Cheat Sheet

AKS tips and tricks.

Get cluster kubeconfig credentials

Backup your current kubeconfig.

az account set --subscription "MY-SUBSCRIPTION"
az aks get-credentials --resource-group MY-RG --name MY-CLUSTER

Load Balancer

Log Analytics

To enable AKS to store your pod logs, go to your AKS resource, Monitoring section, Logs. Create a workspace and enable logs.

To enable kube-apiserver logs go to your AKS Resource Group (the RG you created do deploy AKS service, not the RG that is automatically generated by AKS), Monitoring section, Diagnostic settings, click on your AKS from the list, on "Diagnostics settings" screen, click on "Add diagnostic setting".

Input a name, check "Send to Log Analytics", select you subscription and workspace, check the logs you want and click on save.

Wait a few minutes, then you query AzureDiagnostics logs:

| where Category == "kube-apiserver"
| project log_s


SSH to nodes

Set your subscription.

az account set --subscription "MY-SUBSCRIPTION"

Set an env var with your cluster resources RG.


Add your RSA key to the node.

az vm user update \
    --resource-group $CLUSTER_RESOURCE_GROUP \
    --username azureuser \
    --ssh-key-value ~/.ssh/

Get your node IP.

az vm list-ip-addresses --resource-group $CLUSTER_RESOURCE_GROUP -o table

Run a pod.

kubectl run -it --rm aks-ssh --image=debian

Install SSH client.

apt-get update && apt-get install openssh-client vim -y

Setup the id_rsa file.

mkdir ~/.ssh
vi ~/.ssh/id_rsa
# Paste your id_rsa
chmod 600 ~/.ssh/id_rsa

SSH to your node.

ssh azureuser@PUT.YOUR.NODE.IP.HERE

Last updated