Share via


az aks connection create

Note

This command group has commands that are defined in both Azure CLI and at least one extension. Install each extension to benefit from its extended capabilities. Learn more about extensions.

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a connection between a aks and a target resource.

Commands

Name Description Type Status
az aks connection create app-insights

Create a aks connection to app-insights.

Core Preview
az aks connection create appconfig

Create a aks connection to appconfig.

Core Preview
az aks connection create cognitiveservices

Create a aks connection to cognitiveservices.

Core Preview
az aks connection create confluent-cloud

Create a aks connection to confluent-cloud.

Core Preview
az aks connection create cosmos-cassandra

Create a aks connection to cosmos-cassandra.

Core Preview
az aks connection create cosmos-gremlin

Create a aks connection to cosmos-gremlin.

Core Preview
az aks connection create cosmos-mongo

Create a aks connection to cosmos-mongo.

Core Preview
az aks connection create cosmos-sql

Create a aks connection to cosmos-sql.

Core Preview
az aks connection create cosmos-table

Create a aks connection to cosmos-table.

Core Preview
az aks connection create eventhub

Create a aks connection to eventhub.

Core Preview
az aks connection create keyvault

Create a aks connection to keyvault.

Core Preview
az aks connection create mysql

Create a aks connection to mysql.

Core Preview and Deprecated
az aks connection create mysql-flexible

Create a aks connection to mysql-flexible.

Core Preview
az aks connection create mysql-flexible (serviceconnector-passwordless extension)

Create a aks connection to mysql-flexible.

Extension GA
az aks connection create postgres

Create a aks connection to postgres.

Core Preview and Deprecated
az aks connection create postgres-flexible

Create a aks connection to postgres-flexible.

Core Preview
az aks connection create postgres-flexible (serviceconnector-passwordless extension)

Create a aks connection to postgres-flexible.

Extension GA
az aks connection create redis

Create a aks connection to redis.

Core Preview
az aks connection create redis-enterprise

Create a aks connection to redis-enterprise.

Core Preview
az aks connection create servicebus

Create a aks connection to servicebus.

Core Preview
az aks connection create signalr

Create a aks connection to signalr.

Core Preview
az aks connection create sql

Create a aks connection to sql.

Core Preview
az aks connection create sql (serviceconnector-passwordless extension)

Create a aks connection to sql.

Extension GA
az aks connection create storage-blob

Create a aks connection to storage-blob.

Core Preview
az aks connection create storage-file

Create a aks connection to storage-file.

Core Preview
az aks connection create storage-queue

Create a aks connection to storage-queue.

Core Preview
az aks connection create storage-table

Create a aks connection to storage-table.

Core Preview
az aks connection create webpubsub

Create a aks connection to webpubsub.

Core Preview

az aks connection create app-insights

Preview

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a aks connection to app-insights.

az aks connection create app-insights [--app-insights]
                                      [--appconfig-id]
                                      [--client-type {dotnet, dotnet-internal, go, java, nodejs, none, python}]
                                      [--connection]
                                      [--connstr-props]
                                      [--customized-keys]
                                      [--kube-namespace]
                                      [--name]
                                      [--no-wait]
                                      [--opt-out {auth, configinfo, publicnetwork}]
                                      [--resource-group]
                                      [--secret]
                                      [--source-id]
                                      [--target-id]
                                      [--target-resource-group]

Examples

Create a connection between aks and app-insights interactively

az aks connection create app-insights

Create a connection between aks and app-insights with resource name

az aks connection create app-insights -g ClusterRG -n MyCluster --tg AppInsightsRG --app-insights MyAppInsights --secret

Create a connection between aks and app-insights with resource id

az aks connection create app-insights --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/microsoft.insights/components/{appinsights} --secret

Optional Parameters

--app-insights

Name of the app insights. Required if '--target-id' is not specified.

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: dotnet, dotnet-internal, go, java, nodejs, none, python
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--app-insights'] are not specified.

--target-resource-group --tg

The resource group which contains the app insights. Required if '--target-id' is not specified.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create appconfig

Preview

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a aks connection to appconfig.

az aks connection create appconfig [--app-config]
                                   [--appconfig-id]
                                   [--client-type {dotnet, dotnet-internal, java, nodejs, none, python}]
                                   [--connection]
                                   [--connstr-props]
                                   [--customized-keys]
                                   [--kube-namespace]
                                   [--name]
                                   [--no-wait]
                                   [--opt-out {auth, configinfo, publicnetwork}]
                                   [--private-endpoint {false, true}]
                                   [--resource-group]
                                   [--secret]
                                   [--service-principal]
                                   [--source-id]
                                   [--target-id]
                                   [--target-resource-group]
                                   [--use-appconfig-extension {false, true}]
                                   [--workload-identity]

Examples

Create a connection between aks and appconfig interactively

az aks connection create appconfig

Create a connection between aks and appconfig with resource name

az aks connection create appconfig -g ClusterRG -n MyCluster --tg AppconfigRG --app-config MyConfigStore --secret

Create a connection between aks and appconfig with resource id

az aks connection create appconfig --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.AppConfiguration/configurationStores/{config_store} --secret

Optional Parameters

--app-config

Name of the app configuration. Required if '--target-id' is not specified.

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: dotnet, dotnet-internal, java, nodejs, none, python
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--private-endpoint

Connect target service by private endpoint. The private endpoint in source virtual network must be created ahead.

Accepted values: false, true
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret.

--service-principal

The service principal auth info.

Usage: --service-principal client-id=XX secret=XX

client-id : Required. Client id of the service principal. object-id : Optional. Object id of the service principal (Enterprise Application). secret : Required. Secret of the service principal.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--app-config'] are not specified.

--target-resource-group --tg

The resource group which contains the app configuration. Required if '--target-id' is not specified.

--use-appconfig-extension -e

Install Azure App Configuration extension in the Kubernetes cluster.

Accepted values: false, true
Default value: False
--workload-identity

The user-assigned managed identity used to create workload identity federation.

Usage: --workload-identity

user-identity-resource-id: Required. The resource id of the user assigned identity. Please DO NOT use AKS control plane identity and kubelet identity which is not supported by federated identity credential.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create cognitiveservices

Preview

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a aks connection to cognitiveservices.

az aks connection create cognitiveservices [--account]
                                           [--appconfig-id]
                                           [--client-type {dotnet, none, python}]
                                           [--connection]
                                           [--connstr-props]
                                           [--customized-keys]
                                           [--kube-namespace]
                                           [--name]
                                           [--no-wait]
                                           [--opt-out {auth, configinfo, publicnetwork}]
                                           [--resource-group]
                                           [--secret]
                                           [--service-principal]
                                           [--source-id]
                                           [--target-id]
                                           [--target-resource-group]
                                           [--workload-identity]

Examples

Create a connection between aks and cognitiveservices interactively

az aks connection create cognitiveservices

Create a connection between aks and cognitiveservices with resource name

az aks connection create cognitiveservices -g ClusterRG -n MyCluster --tg CognitiveServicesRG --account MyAccount --secret

Create a connection between aks and cognitiveservices with resource id

az aks connection create cognitiveservices --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.CognitiveServices/accounts/{account} --secret

Optional Parameters

--account

Name of the cognitive services account. Required if '--target-id' is not specified.

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: dotnet, none, python
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret.

--service-principal

The service principal auth info.

Usage: --service-principal client-id=XX secret=XX

client-id : Required. Client id of the service principal. object-id : Optional. Object id of the service principal (Enterprise Application). secret : Required. Secret of the service principal.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--account'] are not specified.

--target-resource-group --tg

The resource group which contains the cognitive services. Required if '--target-id' is not specified.

--workload-identity

The user-assigned managed identity used to create workload identity federation.

Usage: --workload-identity

user-identity-resource-id: Required. The resource id of the user assigned identity. Please DO NOT use AKS control plane identity and kubelet identity which is not supported by federated identity credential.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create confluent-cloud

Preview

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a aks connection to confluent-cloud.

az aks connection create confluent-cloud --bootstrap-server
                                         --kafka-key
                                         --kafka-secret
                                         --schema-key
                                         --schema-registry
                                         --schema-secret
                                         [--appconfig-id]
                                         [--client-type {dotnet, dotnet-internal, go, java, none, python, springBoot}]
                                         [--connection]
                                         [--customized-keys]
                                         [--kube-namespace]
                                         [--name]
                                         [--no-wait]
                                         [--opt-out {auth, configinfo, publicnetwork}]
                                         [--resource-group]
                                         [--source-id]

Examples

Create a connection between aks and confluent-cloud

az aks connection create confluent-cloud -g ClusterRG -n MyCluster --bootstrap-server xxx.eastus.azure.confluent.cloud:9092 --kafka-key Name --kafka-secret Secret --schema-registry https://xxx.eastus.azure.confluent.cloud --schema-key Name --schema-secret Secret

Required Parameters

--bootstrap-server

Kafka bootstrap server url.

--kafka-key

Kafka API-Key (key).

--kafka-secret

Kafka API-Key (secret).

--schema-key

Schema registry API-Key (key).

--schema-registry

Schema registry url.

--schema-secret

Schema registry API-Key (secret).

Optional Parameters

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: dotnet, dotnet-internal, go, java, none, python, springBoot
--connection

Name of the connection.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create cosmos-cassandra

Preview

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a aks connection to cosmos-cassandra.

az aks connection create cosmos-cassandra [--account]
                                          [--appconfig-id]
                                          [--client-type {dotnet, dotnet-internal, go, java, nodejs, none, python, springBoot}]
                                          [--connection]
                                          [--connstr-props]
                                          [--customized-keys]
                                          [--key-space]
                                          [--kube-namespace]
                                          [--name]
                                          [--no-wait]
                                          [--opt-out {auth, configinfo, publicnetwork}]
                                          [--private-endpoint {false, true}]
                                          [--resource-group]
                                          [--secret]
                                          [--service-endpoint {false, true}]
                                          [--service-principal]
                                          [--source-id]
                                          [--target-id]
                                          [--target-resource-group]
                                          [--workload-identity]

Examples

Create a connection between aks and cosmos-cassandra interactively

az aks connection create cosmos-cassandra

Create a connection between aks and cosmos-cassandra with resource name

az aks connection create cosmos-cassandra -g ClusterRG -n MyCluster --tg CosmosRG --account MyAccount --key-space MyKeySpace --secret

Create a connection between aks and cosmos-cassandra with resource id

az aks connection create cosmos-cassandra --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.DocumentDB/databaseAccounts/{account}/cassandraKeyspaces/{key_space} --secret

Optional Parameters

--account

Name of the cosmos database account. Required if '--target-id' is not specified.

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: dotnet, dotnet-internal, go, java, nodejs, none, python, springBoot
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--key-space

Name of the keyspace. Required if '--target-id' is not specified.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--private-endpoint

Connect target service by private endpoint. The private endpoint in source virtual network must be created ahead.

Accepted values: false, true
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret.

--service-endpoint

Connect target service by service endpoint. Source resource must be in the VNet and target SKU must support service endpoint feature.

Accepted values: false, true
--service-principal

The service principal auth info.

Usage: --service-principal client-id=XX secret=XX

client-id : Required. Client id of the service principal. object-id : Optional. Object id of the service principal (Enterprise Application). secret : Required. Secret of the service principal.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--account', '--key-space'] are not specified.

--target-resource-group --tg

The resource group which contains the cosmos database account. Required if '--target-id' is not specified.

--workload-identity

The user-assigned managed identity used to create workload identity federation.

Usage: --workload-identity

user-identity-resource-id: Required. The resource id of the user assigned identity. Please DO NOT use AKS control plane identity and kubelet identity which is not supported by federated identity credential.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create cosmos-gremlin

Preview

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a aks connection to cosmos-gremlin.

az aks connection create cosmos-gremlin [--account]
                                        [--appconfig-id]
                                        [--client-type {dotnet, dotnet-internal, java, nodejs, none, php, python}]
                                        [--connection]
                                        [--connstr-props]
                                        [--customized-keys]
                                        [--database]
                                        [--graph]
                                        [--kube-namespace]
                                        [--name]
                                        [--no-wait]
                                        [--opt-out {auth, configinfo, publicnetwork}]
                                        [--private-endpoint {false, true}]
                                        [--resource-group]
                                        [--secret]
                                        [--service-endpoint {false, true}]
                                        [--service-principal]
                                        [--source-id]
                                        [--target-id]
                                        [--target-resource-group]
                                        [--workload-identity]

Examples

Create a connection between aks and cosmos-gremlin interactively

az aks connection create cosmos-gremlin

Create a connection between aks and cosmos-gremlin with resource name

az aks connection create cosmos-gremlin -g ClusterRG -n MyCluster --tg CosmosRG --account MyAccount --database MyDB --graph MyGraph --secret

Create a connection between aks and cosmos-gremlin with resource id

az aks connection create cosmos-gremlin --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.DocumentDB/databaseAccounts/{account}/gremlinDatabases/{database}/graphs/{graph} --secret

Optional Parameters

--account

Name of the cosmos database account. Required if '--target-id' is not specified.

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: dotnet, dotnet-internal, java, nodejs, none, php, python
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--database

Name of the database. Required if '--target-id' is not specified.

--graph

Name of the graph. Required if '--target-id' is not specified.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--private-endpoint

Connect target service by private endpoint. The private endpoint in source virtual network must be created ahead.

Accepted values: false, true
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret.

--service-endpoint

Connect target service by service endpoint. Source resource must be in the VNet and target SKU must support service endpoint feature.

Accepted values: false, true
--service-principal

The service principal auth info.

Usage: --service-principal client-id=XX secret=XX

client-id : Required. Client id of the service principal. object-id : Optional. Object id of the service principal (Enterprise Application). secret : Required. Secret of the service principal.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--account', '--database', '--graph'] are not specified.

--target-resource-group --tg

The resource group which contains the cosmos database account. Required if '--target-id' is not specified.

--workload-identity

The user-assigned managed identity used to create workload identity federation.

Usage: --workload-identity

user-identity-resource-id: Required. The resource id of the user assigned identity. Please DO NOT use AKS control plane identity and kubelet identity which is not supported by federated identity credential.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create cosmos-mongo

Preview

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a aks connection to cosmos-mongo.

az aks connection create cosmos-mongo [--account]
                                      [--appconfig-id]
                                      [--client-type {dotnet, dotnet-internal, go, java, nodejs, none, springBoot}]
                                      [--connection]
                                      [--connstr-props]
                                      [--customized-keys]
                                      [--database]
                                      [--kube-namespace]
                                      [--name]
                                      [--no-wait]
                                      [--opt-out {auth, configinfo, publicnetwork}]
                                      [--private-endpoint {false, true}]
                                      [--resource-group]
                                      [--secret]
                                      [--service-endpoint {false, true}]
                                      [--service-principal]
                                      [--source-id]
                                      [--target-id]
                                      [--target-resource-group]
                                      [--workload-identity]

Examples

Create a connection between aks and cosmos-mongo interactively

az aks connection create cosmos-mongo

Create a connection between aks and cosmos-mongo with resource name

az aks connection create cosmos-mongo -g ClusterRG -n MyCluster --tg CosmosRG --account MyAccount --database MyDB --secret

Create a connection between aks and cosmos-mongo with resource id

az aks connection create cosmos-mongo --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.DocumentDB/databaseAccounts/{account}/mongodbDatabases/{database} --secret

Optional Parameters

--account

Name of the cosmos database account. Required if '--target-id' is not specified.

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: dotnet, dotnet-internal, go, java, nodejs, none, springBoot
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--database

Name of the database. Required if '--target-id' is not specified.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--private-endpoint

Connect target service by private endpoint. The private endpoint in source virtual network must be created ahead.

Accepted values: false, true
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret.

--service-endpoint

Connect target service by service endpoint. Source resource must be in the VNet and target SKU must support service endpoint feature.

Accepted values: false, true
--service-principal

The service principal auth info.

Usage: --service-principal client-id=XX secret=XX

client-id : Required. Client id of the service principal. object-id : Optional. Object id of the service principal (Enterprise Application). secret : Required. Secret of the service principal.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--account', '--database'] are not specified.

--target-resource-group --tg

The resource group which contains the cosmos database account. Required if '--target-id' is not specified.

--workload-identity

The user-assigned managed identity used to create workload identity federation.

Usage: --workload-identity

user-identity-resource-id: Required. The resource id of the user assigned identity. Please DO NOT use AKS control plane identity and kubelet identity which is not supported by federated identity credential.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create cosmos-sql

Preview

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a aks connection to cosmos-sql.

az aks connection create cosmos-sql [--account]
                                    [--appconfig-id]
                                    [--client-type {dotnet, dotnet-internal, java, nodejs, none, python, springBoot}]
                                    [--connection]
                                    [--connstr-props]
                                    [--customized-keys]
                                    [--database]
                                    [--kube-namespace]
                                    [--name]
                                    [--no-wait]
                                    [--opt-out {auth, configinfo, publicnetwork}]
                                    [--private-endpoint {false, true}]
                                    [--resource-group]
                                    [--secret]
                                    [--service-endpoint {false, true}]
                                    [--service-principal]
                                    [--source-id]
                                    [--target-id]
                                    [--target-resource-group]
                                    [--workload-identity]

Examples

Create a connection between aks and cosmos-sql interactively

az aks connection create cosmos-sql

Create a connection between aks and cosmos-sql with resource name

az aks connection create cosmos-sql -g ClusterRG -n MyCluster --tg CosmosRG --account MyAccount --database MyDB --secret

Create a connection between aks and cosmos-sql with resource id

az aks connection create cosmos-sql --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.DocumentDB/databaseAccounts/{account}/sqlDatabases/{database} --secret

Optional Parameters

--account

Name of the cosmos database account. Required if '--target-id' is not specified.

