resource/arm/id

Onboard a connected kubernetes cluster with custom onboarding timeout.

az connectedk8s connect -g resourceGroupName -n connectedClusterName --onboarding-timeout 600

Onboard a connected kubernetes cluster with oidc issuer and the workload identity webhook enabled.

az connectedk8s connect -g resourceGroupName -n connectedClusterName --enable-oidc-issuer --enable-workload-identity

Onboard a connected kubernetes cluster with oidc issuer enabled using a self hosted issuer url for public cloud cluster.

az connectedk8s connect -g resourceGroupName -n connectedClusterName --enable-oidc-issuer --self-hosted-issuer aksissuerurl

Onboard a connected kubernetes cluster with azure gateway feature enabled.

az connectedk8s connect -g resourceGroupName -n connectedClusterName --gateway-resource-id gatewayResourceId

Required Parameters

--name -n

The name of the connected cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--azure-hybrid-benefit

Flag to enable/disable Azure Hybrid Benefit feature.

Accepted values: False, NotApplicable, True

--config --configuration-settings

Preview

Configuration Settings as key=value pair. Repeat parameter for each setting. Do not use this for secrets, as this value is returned in response.

--config-protected --config-protected-settings

Preview

Configuration Protected Settings as key=value pair. Repeat parameter for each setting. Only the key is returned in response, the value is not.

--container-log-path

Override the default container log path to enable fluent-bit logging.

--correlation-id

A guid that is used to internally track the source of cluster onboarding. Please do not modify it unless advised.

--custom-ca-cert --proxy-cert

Path to the certificate file for proxy or custom Certificate Authority.

--custom-locations-oid

OID of 'custom-locations' app.

--disable-auto-upgrade

Flag to disable auto upgrade of arc agents.

Default value: False

--distribution

The Kubernetes distribution which will be running on this connected cluster.

Accepted values: aks, aks_edge_k3s, aks_edge_k8s, aks_engine, aks_management, aks_workload, canonical, capz, eks, generic, gke, k3s, karbon, kind, minikube, openshift, rancher_rke, tkg

Default value: generic

--distribution-version

The Kubernetes distribution version of the connected cluster.

--enable-oidc-issuer

Preview

Enable creation of OIDC issuer url used for workload identity federation.

Accepted values: false, true

Default value: False

--enable-private-link

Preview

Flag to enable/disable private link support on a connected cluster resource. Allowed values: false, true.

Accepted values: false, true

--enable-wi --enable-workload-identity

Preview

Enable workload identity webhook.

Accepted values: false, true

Default value: False

--gateway-resource-id

Preview

ArmID of the Arc Gateway resource.

--infrastructure

The infrastructure on which the Kubernetes cluster represented by this connected cluster will be running on.

Accepted values: LTSCWindows 10 Enterprise LTSC, Windows 10 Enterprise, Windows 10 Enterprise LTSC 2019, Windows 10 Enterprise LTSC 2021, Windows 10 Enterprise N, Windows 10 Enterprise N LTSC 2019, Windows 10 Enterprise N LTSC 2021, Windows 10 IoT Enterprise, Windows 10 IoT Enterprise LTSC 2019, Windows 10 IoT Enterprise LTSC 2021, Windows 10 Pro, Windows 11 Enterprise, Windows 11 Enterprise N, Windows 11 IoT Enterprise, Windows 11 Pro, Windows Server 2019, Windows Server 2019 Datacenter, Windows Server 2019 Standard, Windows Server 2022, Windows Server 2022 Datacenter, Windows Server 2022 Standard, aws, azure, azure_stack_edge, azure_stack_hci, azure_stack_hub, gcp, generic, vsphere, windows_server

Default value: generic

--kube-config

Path to the kube config file.

--kube-context

Kubconfig context from current machine.

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False

--onboarding-timeout

Time required (in seconds) for the arc-agent pods to be installed on the kubernetes cluster. Override this value if the hardware/network constraints on your cluster requires more time for installing the arc-agent pods.

Default value: 1200

--pls-arm-id --private-link-scope-resource-id

Preview

ARM resource id of the private link scope resource to which this connected cluster is associated.

--proxy-http

Http proxy URL to be used.

--proxy-https

Https proxy URL to be used.

--proxy-skip-range

List of URLs/CIDRs for which proxy should not to be used.

--self-hosted-issuer

Preview

Self hosted issuer url for public cloud clusters - AKS, GKE, EKS.

