az aks addon

Note

This reference is part of the aks-preview extension for the Azure CLI (version 2.49.0 or higher). The extension will automatically install the first time you run an az aks addon command. Learn more about extensions.

Commands to manage and view single addon conditions.

Commands

Name Description Type Status
az aks addon disable

Disable an enabled Kubernetes addon in a cluster.

Extension GA
az aks addon enable

Enable a Kubernetes addon.

Extension GA
az aks addon list

List status of all Kubernetes addons in given cluster.

Extension GA
az aks addon list-available

List available Kubernetes addons.

Extension GA
az aks addon show

Show status and configuration for an enabled Kubernetes addon in a given cluster.

Extension GA
az aks addon update

Update an already enabled Kubernetes addon.

Extension GA

az aks addon disable

Disable an enabled Kubernetes addon in a cluster.

az aks addon disable --addon
                     --name
                     --resource-group
                     [--no-wait]

Examples

Disable the "monitoring" addon.

az aks addon disable -g myResourceGroup -n myAKSCluster -a monitoring

Required Parameters

--addon -a

Specify the Kubernetes addon to disable.

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks addon enable

Enable a Kubernetes addon.

These addons are available: http_application_routing - configure ingress with automatic public DNS name creation. monitoring - turn on Log Analytics monitoring. Uses the Log Analytics Default Workspace if it exists, else creates one. Specify "--workspace-resource-id" to use an existing workspace. If monitoring addon is enabled --no-wait argument will have no effect virtual-node - enable AKS Virtual Node. Requires --subnet-name to provide the name of an existing subnet for the Virtual Node to use. azure-policy - enable Azure policy. The Azure Policy add-on for AKS enables at-scale enforcements and safeguards on your clusters in a centralized, consistent manner. Learn more at aka.ms/aks/policy. ingress-appgw - enable Application Gateway Ingress Controller addon (PREVIEW). open-service-mesh - enable Open Service Mesh addon (PREVIEW). gitops - enable GitOps (PREVIEW). azure-keyvault-secrets-provider - enable Azure Keyvault Secrets Provider addon. web_application_routing - enable Web Application Routing addon (PREVIEW). Specify "--dns-zone-resource-id" to configure DNS.

az aks addon enable --addon
                    --name
                    --resource-group
                    [--appgw-id]
                    [--appgw-name]
                    [--appgw-subnet-cidr]
                    [--appgw-subnet-id]
                    [--appgw-watch-namespace]
                    [--data-collection-settings]
                    [--dns-zone-resource-ids]
                    [--enable-msi-auth-for-monitoring {false, true}]
                    [--enable-secret-rotation]
                    [--enable-sgxquotehelper]
                    [--enable-syslog {false, true}]
                    [--no-wait]
                    [--rotation-poll-interval]
                    [--subnet-name]
                    [--workspace-resource-id]

Examples

Enable a Kubernetes addon. (autogenerated)

az aks addon enable --addon virtual-node --name MyManagedCluster --resource-group MyResourceGroup --subnet-name VirtualNodeSubnet

Enable ingress-appgw addon with subnet prefix.

az aks addon enable --name MyManagedCluster --resource-group MyResourceGroup --addon ingress-appgw --appgw-subnet-cidr 10.2.0.0/16 --appgw-name gateway

Enable open-service-mesh addon.

az aks addon enable --name MyManagedCluster --resource-group MyResourceGroup -a open-service-mesh

Required Parameters

--addon -a

Specify the Kubernetes addon to enable.

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--appgw-id

Resource Id of an existing Application Gateway to use with AGIC. Use with ingress-azure addon.

--appgw-name

Name of the application gateway to create/use in the node resource group. Use with ingress-azure addon.

--appgw-subnet-cidr

Subnet CIDR to use for a new subnet created to deploy the Application Gateway. Use with ingress-azure addon.

--appgw-subnet-id

Resource Id of an existing Subnet used to deploy the Application Gateway. Use with ingress-azure addon.

--appgw-watch-namespace

Specify the namespace, which AGIC should watch. This could be a single string value, or a comma-separated list of namespaces. Use with ingress-azure addon.

--data-collection-settings
Preview

Path to JSON file containing data collection settings for Monitoring addon.

--dns-zone-resource-ids
Preview

A comma separated list of resource IDs of the DNS zone resource to use with the web_application_routing addon.

