Edit

Connect your AKS Edge Essentials cluster to Arc

  • Article

This article describes how to connect your AKS Edge Essentials cluster to Azure Arc so that you can monitor the health of your cluster on the Azure portal. If your cluster is connected to a proxy, you can use the scripts provided in the GitHub repo to connect your cluster to Arc as described here.

Prerequisites

  • You need an Azure subscription with either the Owner role or a combination of Contributor and User Access Administrator roles. You can check your access level by navigating to your subscription, select Access control (IAM) on the left-hand side of the Azure portal, and then select View my access. Read the Azure documentation for more information about managing resource groups.
  • Enable all required resource providers in the Azure subscription such as Microsoft.HybridCompute, Microsoft.GuestConfiguration, Microsoft.HybridConnectivity, Microsoft.Kubernetes, Microsoft.ExtendedLocation*, and Microsoft.KubernetesConfiguration.
  • Create and verify a resource group for AKS Edge Essentials Azure resources.

Note

You will need the Contributor role to be able to delete the resources within the resource group. Commands to disconnect from Arc will fail without this role assignment.

Step 1: Configure your machine

Install dependencies

Run the following commands in an elevated PowerShell window to install the dependencies in PowerShell:

Install-Module Az.Resources -Repository PSGallery -Force -AllowClobber -ErrorAction Stop  
Install-Module Az.Accounts -Repository PSGallery -Force -AllowClobber -ErrorAction Stop 
Install-Module Az.ConnectedKubernetes -Repository PSGallery -Force -AllowClobber -ErrorAction Stop

Step 2: Configure your Azure environment

Provide details of your Azure subscription in the aksedge-config.json file under the Arc section as described in the table below. To successfully connect to Azure using Azure Arc-enabled kubernetes, you need a Service Principal with the built-in Microsoft.Kubernetes connected cluster role to access resources on Azure. If you already have the service principal ID and password, you can update all the fields in the aksedge-config.json file. If you need to create a service principal, you can follow the steps here.

Attribute Value type Description
ClusterName string Provide a name for your cluster. By default, hostname_cluster is the name used.
Location string The location of your resource group. Choose the location closest to your deployment.
SubscriptionId GUID Your subscription ID. In the Azure portal, select the subscription you're using and copy/paste the subscription ID string into the JSON.
TenantId GUID Your tenant ID. In the Azure portal, search Azure Active Directory, which should take you to the Default Directory page. From here, you can copy/paste the tenant ID string into the JSON.
ResourceGroupName string The name of the Azure resource group to host your Azure resources for AKS Edge. You can use an existing resource group, or if you add a new name, the system creates one for you.
ClientId GUID Provide the Application ID of the Azure Service Principal to use as credentials. AKS uses this service principal to connect your cluster to Arc.
ClientSecret string Provide the password for the service principal.

Note

This procedure is required to be done only once per Azure subscription and doesn't need to be repeated for each Kubernetes cluster.

Step 3: Connect your cluster to Arc

Run Connect-AksEdgeArc to install and connect the existing cluster to Arc-enabled Kubernetes.

# Connect Arc-enabled kubernetes
Connect-AksEdgeArc -JsonConfigFilePath .\aksedge-config.json

Note

This step can take up to 10 minutes and PowerShell may be stuck on "Establishing Azure Connected Kubernetes for your cluster name". The PowerShell will output True and return to the prompt when the process is completed.

Screenshot showing PowerShell prompt while connecting to Arc

Step 4: View AKS Edge resources in Azure

  1. Once the process is complete, you can view your cluster in your Azure portal if you navigate to your resource group.

    Screenshot showing the cluster in azure portal

  2. On the left panel, select the Namespaces option, under Kubernetes resources (preview).

    Kubernetes resources preview.

  3. To view your Kubernetes resources, you need a bearer token.

    Screenshot showing the bearer token required page.

  4. You can also run Get-AksEdgeManagedServiceToken to retrieve your service token.

    Screenshot showing where to paste token in portal.

  5. Now you can view resources on your cluster. The Workloads option shows the pods running in your cluster.

    kubectl get pods --all-namespaces

    Screenshot showing all pods in Arc.

Disconnect from Arc

Run Disconnect-AksEdgeArc to disconnect from the Arc-enabled Kubernetes.

# Disconnect Arc-enabled kubernetes
Disconnect-AksEdgeArc -JsonConfigFilePath .\aksedge-config.json

Next steps