Prerequisites

Microsoft Azure Resource Providers: The following Microsoft Azure resource providers are registered.

• Microsoft.ContainerService
• Microsoft.Network
• Microsoft.Compute
• Microsoft.Storage
• Microsoft.KeyVault
• Microsoft.ManagedIdentity
• Microsoft.OperationsManagement
• Microsoft.OperationalInsights

AKS Permissions: Contact the Infrastructure Team to get the necessary permissions to create an AKS cluster, typically Contributor and User Access Administrator roles on the target subscription or resource group.

Jump Box or Local Machine: Use a dedicated Debian jump box created in Microsoft Azure. Do not use a jump box hosted on any other cloud.

Microsoft Azure Resource IDs from Infrastructure Team: Obtain the following resource IDs from the Infrastructure Team. These resource IDs are prompted during installation.

• UAMI Resource ID: User-assigned managed identity for the AKS cluster.

  For example:

  /subscriptions/<subscription-id>/resourceGroups/<it-resource-group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id-aks-applianceframework
  

• AKS Subnet Resource ID: Required subnet for deploying the AKS nodes.

  For example:

  /subscriptions/<subscription-id>/resourceGroups/<it-resource-group>/providers/Microsoft.Network/virtualNetworks/<vnet-name>/subnets/snet-aks-applianceframework
  

• Private DNS Zone Resource ID: Private DNS zone used by the AKS private cluster, must match the cluster region, for example, privatelink.<region>.azmk8s.io.

  For example:

  /subscriptions/<subscription-id>/resourceGroups/<dns-resource-group>/providers/Microsoft.Network/privateDnsZones/privatelink.eastus.azmk8s.io
  

• Velero UAMI Resource ID: User-assigned managed identity used by Velero for backups to the storage account.

  For example:

  /subscriptions/<subscription-id>/resourceGroups/<velero-resource-group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id-aks-velero