Get started with Azure Kubernetes Fleet Manager by using Bicep to create a Fleet Manager resource.
Prerequisites
If you don't have an Azure account, create a free account before you begin.
Create a Fleet Manager resource
You can create a Fleet Manager resource to later group your AKS clusters as member clusters. If the Fleet Manager hub is enabled, other preview features are enabled, such as Kubernetes object propagation to member clusters. For more information, see the conceptual overview of Fleet Manager types, which provides a comparison of different Fleet Manager configurations.
Important
Once a Fleet Manager resource has been created, it's possible to upgrade a Fleet Manager resource without a hub cluster to one with a hub cluster. For Fleet Manager resources with a hub cluster, once private or public has been selected it cannot be changed.
If you only want to use Fleet Manager for update orchestration, you can create a hubless Fleet Manager with the following Bicep:
Review Bicep
@description('The name of the Fleet resource.')
param fleetName string = 'my-hubless-fleet'
@description('The location of the Fleet resource.')
param location string = resourceGroup().location
resource hubless_fleet 'Microsoft.ContainerService/fleets@2025-03-01' = {
name: fleetName
location: location
}
Deploy the Bicep file using either Azure CLI or Azure PowerShell.
Save the Bicep file as main.bicep to your local computer.
Deploy the Bicep file using either Azure CLI or Azure PowerShell.
az group create --name myResourceGroup --location eastus
az deployment group create --resource-group myResourceGroup --template-file main.bicep'
New-AzResourceGroup -Name myResourceGroup -Location eastus
New-AzResourceGroupDeployment -ResourceGroupName myResourceGroup -TemplateFile ./main.bicep"
If you want to use Fleet Manager for Kubernetes object propagation in addition to update orchestration, then you need to create the Fleet Manager resource with the hub cluster.
Fleet Manager clusters with a hub cluster support both public and private modes for network access. For more information, see Choose an Azure Kubernetes Fleet Manager option.
Public hub cluster
To create a public Fleet Manager resource with a hub cluster, use the following Bicep
Review Bicep
@description('The name of the Fleet resource.')
param fleetName string = 'my-hubful-fleet'
@description('The location of the Fleet resource.')
param location string = resourceGroup().location
resource hubful_fleet 'Microsoft.ContainerService/fleets@2025-03-01' = {
name: fleetName
location: location
properties: {
hubProfile: {
dnsPrefix: fleetName
}
}
}
Deploy the Bicep file using either Azure CLI or Azure PowerShell.
Save the Bicep file as main.bicep to your local computer.
Deploy the Bicep file using either Azure CLI or Azure PowerShell.
az group create --name myResourceGroup --location eastus
az deployment group create --resource-group myResourceGroup --template-file main.bicep'
New-AzResourceGroup -Name myResourceGroup -Location eastus
New-AzResourceGroupDeployment -ResourceGroupName myResourceGroup -TemplateFile ./main.bicep"
Private hub cluster
When you create a Fleet Manager with a private hub cluster, take these additional considerations into account:
- Fleet Manager requires you to provide the subnet on which the Fleet Manager hub cluster's node Virtual Machine (VM) is placed. This can be done by setting
subnetId in the agentProfile within the Fleet Manager's hubProfile.
- The address prefix of the vnet vnetName must not overlap with the Azure Kubernetes Service's (AKS) default service range of
10.0.0.0/16.
- Private access mode doesn't allow configuring domain names.
- Private access mode requires a
Network Contributor role assignment on the agent subnet for Fleet Manager's first party service principal (Fleet Manager's first party service principal ID varies across different Entra tenants). This role assignment is NOT needed when creating private Fleet Manager using the az fleet create command because the CLI automatically creates the role assignment.
- Fetch Fleet Manager's service principal object ID:
az ad sp list --display-name "Azure Kubernetes Service - Fleet RP" --query
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
- Review Bicep
@description('The name of the vnet.')
param vnetName string = 'myVnet'
@description('The name of the Fleet resource.')
param fleetName string = 'my-private-fleet'
@description('The object id of Fleets Service Principal in your tenant.')
param fleetSpObjectId string = '00000000-0000-0000-0000-000000000000' // Replace with the actual object ID of the Fleets Service Principal
@description('The location of the Fleet resource.')
param location string = resourceGroup().location
resource vnet 'Microsoft.Network/virtualNetworks@2024-05-01' = {
name: vnetName
location: location
properties: {
addressSpace: {
addressPrefixes: [
'192.168.0.0/16'
]
}
}
}
resource hubful_private_fleet 'Microsoft.ContainerService/fleets@2025-03-01' = {
name: fleetName
location: location
properties: {
hubProfile: {
agentProfile: {
subnetId: vnet_subnet.id
}
apiServerAccessProfile: {
enablePrivateCluster: true
enableVnetIntegration: false
}
}
}
dependsOn: [
roleassignment
]
}
resource vnet_subnet 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' = {
name: 'subnet'
properties: {
addressPrefix: '192.168.0.0/24'
delegations: []
privateEndpointNetworkPolicies: 'Disabled'
privateLinkServiceNetworkPolicies: 'Enabled'
}
parent: vnet
}
resource roleassignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
scope: vnet_subnet
name: guid(vnet_subnet.id, fleetSpObjectId)
properties: {
roleDefinitionId: subscriptionResourceId(
'Microsoft.Authorization/roleDefinitions',
'4d97b98b-1d4f-4787-a291-c67834d212e7'
)
principalId: fleetSpObjectId
principalType: 'ServicePrincipal'
}
}
- Deploy the Bicep file using either Azure CLI or Azure PowerShell.
Deploy the Bicep file with service principal object ID from first step:
Next steps
