Reading Time: 4 minutes
Follow by Email

This blog post is part of a series of blog posts for Azure Back to school by Dwayne Natwick. For the whole of September different community members will be creating a blog post or video to about Azure. Mine as you can tell from the heading is about Azure Kubernetes Service (AKS). In this blog post I am going to show you how to set up an AKS cluster using the new managed Azure Active Directory Integration. This means you do not have to create service principals and App registrations; the AKS resource provider does this for you! But before we can start to build the cluster, we have some known limitations and prerequisites.

Known Limitations

  • The first one is it only works in regions where AKS is supported. This means you can’t run do this in:
    • Azure Government
    • Azure China 21Vianet
  • Once enabled you cannot disable it.
  • Only Role Based Access Controlled (RBAC) clusters are supported.
  • You are unable to change the Azure AD Tenant associated with your AKS cluster.


You will need Azure CLI version 2.9.0 or later and Kubectl version 1.18 or newer (this is client, not server)

To install the latest kubectl version in your terminal window (bash) use the following command.

You will also need an Azure AD group. This group will be used as the admin group for the cluster. It will be used as the cluster admin group. You can use an existing group or create a new one. You will need the object ID of the Azure AD group you want to use. You can find it by using the following command, just replace the aks-admin with the displayname of your group.

Get group objectID

Take a note of the ObjectId, you will need it later.

If you would like to create a new group, you can use the following command.

Create new group

You will also need the Tenant ID. To find that you can use the following command.

Find tenant ID

Time to create the AKS cluster!

First, we need to create an Azure resource group to do that just use the following command and switch out the names to something you like.

Create Resource Group

Now it’s time to create the AKS cluster and enabled the administrator access with the group from before. You will need to add your group and tenant ID’s from before

AKS cluster creation

After about 6 minutes or so, you should have you AKS cluster. You can then start to access it.

How to Access the AKS cluster

To access the cluster, you will first need to use the az aks get-credentials command and point it to your newly created cluster.

aks get credentials

Now use kubectl to get a list of the nodes in the cluster.

kubectl get nodes

You will be asked to sign in. Go to the URL and enter the code shown in your terminal window. Sign in with a user from the group before. Back in the terminal window you will see the nodes in your AKS cluster.

kubectl get nodes

And there you have it! You have now created an AKS cluster without having to manually create a service principal or app registrations. I really like what Microsoft has done with this. It makes creating AKS clusters a lot easier. You can also update an existing RBAC enabled cluster. I will show you how in another guide, so keep an eye out.

If you have any questions or comments please reach out to me using the usual methods.

Follow by Email

Pixel Robots.

I’m Richard Hooper aka Pixel Robots. I started this blog in 2016 for a couple reasons. The first reason was basically just a place for me to store my step by step guides, troubleshooting guides and just plain ideas about being a sysadmin. The second reason was to share what I have learned and found out with other people like me. Hopefully, you can find something useful on the site.


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *