Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
AKS preview features are available on a self-service, opt-in basis. Previews are provided "as is" and "as available," and they're excluded from the service-level agreements and limited warranty. AKS previews are partially covered by customer support on a best-effort basis. As such, these features aren't meant for production use. For more information, see the following support articles:
This article helps you get started with Azure Kubernetes Application Network for AKS. It provides step-by-step instructions to create an Application Network resource and connect an AKS cluster to it as a member cluster.
Prerequisites
- An Azure subscription. If you don't have one, create a free account.
- Azure CLI version 2.84.0 or later. Check your version using the
az --versioncommand. To install or update, see Install Azure CLI. - If using an existing AKS cluster, make sure AKS-managed Microsoft Entra integration and OIDC issuer are enabled. These features are required for Azure Kubernetes Application Network connectivity and security.
- Verify support for your existing Kubernetes cluster using the support policy.
Set environment variables
Set the following environment variables for your Azure Kubernetes Application Network resource and cluster. You can use an existing cluster or create one in a later step before adding it to your Azure Kubernetes Application Network.
export SUBSCRIPTION=<subscription-id> export LOCATION=<location> export APPNET_RG=<resource-group-for-appnet-resource> export APPNET_NAME=<appnet-name> export APPNET_MEMBER_NAME=<appnet-member-name> export AKS_RG=<aks-cluster-resource-group> export CLUSTER_NAME=<cluster-name>
Register the feature for public preview
Register the feature for Azure Kubernetes Application Network using the
az feature registercommand.az feature register --namespace Microsoft.AppLink --name PublicPreview --subscription $SUBSCRIPTIONWait for the feature to be registered. You can check the status using the
az feature showcommand.az feature show --namespace Microsoft.AppLink --name PublicPreview --subscription $SUBSCRIPTIONThe
properties.statefield in the output will showRegisteredwhen the registration is complete.After the feature is registered, refresh the registration of the Microsoft.AppLink resource provider using the
az provider registercommand.az provider register --namespace Microsoft.AppLink --subscription $SUBSCRIPTION
Install the AppNet CLI extension
Install the AppNet CLI extension using the
az extension addcommand.az extension add --name appnet-preview
Set active subscription
Set the active subscription to the one you want to use for Azure Kubernetes Application Network using the
az account setcommand.az account set --subscription $SUBSCRIPTION
Create an AKS cluster
Note
Member clusters don't need to be in separate resource groups. They can be in the same resource group as the Azure Kubernetes Application Network resource. However, all member clusters must be in the same tenant.
If you don't have an existing AKS cluster to connect to Azure Kubernetes Application Network, you need to create one. Azure Kubernetes Application Network requires AKS clusters with AKS-managed Microsoft Entra integration and OIDC issuer enabled. If you have an existing cluster, you can skip this step.
Create a resource group for your AKS cluster using the
az group createcommand.az group create --name $AKS_RG --location $LOCATIONCreate an AKS cluster with AKS-managed Microsoft Entra integration and OIDC issuer enabled using the
az aks createcommand with the--enable-oidc-issuerand--enable-aadflags.az aks create --name $CLUSTER_NAME --resource-group $AKS_RG --enable-oidc-issuer --enable-aad
Create an Azure Kubernetes Application Network resource
Create a resource group for your Azure Kubernetes Application Network resource using the
az group createcommand.az group create --name $APPNET_RG --location $LOCATIONCreate an Azure Kubernetes Application Network resource using the
az appnet createcommand.az appnet create --resource-group $APPNET_RG --name $APPNET_NAME --location $LOCATION --identity-type SystemAssignedThe creation process might take a few minutes. The
properties.provisioningStatefield of the output showsSucceededfor a successfully created Azure Kubernetes Application Network.View your Azure Kubernetes Application Network resource using the
az appnet showcommand.az appnet show --resource-group $APPNET_RG --name $APPNET_NAME
Join an AKS cluster as a member of Azure Kubernetes Application Network
When you join a member cluster to Azure Kubernetes Application Network, you can specify one of the following upgrade modes for that cluster: fully-managed or self-managed. The upgrade mode determines how minor version upgrades of Azure Kubernetes Application Network are applied to the member cluster. If you don't specify an upgrade mode during member join, it defaults to SelfManaged. For more information about upgrade modes, see Configure upgrades for Azure Kubernetes Application Network members.
Join an AKS cluster as a member of Azure Kubernetes Application Network using the
az appnet member joincommand with the--upgrade-modeparameter set to eitherFullyManagedorSelfManaged. The following example shows how to join a member cluster inSelfManagedmode:az appnet member join \ --resource-group $APPNET_RG \ --appnet-name $APPNET_NAME \ --member-name $APPNET_MEMBER_NAME \ --member-resource-id /subscriptions/$SUBSCRIPTION/resourcegroups/$AKS_RG/providers/Microsoft.ContainerService/managedClusters/$CLUSTER_NAME \ --upgrade-mode SelfManaged
Verify member cluster connectivity
After joining the cluster, you can verify connectivity and view member details using the
az appnet member showcommand.az appnet member show --resource-group $APPNET_RG --appnet-name $APPNET_NAME --member-name $APPNET_MEMBER_NAMEFor example, if enrolled in fully-managed mode with
Stablerelease channel, the output would look like:{ "id": "/subscriptions/$SUBSCRIPTION/resourceGroups/$APPNET_RG/providers/Microsoft.AppLink/appLinks/$APPNET_NAME/appLinkMembers/$APPNET_MEMBER_NAME", "location": "myLocation", "name": "myMemberName", "properties": { "clusterType": "AKS", "connectivityProfile": { "eastWestGateway": { "visibility": "Internal" } }, "metadata": { "resourceId": "/subscriptions/$SUBSCRIPTION/resourcegroups/$AKS_RG/providers/Microsoft.ContainerService/managedClusters/$CLUSTER_NAME" }, "observabilityProfile": { "metrics": { "metricsEndpoint": "https://myMember-mcp-fqdn.appnet.net" } }, "provisioningState": "Succeeded", "upgradeProfile": { "mode": "FullyManaged", "fullyManagedUpgradeProfile": { "releaseChannel": "Stable" } } }, "resourceGroup": "myAppNetRG", "type": "microsoft.applink/applinks/applinkmembers" }
List Azure Kubernetes Application Network members
Multiple clusters can join an Azure Kubernetes Application Network.
List all members of an Azure Kubernetes Application Network using the
az appnet member listcommand.az appnet member list --resource-group $APPNET_RG --appnet-name $APPNET_NAME --output table
Delete Azure Kubernetes Application Network resources
You must remove all members before you can delete the Azure Kubernetes Application Network resource. Removing a member doesn't delete the corresponding AKS cluster.
Remove an Azure Kubernetes Application Network member
Remove a member from Azure Kubernetes Application Network using the
az appnet member removecommand.az appnet member remove --resource-group $APPNET_RG --appnet-name $APPNET_NAME --member-name $APPNET_MEMBER_NAMEVerify the member has been removed using the
az appnet member listcommand.az appnet member list --resource-group $APPNET_RG --appnet-name $APPNET_NAME
Delete an Azure Kubernetes Application Network resource
Delete the Azure Kubernetes Application Network resource using the
az appnet deletecommand.az appnet delete --resource-group $APPNET_RG --appnet-name $APPNET_NAME
Related content
To learn more about Azure Kubernetes Application Network, see the following articles: