Azure OAM Deployment

This reposititory contains instructions and scripts for easily getting an OAM-enabled Kubernetes cluster running on Azure using Crossplane.

Getting Started


The tutorial uses commands that assume an Posix-like shell environment.

  • Linux
  • macOS
  • Windows with WSL

Install azoam CLI

You can download the azoam CLI from this repository. Feel free to install to your path or run from the local directory depending on your preferences.

Linux / Windows with WSL

curl -O
chmod +x ./azoam


curl -O
chmod +x ./azoam

Install Azure CLI

These instructions use the Azure CLI.

Install jq

Install jq to process JSON output.

Install kubectl

These instructions use kubectl to deploy to Kubernetes.

Create Service Principal

# log in to azure (if not logged in)
az login

# create service principal permissions limited to this subscription
az ad sp create-for-rbac --sdk-auth --role Contributor > "creds.json"

Verify the credential's file is present:

ls creds.json

Resource Group

Choose a name for the resource group:




If you already have a resource group and don't want to create a new one, run the command above and skip the command below.

# log in to azure (if not logged in)
az login

az group create --name $OAM_TUTORIAL_RESOURCE_GROUP_NAME --location <location>


az group create --name $OAM_TUTORIAL_RESOURCE_GROUP_NAME --location westus2

Generate SSH Key

Check if you have an ssh key:

ls ~/.ssh/

If file is not present, generate an ssh key:


Make a note of the resource group name you choose for reference later.

Apply ARM template

Run the following command to deploy a Kubernetes cluster with support for OAM.

az deployment group create \
  --template-uri \
  --parameter "sshRSAPublicKey=$(cat ~/.ssh/" \
  --parameter "servicePrincipalClientId=$(jq '.clientId' --raw-output creds.json)" \
  --parameter "servicePrincipalClientSecret=$(jq '.clientSecret' --raw-output creds.json)"

Find the created AKS cluster

When the ARM template completes successfully you will have an AKS cluster in the provided resource group.

az aks list --resource-group $OAM_TUTORIAL_RESOURCE_GROUP_NAME

Export the AKS cluster name to a environment variable:

export OAM_TUTORIAL_AKS_CLUSTER_NAME=$(az aks list --resource-group $OAM_TUTORIAL_RESOURCE_GROUP_NAME --query '[].name' -o tsv)
az aks get-credentials --name $OAM_TUTORIAL_AKS_CLUSTER_NAME --resource-group $OAM_TUTORIAL_RESOURCE_GROUP_NAME

Now you should have credentials in your Kubernetes configuration for the AKS cluster. Now you can use kubectl to deploy some workloads using OAM.

Complete the tutorial

Once you can access the AKS cluster you're ready to go!

Find the tutorial here.

Cleaning Up

All of the resources created by this tutorial are all part of the same resource group. To delete all of the resources run the following command.

az group delete --name  $OAM_TUTORIAL_RESOURCE_GROUP_NAME --yes

Run the following to delete the service principal.

az ad sp delete --id "$(<creds.json | jq '.clientId' | xargs -I CLIENTID az ad sp list --filter \"appId eq 'CLIENTID'\" --query '[0].servicePrincipalNames[0]' -o tsv)"


