How to Connect to AKS from Azure Portal for Kubernetes Resource Access

To connect to AKS from the Azure Portal, you'll need to navigate to the Azure Kubernetes Service (AKS) cluster page. From there, you can find the connection details for your cluster.

You can access the AKS cluster page by searching for it in the Azure Portal search bar. Type "AKS" and select the cluster you want to connect to from the search results.

To view the connection details for your AKS cluster, click on the "Overview" tab and then click on the "Connect" button. This will display the connection details, including the cluster endpoint and the authentication token.

Before you start connecting to your AKS cluster from the Azure portal, you need to have an AKS cluster set up.

You can use any AKS cluster, but if you're integrating with Microsoft Entra, your cluster must use AKS-managed Microsoft Entra integration.

Legacy Microsoft Entra ID clusters can be upgraded in the Azure portal or with the Azure CLI.

Creating a new AKS cluster is also an option, and you can do this directly in the Azure portal.

To create a new service connection in an AKS cluster, start by selecting the Search resources, services and docs (G +/) search bar at the top of the Azure portal, type AKS, and select Kubernetes services.

You can then select the AKS cluster you want to connect to a target resource, followed by Service Connector from the left table of contents, and then Create.

To configure the service connection, you'll need to select or enter the following settings: Kubernetes namespace, Service type, Connection name, Subscription, Storage account, and Client type.

For example, you might select the default namespace, Storage - Blob as the service type, and my_connection as the connection name.

Next, you'll need to select the authentication method, such as Workload identity to authenticate through Microsoft Entra workload identity.

You can also configure the network access to your target service by selecting Next: Networking and then Configure firewall rules to enable access to your target service.

Once you've reviewed the provided information, select Create to create the service connection.

To view existing service connections in an AKS cluster, simply select the Service Connector tab, which displays existing connections in this cluster.

You can also select Network View to see all the service connections in a network topology view.

To connect to an AKS cluster, you can use the Azure CLI command aks command invoke to remotely run commands such as kubectl or helm on your AKS private cluster through the Azure API.

Alternatively, you can use the az aks get-credentials command to download credentials and configure the Kubernetes CLI to use them.

To verify the connection to your cluster, use the kubectl get command to return a list of the cluster nodes.

Here's a summary of the steps to create a new service connection in an AKS cluster:

To access AKS resources, you can navigate to your AKS cluster resource in the Azure portal.

You can view Kubernetes resources by selecting Kubernetes resources from the service menu in the Azure portal.

To view AKS Edge Essentials resources, navigate to your resource group in the Azure portal and select the Namespaces option under Kubernetes resources (preview).

You'll need a bearer token to view your Kubernetes resources, which you can obtain by running Get-AksEdgeManagedServiceToken.

To verify the connection to your cluster, use the kubectl get command to return a list of cluster nodes, ensuring the node status is Ready.

You can also use the Azure CLI, PowerShell, or Command Prompt to connect to your cluster over the internet.

Here are the steps to connect to your AKS cluster using Azure CLI or PowerShell:

This will help you ensure that your cluster is set up correctly and that you can access the resources you need.

If you can't connect to your private AKS cluster, check the virtual network peering. This mechanism provides network-to-network connectivity between two virtual networks.

To troubleshoot connection problems, check the virtual network link to the private DNS zone. Virtual network links provide a way for VMs that are inside virtual networks to connect to a private DNS zone and resolve the DNS records inside the zone.

Here are some common issues you might encounter:

To configure your Azure environment, provide details of your Azure subscription in the aksedge-config.json file under the Arc section. This includes attributes such as ClusterName, Location, SubscriptionId, TenantId, ResourceGroupName, ClientId, and ClientSecret.

To access your AKS cluster, you can use the Azure portal, Azure CLI, PowerShell, or Command Prompt. You can connect to your cluster using Cloud Shell, which is a browser-based shell that provides a Linux-based environment for running commands.

If you're using Cloud Shell, open it with the >_ button on the top of the Azure portal. If you're using PowerShell locally, connect to Azure via the Connect-AzAccount command. If you're using Azure CLI locally, connect to Azure via the az login command.

To configure kubectl to connect to your Kubernetes cluster, use the az aks get-credentials command or the Import-AzAksCredential cmdlet. This command downloads credentials and configures the Kubernetes CLI to use them.

To verify the connection to your cluster, use the kubectl get command to return a list of the cluster nodes. Make sure the node status is Ready.

Here are the steps to configure kubectl and verify the connection:

You can also use the aks command invoke to remotely run commands such as kubectl or helm on your AKS private cluster through the Azure API. This can be an alternate way of connecting to your private cluster if you don't have a VPN, ExpressRoute, an external connectivity solution, or a virtual network that's peered directly to the cluster's virtual network.