az aks addon

Note

This reference is part of the aks-preview extension for the Azure CLI (version 2.44.0 or higher). The extension will automatically install the first time you run an az aks addon command. Learn more about extensions.

Commands to manage and view single addon conditions.

Commands

az aks addon disable

Disable an enabled Kubernetes addon in a cluster.

az aks addon enable

Enable a Kubernetes addon.

az aks addon list

List status of all Kubernetes addons in given cluster.

az aks addon list-available

List available Kubernetes addons.

az aks addon show

Show status and configuration for an enabled Kubernetes addon in a given cluster.

az aks addon update

Update an already enabled Kubernetes addon.

az aks addon disable

Disable an enabled Kubernetes addon in a cluster.

az aks addon disable --addon
                     --name
                     --resource-group
                     [--no-wait]

Examples

Disable the "monitoring" addon.

az aks addon disable -g myResourceGroup -n myAKSCluster -a monitoring

Required Parameters

--addon -a

Specify the Kubernetes addon to disable.

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

default value: False

az aks addon enable

Enable a Kubernetes addon.

These addons are available: http_application_routing - configure ingress with automatic public DNS name creation. monitoring - turn on Log Analytics monitoring. Uses the Log Analytics Default Workspace if it exists, else creates one. Specify "--workspace-resource-id" to use an existing workspace. If monitoring addon is enabled --no-wait argument will have no effect virtual-node - enable AKS Virtual Node. Requires --subnet-name to provide the name of an existing subnet for the Virtual Node to use. azure-policy - enable Azure policy. The Azure Policy add-on for AKS enables at-scale enforcements and safeguards on your clusters in a centralized, consistent manner. Learn more at aka.ms/aks/policy. ingress-appgw - enable Application Gateway Ingress Controller addon (PREVIEW). open-service-mesh - enable Open Service Mesh addon (PREVIEW). gitops - enable GitOps (PREVIEW). azure-keyvault-secrets-provider - enable Azure Keyvault Secrets Provider addon. web_application_routing - enable Web Application Routing addon (PREVIEW). Specify "--dns-zone-resource-id" to configure DNS.

az aks addon enable --addon
                    --name
                    --resource-group
                    [--appgw-id]
                    [--appgw-name]
                    [--appgw-subnet-cidr]
                    [--appgw-subnet-id]
                    [--appgw-watch-namespace]
                    [--data-collection-settings]
                    [--dns-zone-resource-id]
                    [--enable-msi-auth-for-monitoring {false, true}]
                    [--enable-secret-rotation]
                    [--enable-sgxquotehelper]
                    [--enable-syslog {false, true}]
                    [--no-wait]
                    [--rotation-poll-interval]
                    [--subnet-name]
                    [--workspace-resource-id]

Examples

Enable a Kubernetes addon. (autogenerated)

az aks addon enable --addon virtual-node --name MyManagedCluster --resource-group MyResourceGroup --subnet-name VirtualNodeSubnet

Enable ingress-appgw addon with subnet prefix.

az aks addon enable --name MyManagedCluster --resource-group MyResourceGroup --addon ingress-appgw --appgw-subnet-cidr 10.2.0.0/16 --appgw-name gateway

Enable open-service-mesh addon.

az aks addon enable --name MyManagedCluster --resource-group MyResourceGroup -a open-service-mesh

Required Parameters

--addon -a

Specify the Kubernetes addon to enable.

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--appgw-id

Resource Id of an existing Application Gateway to use with AGIC. Use with ingress-azure addon.

--appgw-name

Name of the application gateway to create/use in the node resource group. Use with ingress-azure addon.

--appgw-subnet-cidr

Subnet CIDR to use for a new subnet created to deploy the Application Gateway. Use with ingress-azure addon.

--appgw-subnet-id

Resource Id of an existing Subnet used to deploy the Application Gateway. Use with ingress-azure addon.

--appgw-watch-namespace

Specify the namespace, which AGIC should watch. This could be a single string value, or a comma-separated list of namespaces. Use with ingress-azure addon.

--data-collection-settings

Path to JSON file containing data collection settings for Monitoring addon.

--dns-zone-resource-id

The resource ID of the DNS zone resource to use with the web_application_routing addon.

