az connectedk8s
Note
This reference is part of the connectedk8s extension for the Azure CLI (version 2.70.0 or higher). The extension will automatically install the first time you run an az connectedk8s command. Learn more about extensions.
Commands to manage connected kubernetes clusters.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az connectedk8s connect |
Onboard a connected kubernetes cluster to azure. |
Extension | GA |
| az connectedk8s delete |
Delete a connected kubernetes cluster along with connected cluster agents. |
Extension | GA |
| az connectedk8s disable-features |
Disables the selective features on the connected cluster. |
Extension | Preview |
| az connectedk8s enable-features |
Enables the selective features on the connected cluster. |
Extension | Preview |
| az connectedk8s list |
List connected kubernetes clusters. |
Extension | GA |
| az connectedk8s proxy |
Get access to a connected kubernetes cluster. |
Extension | GA |
| az connectedk8s show |
Show details of a connected kubernetes cluster. |
Extension | GA |
| az connectedk8s troubleshoot |
Perform diagnostic checks on an Arc enabled Kubernetes cluster. |
Extension | Preview |
| az connectedk8s update |
Update properties of the arc onboarded kubernetes cluster. |
Extension | GA |
| az connectedk8s upgrade |
Atomically upgrade onboarded agents to the specific version or default to the latest version. |
Extension | GA |
az connectedk8s connect
Onboard a connected kubernetes cluster to azure.
The Kubernetes cluster to be onboarded as a connected cluster must be the default cluster in kubeconfig. Run kubectl config get-contexts to confirm the target context name. Then set the default context to the right cluster by running kubectl config use-context target-cluster-name.
az connectedk8s connect --name
--resource-group
[--azure-hybrid-benefit {False, NotApplicable, True}]
[--config --configuration-settings]
[--config-protected --config-protected-settings]
[--container-log-path]
[--correlation-id]
[--custom-ca-cert --proxy-cert]
[--custom-locations-oid]
[--disable-auto-upgrade]
[--distribution {aks, aks_edge_k3s, aks_edge_k8s, aks_engine, aks_management, aks_workload, canonical, capz, eks, generic, gke, k3s, karbon, kind, minikube, openshift, rancher_rke, tkg}]
[--distribution-version]
[--enable-oidc-issuer {false, true}]
[--enable-private-link {false, true}]
[--enable-wi --enable-workload-identity {false, true}]
[--gateway-resource-id]
[--infrastructure {LTSCWindows 10 Enterprise LTSC, Windows 10 Enterprise, Windows 10 Enterprise LTSC 2019, Windows 10 Enterprise LTSC 2021, Windows 10 Enterprise N, Windows 10 Enterprise N LTSC 2019, Windows 10 Enterprise N LTSC 2021, Windows 10 IoT Enterprise, Windows 10 IoT Enterprise LTSC 2019, Windows 10 IoT Enterprise LTSC 2021, Windows 10 Pro, Windows 11 Enterprise, Windows 11 Enterprise N, Windows 11 IoT Enterprise, Windows 11 Pro, Windows Server 2019, Windows Server 2019 Datacenter, Windows Server 2019 Standard, Windows Server 2022, Windows Server 2022 Datacenter, Windows Server 2022 Standard, aws, azure, azure_stack_edge, azure_stack_hci, azure_stack_hub, gcp, generic, vsphere, windows_server}]
[--kube-config]
[--kube-context]
[--location]
[--no-wait]
[--onboarding-timeout]
[--pls-arm-id --private-link-scope-resource-id]
[--proxy-http]
[--proxy-https]
[--proxy-skip-range]
[--self-hosted-issuer]
[--skip-ssl-verification]
[--tags]
[--yes]Examples
Onboard a connected kubernetes cluster with default kube config and kube context.
az connectedk8s connect -g resourceGroupName -n connectedClusterNameOnboard a connected kubernetes cluster with default kube config and kube context and disabling auto upgrade of arc agents.
az connectedk8s connect -g resourceGroupName -n connectedClusterName --disable-auto-upgradeOnboard a connected kubernetes cluster by specifying the kubeconfig and kubecontext.
az connectedk8s connect -g resourceGroupName -n connectedClusterName --kube-config /path/to/kubeconfig --kube-context kubeContextNameOnboard a connected kubernetes cluster by specifying the https proxy, http proxy, no proxy settings.
az connectedk8s connect -g resourceGroupName -n connectedClusterName --proxy-https https://proxy-url --proxy-http http://proxy-url --proxy-skip-range excludedIP,excludedCIDR,exampleCIDRfollowed,10.0.0.0/24Onboard a connected kubernetes cluster by specifying the https proxy, http proxy, no proxy with cert settings.