--skip-ssl-verification

Skip SSL verification for any cluster connection.

Default value: False

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--yes -y

Do not prompt for confirmation.

Default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az connectedk8s delete

Delete a connected kubernetes cluster along with connected cluster agents.

az connectedk8s delete [--force]
                       [--ids]
                       [--kube-config]
                       [--kube-context]
                       [--name]
                       [--no-wait]
                       [--resource-group]
                       [--skip-ssl-verification]
                       [--subscription]
                       [--yes]

Examples

Delete a connected kubernetes cluster and connected cluster agents with default kubeconfig and kubecontext.

az connectedk8s delete -g resourceGroupName -n connectedClusterName

Delete a connected kubernetes cluster by specifying the kubeconfig and kubecontext for connected cluster agents deletion.

az connectedk8s delete -g resourceGroupName -n connectedClusterName --kube-config /path/to/kubeconfig --kube-context kubeContextName

Optional Parameters

--force

Force delete to remove all azure-arc resources from the cluster.

Default value: False

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--kube-config

Path to the kube config file.

--kube-context

Kubconfig context from current machine.

--name -n

The name of the connected cluster.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--skip-ssl-verification

Skip SSL verification for any cluster connection.

Default value: False

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--yes -y

Do not prompt for confirmation.

Default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az connectedk8s disable-features

Preview

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Disables the selective features on the connected cluster.

az connectedk8s disable-features --features {azure-rbac, cluster-connect, custom-locations}
                                 [--ids]
                                 [--kube-config]
                                 [--kube-context]
                                 [--name]
                                 [--resource-group]
                                 [--skip-ssl-verification]
                                 [--subscription]
                                 [--yes]

Examples

Disables the azure-rbac feature.

az connectedk8s disable-features -n clusterName -g resourceGroupName --features azure-rbac

Disable multiple features.

az connectedk8s disable-features -n clusterName -g resourceGroupName --features custom-locations azure-rbac

Required Parameters

--features

Space-separated list of features you want to disable.

Accepted values: azure-rbac, cluster-connect, custom-locations

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--kube-config

Path to the kube config file.

--kube-context

Kubconfig context from current machine.

--name -n

The name of the connected cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--skip-ssl-verification

Skip SSL verification for any cluster connection.

Default value: False

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--yes -y

Do not prompt for confirmation.

Default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az connectedk8s enable-features

Preview

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Enables the selective features on the connected cluster.

az connectedk8s enable-features --features {azure-rbac, cluster-connect, custom-locations}
                                [--app-id]
                                [--app-secret]
                                [--custom-locations-oid]
                                [--ids]
                                [--kube-config]
                                [--kube-context]
                                [--name]
                                [--resource-group]
                                [--skip-azure-rbac-list]
                                [--skip-ssl-verification]
                                [--subscription]

Examples

Enables the Cluster-Connect feature.

az connectedk8s enable-features -n clusterName -g resourceGroupName --features cluster-connect

Enable Azure RBAC feature.

az connectedk8s enable-features -n clusterName -g resourceGroupName --features azure-rbac --skip-azure-rbac-list "user1@domain.com,spn_oid"

Enable multiple features.

az connectedk8s enable-features -n clusterName -g resourceGroupName --features cluster-connect custom-locations

Required Parameters

--features

Space-separated list of features you want to enable.

Accepted values: azure-rbac, cluster-connect, custom-locations

Optional Parameters

--app-id

Deprecated

Argument 'azrbac_client_id' has been deprecated and will be removed in a future release.

Application ID for enabling Azure RBAC.

--app-secret

Deprecated

Argument 'azrbac_client_secret' has been deprecated and will be removed in a future release.

Application secret for enabling Azure RBAC.

--custom-locations-oid

OID of 'custom-locations' app.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--kube-config

Path to the kube config file.

--kube-context

Kubconfig context from current machine.

--name -n

The name of the connected cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--skip-azure-rbac-list

Comma separated list of names of usernames/email/oid. Azure RBAC will be skipped for these users. Specify when enabling azure-rbac.

--skip-ssl-verification

Skip SSL verification for any cluster connection.