--enable-msi-auth-for-monitoring

Send monitoring data to Log Analytics using the cluster's assigned identity (instead of the Log Analytics Workspace's shared key).

accepted values: false, true
default value: False
--enable-secret-rotation

Enable secret rotation. Use with azure-keyvault-secrets-provider addon.

default value: False
--enable-sgxquotehelper

Enable SGX quote helper for confcom addon.

default value: False
--enable-syslog

Enable syslog data collection for Monitoring addon.

accepted values: false, true
default value: False
--no-wait

Do not wait for the long-running operation to finish.

default value: False
--rotation-poll-interval

Set interval of rotation poll. Use with azure-keyvault-secrets-provider addon.

--subnet-name -s

The subnet name for the virtual node to use.

--workspace-resource-id

The resource ID of an existing Log Analytics Workspace to use for storing monitoring data.

az aks addon list

List status of all Kubernetes addons in given cluster.

az aks addon list --name
                  --resource-group

Required Parameters

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az aks addon list-available

List available Kubernetes addons.

az aks addon list-available

az aks addon show

Show status and configuration for an enabled Kubernetes addon in a given cluster.

az aks addon show --addon
                  --name
                  --resource-group

Examples

Show configuration for "monitoring" addon.

az aks addon show -g myResourceGroup -n myAKSCluster -a monitoring

Required Parameters

--addon -a

Specify the Kubernetes addon.

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az aks addon update

Update an already enabled Kubernetes addon.

az aks addon update --addon
                    --name
                    --resource-group
                    [--appgw-id]
                    [--appgw-name]
                    [--appgw-subnet-cidr]
                    [--appgw-subnet-id]
                    [--appgw-watch-namespace]
                    [--data-collection-settings]
                    [--dns-zone-resource-id]
                    [--enable-msi-auth-for-monitoring {false, true}]
                    [--enable-secret-rotation]
                    [--enable-sgxquotehelper]
                    [--enable-syslog {false, true}]
                    [--no-wait]
                    [--rotation-poll-interval]
                    [--subnet-name]
                    [--workspace-resource-id]

Examples

Update a Kubernetes addon. (autogenerated)

az aks addon update --addon virtual-node --name MyManagedCluster --resource-group MyResourceGroup --subnet-name VirtualNodeSubnet

Update ingress-appgw addon with subnet prefix.

az aks addon update --name MyManagedCluster --resource-group MyResourceGroup --addon ingress-appgw --appgw-subnet-cidr 10.2.0.0/16 --appgw-name gateway

Update monitoring addon with workspace resource id.

az aks addon update -g $rg -n $cn -a monitoring --workspace-resource-id=/subscriptions/0000000-00000000-00000-000-000/resourcegroups/myresourcegroup/providers/microsoft.operationalinsights/workspaces/defaultlaworkspace

Required Parameters

--addon -a

Specify the Kubernetes addon to update.

--name -n

Name of the managed cluster.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--appgw-id

Resource Id of an existing Application Gateway to use with AGIC. Use with ingress-azure addon.

--appgw-name

Name of the application gateway to create/use in the node resource group. Use with ingress-azure addon.

--appgw-subnet-cidr

Subnet CIDR to use for a new subnet created to deploy the Application Gateway. Use with ingress-azure addon.

--appgw-subnet-id

Resource Id of an existing Subnet used to deploy the Application Gateway. Use with ingress-azure addon.

--appgw-watch-namespace

Specify the namespace, which AGIC should watch. This could be a single string value, or a comma-separated list of namespaces. Use with ingress-azure addon.

--data-collection-settings

Path to JSON file containing data collection settings for Monitoring addon.

--dns-zone-resource-id

The resource ID of the DNS zone resource to use with the web_application_routing addon.

--enable-msi-auth-for-monitoring

Send monitoring data to Log Analytics using the cluster's assigned identity (instead of the Log Analytics Workspace's shared key).

accepted values: false, true
default value: False
--enable-secret-rotation

Enable secret rotation. Use with azure-keyvault-secrets-provider addon.

default value: False
--enable-sgxquotehelper

Enable SGX quote helper for confcom addon.

default value: False
--enable-syslog

Enable syslog data collection for Monitoring addon.

accepted values: false, true
default value: False
--no-wait

Do not wait for the long-running operation to finish.

default value: False
--rotation-poll-interval

Set interval of rotation poll. Use with azure-keyvault-secrets-provider addon.

--subnet-name -s

The subnet name for the virtual node to use.

--workspace-resource-id

The resource ID of an existing Log Analytics Workspace to use for storing monitoring data.