Bicep Kubernetes extension (Preview)

The Kubernetes extension allows you to create Kubernetes resources directly with Bicep. Bicep can deploy anything that can be deployed with the Kubernetes command-line client (kubectl) and a Kubernetes manifest file.

Note

The Kubernetes extension is not currently supported for private clusters:

resource AKS 'Microsoft.ContainerService/managedClusters@2024-02-01' = {
 ...
 properties: {
  apiServerAccessProfile: {
    enablePrivateCluster: true
  }
 }
}

Enable the preview feature

This preview feature can be enabled by configuring the bicepconfig.json:

{
  "experimentalFeaturesEnabled": {
    "extensibility": true
  }
}

Import Kubernetes extension

To safely pass secrets for the Kubernetes deployment, you must invoke the Kubernetes code with a Bicep module and pass the parameter as a secret. To import the Kubernetes extension, use the extension statement. After importing the extension, you can refactor the Bicep module file as usual, such as by using variables, parameters, and output. By contract, the Kubernetes manifest in YML doesn't include any programmability support.

The following sample imports the Kubernetes extension:

@secure()
param kubeConfig string

extension kubernetes with {
  namespace: 'default'
  kubeConfig: kubeConfig
} as k8s

The following sample shows how to pass kubeConfig value from a parent Bicep file:

resource aks 'Microsoft.ContainerService/managedClusters@2024-08-01' existing = {
  name: 'demoAKSCluster'
}

module kubernetes './kubernetes.bicep' = {
  name: 'buildbicep-deploy'
  params: {
    kubeConfig: aks.listClusterAdminCredential().kubeconfigs[0].value
  }
}

The AKS cluster can be a new resource or an existing resource. The Import Kubernetes manifest command from Visual Studio Code can automatically add the import snippet. For the details, see Import Kubernetes manifest command.

Visual Studio Code import

From Visual Studio Code, you can import Kubernetes manifest files to create Bicep module files. For more information, see Visual Studio Code.

Next steps