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: dotnet, dotnet-internal, java, nodejs, none, python, springBoot
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--database

Name of the database. Required if '--target-id' is not specified.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--private-endpoint

Connect target service by private endpoint. The private endpoint in source virtual network must be created ahead.

Accepted values: false, true
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret.

--service-endpoint

Connect target service by service endpoint. Source resource must be in the VNet and target SKU must support service endpoint feature.

Accepted values: false, true
--service-principal

The service principal auth info.

Usage: --service-principal client-id=XX secret=XX

client-id : Required. Client id of the service principal. object-id : Optional. Object id of the service principal (Enterprise Application). secret : Required. Secret of the service principal.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--account', '--database'] are not specified.

--target-resource-group --tg

The resource group which contains the cosmos database account. Required if '--target-id' is not specified.

--workload-identity

The user-assigned managed identity used to create workload identity federation.

Usage: --workload-identity

user-identity-resource-id: Required. The resource id of the user assigned identity. Please DO NOT use AKS control plane identity and kubelet identity which is not supported by federated identity credential.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create cosmos-table

Preview

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a aks connection to cosmos-table.

az aks connection create cosmos-table [--account]
                                      [--appconfig-id]
                                      [--client-type {dotnet, dotnet-internal, java, nodejs, none, python, springBoot}]
                                      [--connection]
                                      [--connstr-props]
                                      [--customized-keys]
                                      [--kube-namespace]
                                      [--name]
                                      [--no-wait]
                                      [--opt-out {auth, configinfo, publicnetwork}]
                                      [--private-endpoint {false, true}]
                                      [--resource-group]
                                      [--secret]
                                      [--service-endpoint {false, true}]
                                      [--service-principal]
                                      [--source-id]
                                      [--table]
                                      [--target-id]
                                      [--target-resource-group]
                                      [--workload-identity]

Examples

Create a connection between aks and cosmos-table interactively

az aks connection create cosmos-table

Create a connection between aks and cosmos-table with resource name

az aks connection create cosmos-table -g ClusterRG -n MyCluster --tg CosmosRG --account MyAccount --table MyTable --secret

Create a connection between aks and cosmos-table with resource id

az aks connection create cosmos-table --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.DocumentDB/databaseAccounts/{account}/tables/{table} --secret

Optional Parameters

--account

Name of the cosmos database account. Required if '--target-id' is not specified.

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: dotnet, dotnet-internal, java, nodejs, none, python, springBoot
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--private-endpoint

Connect target service by private endpoint. The private endpoint in source virtual network must be created ahead.

Accepted values: false, true
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret.

--service-endpoint

Connect target service by service endpoint. Source resource must be in the VNet and target SKU must support service endpoint feature.

Accepted values: false, true
--service-principal

The service principal auth info.

Usage: --service-principal client-id=XX secret=XX

client-id : Required. Client id of the service principal. object-id : Optional. Object id of the service principal (Enterprise Application). secret : Required. Secret of the service principal.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--table

Name of the table. Required if '--target-id' is not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--account', '--table'] are not specified.

--target-resource-group --tg

The resource group which contains the cosmos database account. Required if '--target-id' is not specified.

--workload-identity

The user-assigned managed identity used to create workload identity federation.

Usage: --workload-identity

user-identity-resource-id: Required. The resource id of the user assigned identity. Please DO NOT use AKS control plane identity and kubelet identity which is not supported by federated identity credential.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create eventhub

Preview

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a aks connection to eventhub.

az aks connection create eventhub [--appconfig-id]
                                  [--client-type {dotnet, dotnet-internal, go, java, kafka-springBoot, nodejs, none, python, springBoot}]
                                  [--connection]
                                  [--connstr-props]
                                  [--customized-keys]
                                  [--kube-namespace]
                                  [--name]
                                  [--namespace]
                                  [--no-wait]
                                  [--opt-out {auth, configinfo, publicnetwork}]
                                  [--private-endpoint {false, true}]
                                  [--resource-group]
                                  [--secret]
                                  [--service-endpoint {false, true}]
                                  [--service-principal]
                                  [--source-id]
                                  [--target-id]
                                  [--target-resource-group]
                                  [--workload-identity]

Examples

Create a connection between aks and eventhub interactively

az aks connection create eventhub

Create a connection between aks and eventhub with resource name

az aks connection create eventhub -g ClusterRG -n MyCluster --tg EventhubRG --namespace MyNamespace --secret

Create a connection between aks and eventhub with resource id

az aks connection create eventhub --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.EventHub/namespaces/{namespace} --secret

Optional Parameters

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: dotnet, dotnet-internal, go, java, kafka-springBoot, nodejs, none, python, springBoot
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--namespace

Name of the eventhub namespace. Required if '--target-id' is not specified.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--private-endpoint

Connect target service by private endpoint. The private endpoint in source virtual network must be created ahead.

Accepted values: false, true
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret.

--service-endpoint

Connect target service by service endpoint. Source resource must be in the VNet and target SKU must support service endpoint feature.

Accepted values: false, true
--service-principal

The service principal auth info.

Usage: --service-principal client-id=XX secret=XX

client-id : Required. Client id of the service principal. object-id : Optional. Object id of the service principal (Enterprise Application). secret : Required. Secret of the service principal.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--namespace'] are not specified.

--target-resource-group --tg

The resource group which contains the eventhub. Required if '--target-id' is not specified.

--workload-identity

The user-assigned managed identity used to create workload identity federation.

