Get cluster kubeconfig credentials

az account set --subscription "MY-SUBSCRIPTION"
az aks get-credentials --resource-group MY-RG --name MY-CLUSTER

Load Balancer

https://docs.microsoft.com/pt-br/azure/aks/internal-lb

Log Analytics

To enable AKS to store your pod logs, go to your AKS resource, Monitoring section, Logs. Create a workspace and enable logs.

To enable kube-apiserver logs go to your AKS Resource Group (the RG you created do deploy AKS service, not the RG that is automatically generated by AKS), Monitoring section, Diagnostic settings, click on your AKS from the list, on "Diagnostics settings" screen, click on "Add diagnostic setting".

Input a name, check "Send to Log Analytics", select you subscription and workspace, check the logs you want and click on save.

Wait a few minutes, then you query AzureDiagnostics logs:

AzureDiagnostics
| where Category == "kube-apiserver"
| project log_s

References

https://docs.microsoft.com/en-us/azure/aks/view-master-logs

SSH to nodes

Set your subscription.

az account set --subscription "MY-SUBSCRIPTION"

Set an env var with your cluster resources RG.

CLUSTER_RESOURCE_GROUP=MC_my-aks-name

Add your RSA key to the node.

az vm user update \
    --resource-group $CLUSTER_RESOURCE_GROUP \
    --name PUT-YOUR-NODE-NAME-HERE \
    --username azureuser \
    --ssh-key-value ~/.ssh/id_rsa.pub

Get your node IP.

az vm list-ip-addresses --resource-group $CLUSTER_RESOURCE_GROUP -o table

Run a pod.

kubectl run -it --rm aks-ssh --image=debian

Install SSH client.

apt-get update && apt-get install openssh-client vim -y

Setup the id_rsa file.

mkdir ~/.ssh
vi ~/.ssh/id_rsa
# Paste your id_rsa
chmod 600 ~/.ssh/id_rsa

SSH to your node.

ssh azureuser@PUT.YOUR.NODE.IP.HERE