az connectedk8s connect -g resourceGroupName -n connectedClusterName --proxy-cert /path/to/crt --proxy-https https://proxy-url --proxy-http http://proxy-url --proxy-skip-range excludedIP,excludedCIDR,exampleCIDRfollowed,10.0.0.0/24Onboard a connected kubernetes cluster with private link feature enabled by specifying private link parameters.
az connectedk8s connect -g resourceGroupName -n connectedClusterName --enable-private-link true --private-link-scope-resource-id pls/resource/arm/idOnboard a connected kubernetes cluster with custom onboarding timeout.
az connectedk8s connect -g resourceGroupName -n connectedClusterName --onboarding-timeout 600Onboard a connected kubernetes cluster with oidc issuer and the workload identity webhook enabled.
az connectedk8s connect -g resourceGroupName -n connectedClusterName --enable-oidc-issuer --enable-workload-identityOnboard a connected kubernetes cluster with oidc issuer enabled using a self hosted issuer url for public cloud cluster.
az connectedk8s connect -g resourceGroupName -n connectedClusterName --enable-oidc-issuer --self-hosted-issuer aksissuerurlOnboard a connected kubernetes cluster with azure gateway feature enabled.
az connectedk8s connect -g resourceGroupName -n connectedClusterName --gateway-resource-id gatewayResourceIdRequired Parameters
The name of the connected cluster.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Flag to enable/disable Azure Hybrid Benefit feature.
| Property | Value |
|---|---|
| Accepted values: | False, NotApplicable, True |
Configuration Settings as key=value pair. Repeat parameter for each setting. Do not use this for secrets, as this value is returned in response.
Configuration Protected Settings as key=value pair. Repeat parameter for each setting. Only the key is returned in response, the value is not.
Override the default container log path to enable fluent-bit logging.
A guid that is used to internally track the source of cluster onboarding. Please do not modify it unless advised.
Path to the certificate file for proxy or custom Certificate Authority.
| Property | Value |
|---|---|
| Parameter group: | Proxy Arguments |
OID of 'custom-locations' app.
Flag to disable auto upgrade of arc agents.
| Property | Value |
|---|---|
| Default value: | False |
The Kubernetes distribution which will be running on this connected cluster.
| Property | Value |
|---|---|
| Default value: | generic |
| Accepted values: | aks, aks_edge_k3s, aks_edge_k8s, aks_engine, aks_management, aks_workload, canonical, capz, eks, generic, gke, k3s, karbon, kind, minikube, openshift, rancher_rke, tkg |
The Kubernetes distribution version of the connected cluster.
Enable creation of OIDC issuer url used for workload identity federation.
| Property | Value |
|---|---|
| Parameter group: | Workload Identity Arguments |
| Default value: | False |
| Accepted values: | false, true |
Flag to enable/disable private link support on a connected cluster resource. Allowed values: false, true.
| Property | Value |
|---|---|
| Parameter group: | PrivateLink Arguments |
| Accepted values: | false, true |
Enable workload identity webhook.
| Property | Value |
|---|---|
| Parameter group: | Workload Identity Arguments |
| Default value: | False |
| Accepted values: | false, true |
ArmID of the Arc Gateway resource.
| Property | Value |
|---|---|
| Parameter group: | Gateway Arguments |
The infrastructure on which the Kubernetes cluster represented by this connected cluster will be running on.
| Property | Value |
|---|---|
| Default value: | generic |
| Accepted values: | LTSCWindows 10 Enterprise LTSC, Windows 10 Enterprise, Windows 10 Enterprise LTSC 2019, Windows 10 Enterprise LTSC 2021, Windows 10 Enterprise N, Windows 10 Enterprise N LTSC 2019, Windows 10 Enterprise N LTSC 2021, Windows 10 IoT Enterprise, Windows 10 IoT Enterprise LTSC 2019, Windows 10 IoT Enterprise LTSC 2021, Windows 10 Pro, Windows 11 Enterprise, Windows 11 Enterprise N, Windows 11 IoT Enterprise, Windows 11 Pro, Windows Server 2019, Windows Server 2019 Datacenter, Windows Server 2019 Standard, Windows Server 2022, Windows Server 2022 Datacenter, Windows Server 2022 Standard, aws, azure, azure_stack_edge, azure_stack_hci, azure_stack_hub, gcp, generic, vsphere, windows_server |
Path to the kube config file.
Kubconfig context from current machine.