Usage: --workload-identity

user-identity-resource-id: Required. The resource id of the user assigned identity. Please DO NOT use AKS control plane identity and kubelet identity which is not supported by federated identity credential.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create keyvault

Preview

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a aks connection to keyvault.

az aks connection create keyvault [--appconfig-id]
                                  [--client-type {dotnet, dotnet-internal, java, nodejs, none, python, springBoot}]
                                  [--connection]
                                  [--connstr-props]
                                  [--customized-keys]
                                  [--enable-csi {false, true}]
                                  [--kube-namespace]
                                  [--name]
                                  [--new {false, true}]
                                  [--no-wait]
                                  [--opt-out {auth, configinfo, publicnetwork}]
                                  [--private-endpoint {false, true}]
                                  [--resource-group]
                                  [--service-endpoint {false, true}]
                                  [--service-principal]
                                  [--source-id]
                                  [--target-id]
                                  [--target-resource-group]
                                  [--vault]
                                  [--workload-identity]

Examples

Create a connection between aks and keyvault interactively

az aks connection create keyvault

Create a connection between aks and keyvault with resource name

az aks connection create keyvault -g ClusterRG -n MyCluster --tg KeyvaultRG --vault MyVault --enable-csi

Create a connection between aks and keyvault with resource id

az aks connection create keyvault --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.KeyVault/vaults/{vault} --enable-csi

Create a new keyvault and connect aks to it interactively

az aks connection create keyvault --new

Create a new keyvault and connect aks to it

az aks connection create keyvault --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --new

Optional Parameters

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: dotnet, dotnet-internal, java, nodejs, none, python, springBoot
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--enable-csi

Use keyvault as a secrets store via a CSI volume. If specified, AuthType Arguments are not needed.

Accepted values: false, true
Default value: False
--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--new

Indicates whether to create a new keyvault when creating the aks connection.

Accepted values: false, true
Default value: False
--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--private-endpoint

Connect target service by private endpoint. The private endpoint in source virtual network must be created ahead.

Accepted values: false, true
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--service-endpoint

Connect target service by service endpoint. Source resource must be in the VNet and target SKU must support service endpoint feature.

Accepted values: false, true
--service-principal

The service principal auth info.

Usage: --service-principal client-id=XX secret=XX

client-id : Required. Client id of the service principal. object-id : Optional. Object id of the service principal (Enterprise Application). secret : Required. Secret of the service principal.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--vault'] are not specified.

--target-resource-group --tg

The resource group which contains the keyvault. Required if '--target-id' is not specified.

--vault

Name of the keyvault. Required if '--target-id' is not specified.

--workload-identity

The user-assigned managed identity used to create workload identity federation.

Usage: --workload-identity

user-identity-resource-id: Required. The resource id of the user assigned identity. Please DO NOT use AKS control plane identity and kubelet identity which is not supported by federated identity credential.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create mysql

Preview Deprecated

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

This command has been deprecated and will be removed in a future release.

Create a aks connection to mysql.

az aks connection create mysql [--appconfig-id]
                               [--client-type {django, dotnet, dotnet-internal, go, java, nodejs, none, php, python, ruby, springBoot}]
                               [--connection]
                               [--connstr-props]
                               [--customized-keys]
                               [--database]
                               [--kube-namespace]
                               [--name]
                               [--no-wait]
                               [--opt-out {auth, configinfo, publicnetwork}]
                               [--private-endpoint {false, true}]
                               [--resource-group]
                               [--secret]
                               [--server]
                               [--service-endpoint {false, true}]
                               [--source-id]
                               [--target-id]
                               [--target-resource-group]

Examples

Create a connection between aks and mysql interactively

az aks connection create mysql

Create a connection between aks and mysql with resource name

az aks connection create mysql -g ClusterRG -n MyCluster --tg MysqlRG --server MyServer --database MyDB --secret name=XX secret=XX

Create a connection between aks and mysql with resource id

az aks connection create mysql --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.DBForMySQL/servers/{server}/databases/{database} --secret name=XX secret=XX

Optional Parameters

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: django, dotnet, dotnet-internal, go, java, nodejs, none, php, python, ruby, springBoot
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--database

Name of the mysql database. Required if '--target-id' is not specified.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--private-endpoint

Connect target service by private endpoint. The private endpoint in source virtual network must be created ahead.

Accepted values: false, true
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret name=XX secret=XX --secret name=XX secret-name=XX

name : Required. Username or account name for secret auth. secret : One of <secret, secret-uri, secret-name> is required. Password or account key for secret auth. secret-name : One of <secret, secret-uri, secret-name> is required. Keyvault secret name which stores password. It's for AKS only.

--server

Name of the mysql server. Required if '--target-id' is not specified.

--service-endpoint

Connect target service by service endpoint. Source resource must be in the VNet and target SKU must support service endpoint feature.

Accepted values: false, true
--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--server', '--database'] are not specified.

--target-resource-group --tg

The resource group which contains the mysql server. Required if '--target-id' is not specified.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create mysql-flexible

Preview

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a aks connection to mysql-flexible.

az aks connection create mysql-flexible [--appconfig-id]
                                        [--client-type {django, dotnet, dotnet-internal, go, java, nodejs, none, php, python, ruby, springBoot}]
                                        [--connection]
                                        [--connstr-props]
                                        [--customized-keys]
                                        [--database]
                                        [--kube-namespace]
                                        [--name]
                                        [--no-wait]
                                        [--opt-out {auth, configinfo, publicnetwork}]
                                        [--private-endpoint {false, true}]
                                        [--resource-group]
                                        [--secret]
                                        [--server]
                                        [--source-id]
                                        [--target-id]
                                        [--target-resource-group]

Examples

Create a connection between aks and mysql-flexible interactively

az aks connection create mysql-flexible

Create a connection between aks and mysql-flexible with resource name

az aks connection create mysql-flexible -g ClusterRG -n MyCluster --tg MysqlRG --server MyServer --database MyDB --secret name=XX secret=XX

Create a connection between aks and mysql-flexible with resource id

az aks connection create mysql-flexible --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.DBforMySQL/flexibleServers/{server}/databases/{database} --secret name=XX secret=XX

Optional Parameters

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: django, dotnet, dotnet-internal, go, java, nodejs, none, php, python, ruby, springBoot
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--database

Name of the mysql flexible database. Required if '--target-id' is not specified.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--private-endpoint

Connect target service by private endpoint. The private endpoint in source virtual network must be created ahead.