Default value: False

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az connectedk8s list

List connected kubernetes clusters.

az connectedk8s list [--resource-group]

Examples

List all connected kubernetes clusters in a resource group.

az connectedk8s list -g resourceGroupName --subscription subscriptionName

List all connected kubernetes clusters in a subscription.

az connectedk8s list --subscription subscriptionName

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az connectedk8s proxy

Get access to a connected kubernetes cluster.

az connectedk8s proxy [--file]
                      [--ids]
                      [--kube-context]
                      [--name]
                      [--port]
                      [--resource-group]
                      [--subscription]
                      [--token]

Examples

Get access to a connected kubernetes cluster.

az connectedk8s proxy -n clusterName -g resourceGroupName

Get access to a connected kubernetes cluster with custom port

az connectedk8s proxy -n clusterName -g resourceGroupName --port portValue

Get access to a connected kubernetes cluster with service account token

az connectedk8s proxy -n clusterName -g resourceGroupName --token tokenValue

Get access to a connected kubernetes cluster by specifying custom kubeconfig location

az connectedk8s proxy -n clusterName -g resourceGroupName -f path/to/kubeconfig

Get access to a connected kubernetes cluster by specifying custom context

az connectedk8s proxy -n clusterName -g resourceGroupName --kube-context contextName

Optional Parameters

--file -f

Kubernetes configuration file to update. If not provided, updates the file '~/.kube/config'. Use '-' to print YAML to stdout instead.

Default value: ~\.kube\config

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--kube-context

If specified, overwrite the default context name.

--name -n

The name of the connected cluster.

--port

Port used for accessing connected cluster.

Default value: 47011

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--token

Service account token to use to authenticate to the kubernetes cluster.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az connectedk8s show

Show details of a connected kubernetes cluster.

az connectedk8s show [--ids]
                     [--name]
                     [--resource-group]
                     [--subscription]

Examples

Show the details for a connected kubernetes cluster

az connectedk8s show -g resourceGroupName -n connectedClusterName

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the connected cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az connectedk8s troubleshoot

Preview

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Perform diagnostic checks on an Arc enabled Kubernetes cluster.

az connectedk8s troubleshoot --name
                             --resource-group
                             [--kube-config]
                             [--kube-context]
                             [--skip-ssl-verification]
                             [--tags]

Examples

Perform diagnostic checks on an Arc enabled Kubernetes cluster.

az connectedk8s troubleshoot -n clusterName -g resourceGroupName

Required Parameters

--name -n

The name of the connected cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--kube-config

Path to the kube config file.

--kube-context

Kubeconfig context from current machine.

--skip-ssl-verification

Skip SSL verification for any cluster connection.

Default value: False

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az connectedk8s update

Update properties of the arc onboarded kubernetes cluster.

az connectedk8s update [--auto-upgrade {false, true}]
                       [--azure-hybrid-benefit {False, NotApplicable, True}]
                       [--config]
                       [--config-protected]
                       [--container-log-path]
                       [--custom-ca-cert]
                       [--disable-gateway {false, true}]
                       [--disable-proxy]
                       [--disable-wi {false, true}]
                       [--distribution {aks, aks_edge_k3s, aks_edge_k8s, aks_engine, aks_management, aks_workload, canonical, capz, eks, generic, gke, k3s, karbon, kind, minikube, openshift, rancher_rke, tkg}]
                       [--distribution-version]
                       [--enable-oidc-issuer {false, true}]
                       [--enable-wi {false, true}]
                       [--gateway-resource-id]
                       [--ids]
                       [--kube-config]
                       [--kube-context]
                       [--name]
                       [--proxy-http]
                       [--proxy-https]
                       [--proxy-skip-range]
                       [--resource-group]
                       [--self-hosted-issuer]
                       [--skip-ssl-verification]
                       [--subscription]
                       [--tags]
                       [--yes]

Examples

Update proxy values for the agents

az connectedk8s update -g resourceGroupName -n connectedClusterName  --proxy-cert /path/to/crt --proxy-https https://proxy-url --proxy-http http://proxy-url --proxy-skip-range excludedIP,excludedCIDR,exampleCIDRfollowed,10.0.0.0/24

Disable proxy settings for agents

az connectedk8s update -g resourceGroupName -n connectedClusterName --disable-proxy

Disable auto-upgrade of agents

az connectedk8s update -g resourceGroupName -n connectedClusterName --auto-upgrade false

Update a connected kubernetes cluster with oidc issuer and the workload identity webhook enabled.

az connectedk8s update -g resourceGroupName -n connectedClusterName --enable-oidc-issuer --enable-workload-identity