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Parameter group: | Timeout Arguments |
| Default value: | False |
Time required (in seconds) for the arc-agent pods to be installed on the kubernetes cluster. Override this value if the hardware/network constraints on your cluster requires more time for installing the arc-agent pods.
| Property | Value |
|---|---|
| Parameter group: | Timeout Arguments |
| Default value: | 1200 |
ARM resource id of the private link scope resource to which this connected cluster is associated.
| Property | Value |
|---|---|
| Parameter group: | PrivateLink Arguments |
Http proxy URL to be used.
| Property | Value |
|---|---|
| Parameter group: | Proxy Arguments |
Https proxy URL to be used.
| Property | Value |
|---|---|
| Parameter group: | Proxy Arguments |
List of URLs/CIDRs for which proxy should not to be used.
| Property | Value |
|---|---|
| Parameter group: | Proxy Arguments |
Self hosted issuer url for public cloud clusters - AKS, GKE, EKS.
| Property | Value |
|---|---|
| Parameter group: | Workload Identity Arguments |
Skip SSL verification for any cluster connection.
| Property | Value |
|---|---|
| Default value: | False |
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
Do not prompt for confirmation.
| Property | Value |
|---|---|
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az connectedk8s delete
Delete a connected kubernetes cluster along with connected cluster agents.
az connectedk8s delete [--force]
[--ids]
[--kube-config]
[--kube-context]
[--name]
[--no-wait]
[--resource-group]
[--skip-ssl-verification]
[--subscription]
[--yes]Examples
Delete a connected kubernetes cluster and connected cluster agents with default kubeconfig and kubecontext.
az connectedk8s delete -g resourceGroupName -n connectedClusterNameDelete a connected kubernetes cluster by specifying the kubeconfig and kubecontext for connected cluster agents deletion.
az connectedk8s delete -g resourceGroupName -n connectedClusterName --kube-config /path/to/kubeconfig --kube-context kubeContextNameOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Force delete to remove all azure-arc resources from the cluster.
| Property | Value |
|---|---|
| Default value: | False |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Path to the kube config file.
Kubconfig context from current machine.
The name of the connected cluster.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Default value: | False |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Skip SSL verification for any cluster connection.
| Property | Value |
|---|---|
| Default value: | False |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Do not prompt for confirmation.
| Property | Value |
|---|---|
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az connectedk8s disable-features
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Disables the selective features on the connected cluster.
az connectedk8s disable-features --features {azure-rbac, cluster-connect, custom-locations}
[--ids]
[--kube-config]
[--kube-context]
[--name]
[--resource-group]
[--skip-ssl-verification]
[--subscription]
[--yes]Examples
Disables the azure-rbac feature.
az connectedk8s disable-features -n clusterName -g resourceGroupName --features azure-rbacDisable multiple features.
az connectedk8s disable-features -n clusterName -g resourceGroupName --features custom-locations azure-rbacRequired Parameters
Space-separated list of features you want to disable.
| Property | Value |
|---|---|
| Accepted values: | azure-rbac, cluster-connect, custom-locations |
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Path to the kube config file.
Kubconfig context from current machine.
The name of the connected cluster.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Skip SSL verification for any cluster connection.
| Property | Value |
|---|---|
| Default value: | False |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Do not prompt for confirmation.
| Property | Value |
|---|---|
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az connectedk8s enable-features
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Enables the selective features on the connected cluster.
az connectedk8s enable-features --features {azure-rbac, cluster-connect, custom-locations}
[--custom-locations-oid]
[--ids]
[--kube-config]
[--kube-context]
[--name]
[--resource-group]
[--skip-azure-rbac-list]
[--skip-ssl-verification]
[--subscription]Examples
Enables the Cluster-Connect feature.
az connectedk8s enable-features -n clusterName -g resourceGroupName --features cluster-connectEnable Azure RBAC feature.
az connectedk8s enable-features -n clusterName -g resourceGroupName --features azure-rbac --skip-azure-rbac-list "[email protected],spn_oid"Enable multiple features.
az connectedk8s enable-features -n clusterName -g resourceGroupName --features cluster-connect custom-locationsRequired Parameters
Space-separated list of features you want to enable.
| Property | Value |
|---|---|
| Accepted values: | azure-rbac, cluster-connect, custom-locations |
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
OID of 'custom-locations' app.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Path to the kube config file.
Kubconfig context from current machine.