Accepted values: false, true
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret name=XX secret=XX --secret name=XX secret-name=XX

name : Required. Username or account name for secret auth. secret : One of <secret, secret-uri, secret-name> is required. Password or account key for secret auth. secret-name : One of <secret, secret-uri, secret-name> is required. Keyvault secret name which stores password. It's for AKS only.

--server

Name of the mysql flexible server. Required if '--target-id' is not specified.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--server', '--database'] are not specified.

--target-resource-group --tg

The resource group which contains the mysql flexible server. Required if '--target-id' is not specified.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create mysql-flexible (serviceconnector-passwordless extension)

Create a aks connection to mysql-flexible.

az aks connection create mysql-flexible [--appconfig-id]
                                        [--client-type {django, dotnet, dotnet-internal, go, java, nodejs, none, php, python, ruby, springBoot}]
                                        [--connection]
                                        [--customized-keys]
                                        [--database]
                                        [--kube-namespace]
                                        [--name]
                                        [--new]
                                        [--no-wait]
                                        [--opt-out {auth, configinfo, publicnetwork}]
                                        [--private-endpoint {false, true}]
                                        [--resource-group]
                                        [--secret]
                                        [--server]
                                        [--service-principal]
                                        [--source-id]
                                        [--target-id]
                                        [--target-resource-group]
                                        [--workload-identity]
                                        [--yes]

Examples

Create a connection between aks and mysql-flexible interactively

az aks connection create mysql-flexible

Create a connection between aks and mysql-flexible with resource name

az aks connection create mysql-flexible -g ClusterRG -n MyCluster --tg MysqlRG --server MyServer --database MyDB --secret name=XX secret=XX

Create a connection between aks and mysql-flexible with resource id

az aks connection create mysql-flexible --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.DBforMySQL/flexibleServers/{server}/databases/{database} --secret name=XX secret=XX

Optional Parameters

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: django, dotnet, dotnet-internal, go, java, nodejs, none, php, python, ruby, springBoot
--connection

Name of the aks connection.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--database

Name of the mysql flexible database. Required if '--target-id' is not specified.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--new

Deleting existing users with the same name before creating a new user in database.

Default value: False
--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--private-endpoint

Connect target service by private endpoint. The private endpoint in source virtual network must be created ahead.

Accepted values: false, true
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret name=XX secret=XX --secret name=XX secret-uri=XX --secret name=XX secret-name=XX

name : Required. Username or account name for secret auth. secret : One of <secret, secret-uri, secret-name> is required. Password or account key for secret auth. secret-uri : One of <secret, secret-uri, secret-name> is required. Keyvault secret uri which stores password. secret-name : One of <secret, secret-uri, secret-name> is required. Keyvault secret name which stores password. It's for AKS only.

--server

Name of the mysql flexible server. Required if '--target-id' is not specified.

--service-principal

The service principal auth info.

Usage: --service-principal client-id=XX secret=XX

client-id : Required. Client id of the service principal. object-id : Optional. Object id of the service principal (Enterprise Application). secret : Required. Secret of the service principal. mysql-identity-id : Optional. ID of identity used for MySQL flexible server Microsoft Entra Authentication. Ignore it if you are the server Microsoft Entra administrator.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--server', '--database'] are not specified.

--target-resource-group --tg

The resource group which contains the mysql flexible server. Required if '--target-id' is not specified.

--workload-identity

The user-assigned managed identity used to create workload identity federation.

Usage: --workload-identity mysql-identity-id=

user-identity-resource-id: Required. The resource id of the user assigned identity. Please DO NOT use AKS control plane identity and kubelet identity which is not supported by federated identity credential. mysql-identity-id : Optional. ID of identity used for MySQL flexible server Microsoft Entra Authentication. Ignore it if you are the server Microsoft Entra administrator.

--yes -y

Do not prompt for confirmation.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create postgres

Preview Deprecated

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

This command has been deprecated and will be removed in a future release.

Create a aks connection to postgres.

az aks connection create postgres [--appconfig-id]
                                  [--client-type {django, dotnet, dotnet-internal, go, java, nodejs, none, php, python, ruby, springBoot}]
                                  [--connection]
                                  [--connstr-props]
                                  [--customized-keys]
                                  [--database]
                                  [--kube-namespace]
                                  [--name]
                                  [--new {false, true}]
                                  [--no-wait]
                                  [--opt-out {auth, configinfo, publicnetwork}]
                                  [--private-endpoint {false, true}]
                                  [--resource-group]
                                  [--secret]
                                  [--server]
                                  [--service-endpoint {false, true}]
                                  [--source-id]
                                  [--target-id]
                                  [--target-resource-group]

Examples

Create a connection between aks and postgres interactively

az aks connection create postgres

Create a connection between aks and postgres with resource name

az aks connection create postgres -g ClusterRG -n MyCluster --tg PostgresRG --server MyServer --database MyDB --secret name=XX secret=XX

Create a connection between aks and postgres with resource id

az aks connection create postgres --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.DBforPostgreSQL/servers/{server}/databases/{database} --secret name=XX secret=XX

Create a new postgres and connect aks to it interactively

az aks connection create postgres --new

Create a new postgres and connect aks to it

az aks connection create postgres --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --new

Optional Parameters

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: django, dotnet, dotnet-internal, go, java, nodejs, none, php, python, ruby, springBoot
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--database

Name of postgres database. Required if '--target-id' is not specified.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--new

Indicates whether to create a new postgres when creating the aks connection.

Accepted values: false, true
Default value: False
--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--private-endpoint

Connect target service by private endpoint. The private endpoint in source virtual network must be created ahead.

