Scripts to deploy aks in a separate vnet with kubenet networking plugin
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Scripts to deploy aks in a separate vnet with kubenet networking plugin

Deploying AKS in a custom VNET

To deploy, first open and edit as needed the commented out section :

##### EDIT THESE ######
# If you don't have a SPN, uncomment the line that creates it in the script
# export SPN_PW=<YOUR_SPN_PW> # a service principal Service Principal


# export OMS_WORKSPACE_ID=<WORKSPACE_ID> # /subscriptions/<subId>/resourcegroups/<om_srg>/providers/Microsoft.OperationalInsights/workspaces/<OMS_WORKSPACE_NAME>

if you want to use a new Service Principal for the deployment, you can ignore the SPN_CLIENT_ID and SPN_PW it will can created in the [](scripts/ :

If you want to create a new SPN for the deployment uncomment th below line

# Uncomment if you want to create a new SPN for this deployment.
# create a SP and sets the env variable accordingly
# eval $(az ad sp create-for-rbac --skip-assignment | jq -r '"export SPN_PW=\(.password) && export SPN_CLIENT_ID=\(.appId)"')

Then run ./ This will source the [](scripts/ and run the deployment script.

If you want a jumpbox to test the internal load balancer and internal subnet communication fro example, you can run

It will create an ubuntu jumpbox in the second subnet and enable ssh using your local ~/.ssh/ key (required).

Still relying on the environment variables from, this will generate a jumpbox_id_rsa private/public key pair in the current folder, and scp them onto the jumpbox. It then resets the authorized ssh key for azureuser to for each AKS worker node.

After running this script, from your terminal :

me@local:~$ kubectl get node
NAME                       STATUS    ROLES     AGE       VERSION
aks-agentpool-33865844-0   Ready     agent     22m       v1.9.6
aks-agentpool-33865844-1   Ready     agent     22m       v1.9.6
aks-agentpool-33865844-2   Ready     agent     22m       v1.9.6
me@local:~$ ssh king@aks-jumpbox-${AKS_DATE}.${AKS_VNET_LOCATION}
Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.15.0-1013-azure x86_64)

king@aks-jumpbox:~$ ssh azureuser@aks-agentpool-33865844-2
The authenticity of host 'aks-agentpool-33865844-2 (' can\'t be established.
ECDSA key fingerprint is ....
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'aks-agentpool-33865844-2,' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.13.0-1018-azure x86_64)

azureuser@aks-agentpool-33865844-2:~$ #on the node :)