Update a connected kubernetes cluster with oidc issuer enabled using a self hosted issuer url for public cloud cluster.

az connectedk8s update -g resourceGroupName -n connectedClusterName --enable-oidc-issuer --self-hosted-issuer aksissuerurl

Disable the workload identity webhook on a connected kubernetes cluster.

az connectedk8s update -g resourceGroupName -n connectedClusterName --disable-workload-identity

Update a connected kubernetes cluster with azure gateway feature enabled.

az connectedk8s update -g resourceGroupName -n connectedClusterName --gateway-resource-id gatewayResourceId

Disable the azure gateway feature on a connected kubernetes cluster.

az connectedk8s update -g resourceGroupName -n connectedClusterName --disable-gateway

Optional Parameters

--auto-upgrade

Flag to enable/disable auto upgrade of arc agents. By default, auto upgrade of agents is enabled.

Accepted values: false, true

--azure-hybrid-benefit

Flag to enable/disable Azure Hybrid Benefit feature.

Accepted values: False, NotApplicable, True

--config --configuration-settings

Preview

Configuration Settings as key=value pair. Repeat parameter for each setting. Do not use this for secrets, as this value is returned in response.

--config-protected --config-protected-settings

Preview

Configuration Protected Settings as key=value pair. Repeat parameter for each setting. Only the key is returned in response, the value is not.

--container-log-path

Override the default container log path to enable fluent-bit logging.

--custom-ca-cert --proxy-cert

Path to the certificate file for proxy or custom Certificate Authority.

--disable-gateway

Preview

Flag to disable Arc Gateway.

Accepted values: false, true

Default value: False

--disable-proxy

Disables proxy settings for agents.

Default value: False

--disable-wi --disable-workload-identity

Preview

Disable workload identity webhook.

Accepted values: false, true

--distribution

The Kubernetes distribution which will be running on this connected cluster.

Accepted values: aks, aks_edge_k3s, aks_edge_k8s, aks_engine, aks_management, aks_workload, canonical, capz, eks, generic, gke, k3s, karbon, kind, minikube, openshift, rancher_rke, tkg

--distribution-version

The Kubernetes distribution version of the connected cluster.

--enable-oidc-issuer

Preview

Enable creation of OIDC issuer url used for workload identity federation.

Accepted values: false, true

--enable-wi --enable-workload-identity

Preview

Enable workload identity webhook.

Accepted values: false, true

--gateway-resource-id

Preview

ArmID of the Arc Gateway resource.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--kube-config

Path to the kube config file.

--kube-context

Kubconfig context from current machine.

--name -n

The name of the connected cluster.

--proxy-http

Http proxy URL to be used.

--proxy-https

Https proxy URL to be used.

--proxy-skip-range

List of URLs/CIDRs for which proxy should not to be used.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--self-hosted-issuer

Preview

Self hosted issuer url for public cloud clusters - AKS, GKE, EKS.

--skip-ssl-verification

Skip SSL verification for any cluster connection.

Default value: False

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--yes -y

Do not prompt for confirmation.

Default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az connectedk8s upgrade

Atomically upgrade onboarded agents to the specific version or default to the latest version.

az connectedk8s upgrade [--agent-version]
                        [--ids]
                        [--kube-config]
                        [--kube-context]
                        [--name]
                        [--resource-group]
                        [--skip-ssl-verification]
                        [--subscription]
                        [--upgrade-timeout]

Examples

Upgrade the agents to the latest version

az connectedk8s upgrade -g resourceGroupName -n connectedClusterName

Upgrade the agents to a specific version

az connectedk8s upgrade -g resourceGroupName -n connectedClusterName --agent-version 0.2.62

Upgrade the agents with custom upgrade timeout.

az connectedk8s upgrade -g resourceGroupName -n connectedClusterName --upgrade-timeout 600

Optional Parameters

--agent-version

Version of agent to update the helm charts to.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--kube-config

Path to the kube config file.

--kube-context

Kubconfig context from current machine.

--name -n

The name of the connected cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--skip-ssl-verification

Skip SSL verification for any cluster connection.

Default value: False

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--upgrade-timeout

Time required (in seconds) for the arc-agent pods to be upgraded on the kubernetes cluster. Override this value if the hardware/network constraints on your cluster requires more time for upgrading the arc-agent pods.

Default value: 600

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.