The name of the connected cluster.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Comma separated list of names of usernames/email/oid. Azure RBAC will be skipped for these users. Specify when enabling azure-rbac.
| Property | Value |
|---|---|
| Parameter group: | Azure RBAC Arguments |
Skip SSL verification for any cluster connection.
| Property | Value |
|---|---|
| Default value: | False |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az connectedk8s list
List connected kubernetes clusters.
az connectedk8s list [--resource-group]Examples
List all connected kubernetes clusters in a resource group.
az connectedk8s list -g resourceGroupName --subscription subscriptionNameList all connected kubernetes clusters in a subscription.
az connectedk8s list --subscription subscriptionNameOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az connectedk8s proxy
Get access to a connected kubernetes cluster.
az connectedk8s proxy [--file]
[--ids]
[--kube-context]
[--name]
[--port]
[--resource-group]
[--subscription]
[--token]Examples
Get access to a connected kubernetes cluster.
az connectedk8s proxy -n clusterName -g resourceGroupNameGet access to a connected kubernetes cluster with custom port
az connectedk8s proxy -n clusterName -g resourceGroupName --port portValueGet access to a connected kubernetes cluster with service account token
az connectedk8s proxy -n clusterName -g resourceGroupName --token tokenValueGet access to a connected kubernetes cluster by specifying custom kubeconfig location
az connectedk8s proxy -n clusterName -g resourceGroupName -f path/to/kubeconfigGet access to a connected kubernetes cluster by specifying custom context
az connectedk8s proxy -n clusterName -g resourceGroupName --kube-context contextNameOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Kubernetes configuration file to update. If not provided, updates the file '~/.kube/config'. Use '-' to print YAML to stdout instead.
| Property | Value |
|---|---|
| Default value: | ~\.kube\config |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
If specified, overwrite the default context name.
The name of the connected cluster.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Port used for accessing connected cluster.
| Property | Value |
|---|---|
| Default value: | 47011 |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Service account token to use to authenticate to the kubernetes cluster.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az connectedk8s show
Show details of a connected kubernetes cluster.
az connectedk8s show [--ids]
[--name]
[--resource-group]
[--subscription]Examples
Show the details for a connected kubernetes cluster
az connectedk8s show -g resourceGroupName -n connectedClusterNameOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
The name of the connected cluster.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az connectedk8s troubleshoot
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Perform diagnostic checks on an Arc enabled Kubernetes cluster.
az connectedk8s troubleshoot --name
--resource-group
[--kube-config]
[--kube-context]
[--skip-ssl-verification]
[--tags]Examples
Perform diagnostic checks on an Arc enabled Kubernetes cluster.
az connectedk8s troubleshoot -n clusterName -g resourceGroupNameRequired Parameters
The name of the connected cluster.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Path to the kube config file.
Kubeconfig context from current machine.
Skip SSL verification for any cluster connection.
| Property | Value |
|---|---|
| Default value: | False |
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az connectedk8s update
Update properties of the arc onboarded kubernetes cluster.
az connectedk8s update [--auto-upgrade {false, true}]
[--azure-hybrid-benefit {False, NotApplicable, True}]
[--config --configuration-settings]
[--config-protected --config-protected-settings]
[--container-log-path]
[--custom-ca-cert --proxy-cert]
[--disable-gateway {false, true}]
[--disable-proxy]
[--disable-wi --disable-workload-identity {false, true}]
[--distribution {aks, aks_edge_k3s, aks_edge_k8s, aks_engine, aks_management, aks_workload, canonical, capz, eks, generic, gke, k3s, karbon, kind, minikube, openshift, rancher_rke, tkg}]
[--distribution-version]
[--enable-oidc-issuer {false, true}]
[--enable-wi --enable-workload-identity {false, true}]
[--gateway-resource-id]
[--ids]
[--kube-config]
[--kube-context]
[--name]
[--proxy-http]
[--proxy-https]
[--proxy-skip-range]
[--resource-group]
[--self-hosted-issuer]
[--skip-ssl-verification]
[--subscription]
[--tags]
[--yes]Examples
Update proxy values for the agents
az connectedk8s update -g resourceGroupName -n connectedClusterName --proxy-cert /path/to/crt --proxy-https https://proxy-url --proxy-http http://proxy-url --proxy-skip-range excludedIP,excludedCIDR,exampleCIDRfollowed,10.0.0.0/24Disable proxy settings for agents
az connectedk8s update -g resourceGroupName -n connectedClusterName --disable-proxyDisable auto-upgrade of agents
az connectedk8s update -g resourceGroupName -n connectedClusterName --auto-upgrade falseUpdate a connected kubernetes cluster with oidc issuer and the workload identity webhook enabled.
az connectedk8s update -g resourceGroupName -n connectedClusterName --enable-oidc-issuer --enable-workload-identityUpdate a connected kubernetes cluster with oidc issuer enabled using a self hosted issuer url for public cloud cluster.