Accepted values: false, true
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret name=XX secret=XX --secret name=XX secret-name=XX

name : Required. Username or account name for secret auth. secret : One of <secret, secret-uri, secret-name> is required. Password or account key for secret auth. secret-name : One of <secret, secret-uri, secret-name> is required. Keyvault secret name which stores password. It's for AKS only.

--server

Name of postgres server. Required if '--target-id' is not specified.

--service-endpoint

Connect target service by service endpoint. Source resource must be in the VNet and target SKU must support service endpoint feature.

Accepted values: false, true
--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--server', '--database'] are not specified.

--target-resource-group --tg

The resource group which contains the postgres service. Required if '--target-id' is not specified.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create postgres-flexible

Preview

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a aks connection to postgres-flexible.

az aks connection create postgres-flexible [--appconfig-id]
                                           [--client-type {django, dotnet, dotnet-internal, go, java, nodejs, none, php, python, ruby, springBoot}]
                                           [--connection]
                                           [--connstr-props]
                                           [--customized-keys]
                                           [--database]
                                           [--kube-namespace]
                                           [--name]
                                           [--no-wait]
                                           [--opt-out {auth, configinfo, publicnetwork}]
                                           [--resource-group]
                                           [--secret]
                                           [--server]
                                           [--source-id]
                                           [--target-id]
                                           [--target-resource-group]

Examples

Create a connection between aks and postgres-flexible interactively

az aks connection create postgres-flexible

Create a connection between aks and postgres-flexible with resource name

az aks connection create postgres-flexible -g ClusterRG -n MyCluster --tg PostgresRG --server MyServer --database MyDB --secret name=XX secret=XX

Create a connection between aks and postgres-flexible with resource id

az aks connection create postgres-flexible --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.DBforPostgreSQL/flexibleServers/{server}/databases/{database} --secret name=XX secret=XX

Optional Parameters

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: django, dotnet, dotnet-internal, go, java, nodejs, none, php, python, ruby, springBoot
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--database

Name of postgres flexible database. Required if '--target-id' is not specified.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret name=XX secret=XX --secret name=XX secret-name=XX

name : Required. Username or account name for secret auth. secret : One of <secret, secret-uri, secret-name> is required. Password or account key for secret auth. secret-name : One of <secret, secret-uri, secret-name> is required. Keyvault secret name which stores password. It's for AKS only.

--server

Name of postgres flexible server. Required if '--target-id' is not specified.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--server', '--database'] are not specified.

--target-resource-group --tg

The resource group which contains the flexible postgres service. Required if '--target-id' is not specified.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create postgres-flexible (serviceconnector-passwordless extension)

Create a aks connection to postgres-flexible.

az aks connection create postgres-flexible [--appconfig-id]
                                           [--client-type {django, dotnet, dotnet-internal, go, java, nodejs, none, php, python, ruby, springBoot}]
                                           [--connection]
                                           [--customized-keys]
                                           [--database]
                                           [--kube-namespace]
                                           [--name]
                                           [--new]
                                           [--no-wait]
                                           [--opt-out {auth, configinfo, publicnetwork}]
                                           [--resource-group]
                                           [--secret]
                                           [--server]
                                           [--service-principal]
                                           [--source-id]
                                           [--target-id]
                                           [--target-resource-group]
                                           [--workload-identity]
                                           [--yes]

Examples

Create a connection between aks and postgres-flexible interactively

az aks connection create postgres-flexible

Create a connection between aks and postgres-flexible with resource name

az aks connection create postgres-flexible -g ClusterRG -n MyCluster --tg PostgresRG --server MyServer --database MyDB --secret name=XX secret=XX

Create a connection between aks and postgres-flexible with resource id

az aks connection create postgres-flexible --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.DBforPostgreSQL/flexibleServers/{server}/databases/{database} --secret name=XX secret=XX

Optional Parameters

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: django, dotnet, dotnet-internal, go, java, nodejs, none, php, python, ruby, springBoot
--connection

Name of the aks connection.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--database

Name of postgres flexible database. Required if '--target-id' is not specified.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--new

Deleting existing users with the same name before creating a new user in database.

Default value: False
--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret name=XX secret=XX --secret name=XX secret-uri=XX --secret name=XX secret-name=XX

name : Required. Username or account name for secret auth. secret : One of <secret, secret-uri, secret-name> is required. Password or account key for secret auth. secret-uri : One of <secret, secret-uri, secret-name> is required. Keyvault secret uri which stores password. secret-name : One of <secret, secret-uri, secret-name> is required. Keyvault secret name which stores password. It's for AKS only.

--server

Name of postgres flexible server. Required if '--target-id' is not specified.

--service-principal

The service principal auth info.

Usage: --service-principal client-id=XX secret=XX

client-id : Required. Client id of the service principal. object-id : Optional. Object id of the service principal (Enterprise Application). secret : Required. Secret of the service principal.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--server', '--database'] are not specified.

--target-resource-group --tg

The resource group which contains the flexible postgres service. Required if '--target-id' is not specified.

--workload-identity

The user-assigned managed identity used to create workload identity federation.

Usage: --workload-identity

user-identity-resource-id: Required. The resource id of the user assigned identity. Please DO NOT use AKS control plane identity and kubelet identity which is not supported by federated identity credential.

--yes -y

Do not prompt for confirmation.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create redis

Preview

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a aks connection to redis.

az aks connection create redis [--appconfig-id]
                               [--client-type {dotnet, dotnet-internal, go, java, nodejs, none, python, springBoot}]
                               [--connection]
                               [--connstr-props]
                               [--customized-keys]
                               [--database]
                               [--kube-namespace]
                               [--name]
                               [--no-wait]
                               [--opt-out {auth, configinfo, publicnetwork}]
                               [--private-endpoint {false, true}]
                               [--resource-group]
                               [--secret]
                               [--server]
                               [--source-id]
                               [--target-id]
                               [--target-resource-group]

Examples

Create a connection between aks and redis interactively

az aks connection create redis

Create a connection between aks and redis with resource name

az aks connection create redis -g ClusterRG -n MyCluster --tg RedisRG --server MyServer --database MyDB --secret

Create a connection between aks and redis with resource id

az aks connection create redis --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.Cache/redis/{server}/databases/{database} --secret

Optional Parameters

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: dotnet, dotnet-internal, go, java, nodejs, none, python, springBoot
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--database

Name of the redis database. Required if '--target-id' is not specified.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--private-endpoint

Connect target service by private endpoint. The private endpoint in source virtual network must be created ahead.

