az login
az group create --name <rg_name> --location <rg_location>
az ad sp create-for-rbac --skip-assignment
create the SP
az role assignment create --assignee <appId> --scope <resourceScope> --role Contributor
assign a particular role/permission to the SP
For example, you can use --scope /subscriptions/<subscription_id>
and --role Contributor
to make the SP contributor of the entire subscription
az aks create --resource-group <rg_name> --name <cluster_name> --node-count 1 --enable-addons monitoring,http_application_routing --generate-ssh-keys --service-principal <appId> --client-secret <password>
In particular, the addons enabled here are
- monitoring to enable the collection of logs in Azure Monitor
- http_application-routing creates an ingress controller and an external DNS controller in order to make application deployed in the cluser easy to access
az aks install-cli
az aks get-credentials --resource-group <rg_name> --name <cluster_name>
kubectl cluster-info
kubectl create -f https://raw.githubusercontent.com/Azure/helm-charts/master/docs/prerequisities/helm-rbac-config.yaml
helm init --service-account tiller
kubectl get pod --all-namespaces
kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard
az aks browse --resource-group <rg_name> --name <cluster_name>
kubectl create namespace <namespace_name>