az connectedk8s update -g resourceGroupName -n connectedClusterName --enable-oidc-issuer --self-hosted-issuer aksissuerurlDisable the workload identity webhook on a connected kubernetes cluster.
az connectedk8s update -g resourceGroupName -n connectedClusterName --disable-workload-identityUpdate a connected kubernetes cluster with azure gateway feature enabled.
az connectedk8s update -g resourceGroupName -n connectedClusterName --gateway-resource-id gatewayResourceIdDisable the azure gateway feature on a connected kubernetes cluster.
az connectedk8s update -g resourceGroupName -n connectedClusterName --disable-gatewayOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Flag to enable/disable auto upgrade of arc agents. By default, auto upgrade of agents is enabled.
| Property | Value |
|---|---|
| Accepted values: | false, true |
Flag to enable/disable Azure Hybrid Benefit feature.
| Property | Value |
|---|---|
| Accepted values: | False, NotApplicable, True |
Configuration Settings as key=value pair. Repeat parameter for each setting. Do not use this for secrets, as this value is returned in response.
Configuration Protected Settings as key=value pair. Repeat parameter for each setting. Only the key is returned in response, the value is not.
Override the default container log path to enable fluent-bit logging.
Path to the certificate file for proxy or custom Certificate Authority.
| Property | Value |
|---|---|
| Parameter group: | Proxy Arguments |
Flag to disable Arc Gateway.
| Property | Value |
|---|---|
| Parameter group: | Gateway Arguments |
| Default value: | False |
| Accepted values: | false, true |
Disables proxy settings for agents.
| Property | Value |
|---|---|
| Parameter group: | Proxy Arguments |
| Default value: | False |
Disable workload identity webhook.
| Property | Value |
|---|---|
| Parameter group: | Workload Identity Arguments |
| Accepted values: | false, true |
The Kubernetes distribution which will be running on this connected cluster.
| Property | Value |
|---|---|
| Accepted values: | aks, aks_edge_k3s, aks_edge_k8s, aks_engine, aks_management, aks_workload, canonical, capz, eks, generic, gke, k3s, karbon, kind, minikube, openshift, rancher_rke, tkg |
The Kubernetes distribution version of the connected cluster.
Enable creation of OIDC issuer url used for workload identity federation.
| Property | Value |
|---|---|
| Parameter group: | Workload Identity Arguments |
| Accepted values: | false, true |
Enable workload identity webhook.
| Property | Value |
|---|---|
| Parameter group: | Workload Identity Arguments |
| Accepted values: | false, true |
ArmID of the Arc Gateway resource.
| Property | Value |
|---|---|
| Parameter group: | Gateway Arguments |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Path to the kube config file.
Kubconfig context from current machine.
The name of the connected cluster.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Http proxy URL to be used.
| Property | Value |
|---|---|
| Parameter group: | Proxy Arguments |
Https proxy URL to be used.
| Property | Value |
|---|---|
| Parameter group: | Proxy Arguments |
List of URLs/CIDRs for which proxy should not to be used.
| Property | Value |
|---|---|
| Parameter group: | Proxy Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Self hosted issuer url for public cloud clusters - AKS, GKE, EKS.
| Property | Value |
|---|---|
| Parameter group: | Workload Identity Arguments |
Skip SSL verification for any cluster connection.
| Property | Value |
|---|---|
| Default value: | False |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
Do not prompt for confirmation.
| Property | Value |
|---|---|
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az connectedk8s upgrade
Atomically upgrade onboarded agents to the specific version or default to the latest version.
az connectedk8s upgrade [--agent-version]
[--ids]
[--kube-config]
[--kube-context]
[--name]
[--resource-group]
[--skip-ssl-verification]
[--subscription]
[--upgrade-timeout]Examples
Upgrade the agents to the latest version
az connectedk8s upgrade -g resourceGroupName -n connectedClusterNameUpgrade the agents to a specific version
az connectedk8s upgrade -g resourceGroupName -n connectedClusterName --agent-version 0.2.62Upgrade the agents with custom upgrade timeout.
az connectedk8s upgrade -g resourceGroupName -n connectedClusterName --upgrade-timeout 600Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Version of agent to update the helm charts to.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Path to the kube config file.
Kubconfig context from current machine.
The name of the connected cluster.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Skip SSL verification for any cluster connection.
| Property | Value |
|---|---|
| Default value: | False |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Time required (in seconds) for the arc-agent pods to be upgraded on the kubernetes cluster. Override this value if the hardware/network constraints on your cluster requires more time for upgrading the arc-agent pods.
| Property | Value |
|---|---|
| Default value: | 600 |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