--enable-msi-auth-for-monitoring
Preview

Send monitoring data to Log Analytics using the cluster's assigned identity (instead of the Log Analytics Workspace's shared key).

accepted values: false, true
default value: True
--enable-secret-rotation

Enable secret rotation. Use with azure-keyvault-secrets-provider addon.

default value: False
--enable-sgxquotehelper

Enable SGX quote helper for confcom addon.

default value: False
--enable-syslog
Preview

Enable syslog data collection for Monitoring addon.

accepted values: false, true
default value: False
--no-wait

Do not wait for the long-running operation to finish.

default value: False
--rotation-poll-interval

Set interval of rotation poll. Use with azure-keyvault-secrets-provider addon.

--subnet-name -s

The subnet name for the virtual node to use.

--workspace-resource-id

The resource ID of an existing Log Analytics Workspace to use for storing monitoring data.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks addon list

List status of all Kubernetes addons in given cluster.

az aks addon list --name
                  --resource-group

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks addon list-available

List available Kubernetes addons.

az aks addon list-available
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks addon show

Show status and configuration for an enabled Kubernetes addon in a given cluster.

az aks addon show --addon
                  --name
                  --resource-group

Examples

Show configuration for "monitoring" addon.

az aks addon show -g myResourceGroup -n myAKSCluster -a monitoring

Required Parameters

--addon -a

Specify the Kubernetes addon.

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks addon update

Update an already enabled Kubernetes addon.

az aks addon update --addon
                    --name
                    --resource-group
                    [--appgw-id]
                    [--appgw-name]
                    [--appgw-subnet-cidr]
                    [--appgw-subnet-id]
                    [--appgw-watch-namespace]
                    [--data-collection-settings]
                    [--dns-zone-resource-ids]
                    [--enable-msi-auth-for-monitoring {false, true}]
                    [--enable-secret-rotation]
                    [--enable-sgxquotehelper]
                    [--enable-syslog {false, true}]
                    [--no-wait]
                    [--rotation-poll-interval]
                    [--subnet-name]
                    [--workspace-resource-id]

Examples

Update a Kubernetes addon. (autogenerated)

az aks addon update --addon virtual-node --name MyManagedCluster --resource-group MyResourceGroup --subnet-name VirtualNodeSubnet

Update ingress-appgw addon with subnet prefix.

az aks addon update --name MyManagedCluster --resource-group MyResourceGroup --addon ingress-appgw --appgw-subnet-cidr 10.2.0.0/16 --appgw-name gateway

Update monitoring addon with workspace resource id.

az aks addon update -g $rg -n $cn -a monitoring --workspace-resource-id=/subscriptions/0000000-00000000-00000-000-000/resourcegroups/myresourcegroup/providers/microsoft.operationalinsights/workspaces/defaultlaworkspace

Required Parameters

--addon -a

Specify the Kubernetes addon to update.

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--appgw-id

Resource Id of an existing Application Gateway to use with AGIC. Use with ingress-azure addon.

--appgw-name

Name of the application gateway to create/use in the node resource group. Use with ingress-azure addon.

--appgw-subnet-cidr

Subnet CIDR to use for a new subnet created to deploy the Application Gateway. Use with ingress-azure addon.

--appgw-subnet-id

Resource Id of an existing Subnet used to deploy the Application Gateway. Use with ingress-azure addon.

--appgw-watch-namespace

Specify the namespace, which AGIC should watch. This could be a single string value, or a comma-separated list of namespaces. Use with ingress-azure addon.

--data-collection-settings
Preview

Path to JSON file containing data collection settings for Monitoring addon.

--dns-zone-resource-ids
Preview

A comma separated list of resource IDs of the DNS zone resource to use with the web_application_routing addon.

--enable-msi-auth-for-monitoring
Preview

Send monitoring data to Log Analytics using the cluster's assigned identity (instead of the Log Analytics Workspace's shared key).

accepted values: false, true
--enable-secret-rotation

Enable secret rotation. Use with azure-keyvault-secrets-provider addon.

default value: False
--enable-sgxquotehelper

Enable SGX quote helper for confcom addon.

default value: False
--enable-syslog
Preview

Enable syslog data collection for Monitoring addon.

accepted values: false, true
default value: False
--no-wait

Do not wait for the long-running operation to finish.

default value: False
--rotation-poll-interval

Set interval of rotation poll. Use with azure-keyvault-secrets-provider addon.

--subnet-name -s

The subnet name for the virtual node to use.

--workspace-resource-id

The resource ID of an existing Log Analytics Workspace to use for storing monitoring data.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc
default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.