Cluster Creation¶
A good AKS cluster is mostly decided before the first az aks create command. Use this runbook to create a cluster with explicit networking, identity, and observability choices.
Prerequisites¶
- Azure CLI,
kubectl, andkubelogininstalled. - Resource group, VNet strategy, and Log Analytics workspace decided.
- VM quota confirmed for the target region and node size.
When to Use¶
- Creating a new environment.
- Rebuilding a cluster from a reviewed baseline.
- Standardizing cluster creation across teams.
Procedure¶
flowchart TD
A[Prepare RG and region] --> B[Create cluster]
B --> C[Get credentials]
C --> D[Validate nodes]
D --> E[Enable baseline add-ons] export RG="rg-aks-demo"
export CLUSTER_NAME="aks-demo"
export LOCATION="koreacentral"
az group create --name $RG --location $LOCATION
az aks create --resource-group $RG --name $CLUSTER_NAME --location $LOCATION --node-count 3 --node-vm-size Standard_D4ds_v5 --enable-managed-identity --enable-oidc-issuer --enable-workload-identity --network-plugin azure --network-plugin-mode overlay --generate-ssh-keys
az aks get-credentials --resource-group $RG --name $CLUSTER_NAME --overwrite-existing
kubectl get nodes -o wide
Verification¶
az aks show --resource-group $RG --name $CLUSTER_NAME --query "{powerState:powerState.code,kubernetesVersion:kubernetesVersion,networkPlugin:networkProfile.networkPlugin,networkMode:networkProfile.networkPluginMode}" --output yaml
kubectl get pods -n kube-system
Rollback / Troubleshooting¶
- Delete the cluster only if it was a failed greenfield setup and no state was attached.
- If creation fails, check quota, subnet sizing, and Azure Policy denies first.
- If credentials fail, re-run
az aks get-credentialsand validate Entra login requirements.