Accepted values: false, true
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret.

--server

Name of the redis server. Required if '--target-id' is not specified.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--server', '--database'] are not specified.

--target-resource-group --tg

The resource group which contains the redis server. Required if '--target-id' is not specified.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create redis-enterprise

Preview

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a aks connection to redis-enterprise.

az aks connection create redis-enterprise [--appconfig-id]
                                          [--client-type {dotnet, dotnet-internal, go, java, nodejs, none, python, springBoot}]
                                          [--connection]
                                          [--connstr-props]
                                          [--customized-keys]
                                          [--database]
                                          [--kube-namespace]
                                          [--name]
                                          [--no-wait]
                                          [--opt-out {auth, configinfo, publicnetwork}]
                                          [--resource-group]
                                          [--secret]
                                          [--server]
                                          [--source-id]
                                          [--target-id]
                                          [--target-resource-group]

Examples

Create a connection between aks and redis-enterprise interactively

az aks connection create redis-enterprise

Create a connection between aks and redis-enterprise with resource name

az aks connection create redis-enterprise -g ClusterRG -n MyCluster --tg RedisRG --server MyServer --database MyDB --secret

Create a connection between aks and redis-enterprise with resource id

az aks connection create redis-enterprise --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.Cache/redisEnterprise/{server}/databases/{database} --secret

Optional Parameters

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: dotnet, dotnet-internal, go, java, nodejs, none, python, springBoot
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--database

Name of the redis enterprise database. Required if '--target-id' is not specified.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret.

--server

Name of the redis enterprise server. Required if '--target-id' is not specified.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--server', '--database'] are not specified.

--target-resource-group --tg

The resource group which contains the redis server. Required if '--target-id' is not specified.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create servicebus

Preview

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a aks connection to servicebus.

az aks connection create servicebus [--appconfig-id]
                                    [--client-type {dotnet, dotnet-internal, go, java, nodejs, none, python, springBoot}]
                                    [--connection]
                                    [--connstr-props]
                                    [--customized-keys]
                                    [--kube-namespace]
                                    [--name]
                                    [--namespace]
                                    [--no-wait]
                                    [--opt-out {auth, configinfo, publicnetwork}]
                                    [--private-endpoint {false, true}]
                                    [--resource-group]
                                    [--secret]
                                    [--service-endpoint {false, true}]
                                    [--service-principal]
                                    [--source-id]
                                    [--target-id]
                                    [--target-resource-group]
                                    [--workload-identity]

Examples

Create a connection between aks and servicebus interactively

az aks connection create servicebus

Create a connection between aks and servicebus with resource name

az aks connection create servicebus -g ClusterRG -n MyCluster --tg ServicebusRG --namespace MyNamespace --secret

Create a connection between aks and servicebus with resource id

az aks connection create servicebus --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.ServiceBus/namespaces/{namespace} --secret

Optional Parameters

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: dotnet, dotnet-internal, go, java, nodejs, none, python, springBoot
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--namespace

Name of the servicebus namespace. Required if '--target-id' is not specified.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--private-endpoint

Connect target service by private endpoint. The private endpoint in source virtual network must be created ahead.

Accepted values: false, true
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret.

--service-endpoint

Connect target service by service endpoint. Source resource must be in the VNet and target SKU must support service endpoint feature.

Accepted values: false, true
--service-principal

The service principal auth info.

Usage: --service-principal client-id=XX secret=XX

client-id : Required. Client id of the service principal. object-id : Optional. Object id of the service principal (Enterprise Application). secret : Required. Secret of the service principal.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--namespace'] are not specified.

--target-resource-group --tg

The resource group which contains the servicebus. Required if '--target-id' is not specified.

--workload-identity

The user-assigned managed identity used to create workload identity federation.

Usage: --workload-identity

user-identity-resource-id: Required. The resource id of the user assigned identity. Please DO NOT use AKS control plane identity and kubelet identity which is not supported by federated identity credential.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create signalr

Preview

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a aks connection to signalr.

az aks connection create signalr [--appconfig-id]
                                 [--client-type {dotnet, dotnet-internal, none}]
                                 [--connection]
                                 [--connstr-props]
                                 [--customized-keys]
                                 [--kube-namespace]
                                 [--name]
                                 [--no-wait]
                                 [--opt-out {auth, configinfo, publicnetwork}]
                                 [--private-endpoint {false, true}]
                                 [--resource-group]
                                 [--secret]
                                 [--service-principal]
                                 [--signalr]
                                 [--source-id]
                                 [--target-id]
                                 [--target-resource-group]
                                 [--workload-identity]

Examples

Create a connection between aks and signalr interactively

az aks connection create signalr

Create a connection between aks and signalr with resource name

az aks connection create signalr -g ClusterRG -n MyCluster --tg SignalrRG --signalr MySignalR --secret

Create a connection between aks and signalr with resource id

az aks connection create signalr --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.SignalRService/SignalR/{signalr} --secret

Optional Parameters

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: dotnet, dotnet-internal, none
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--private-endpoint

Connect target service by private endpoint. The private endpoint in source virtual network must be created ahead.

Accepted values: false, true
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret.

--service-principal

The service principal auth info.

Usage: --service-principal client-id=XX secret=XX

client-id : Required. Client id of the service principal. object-id : Optional. Object id of the service principal (Enterprise Application). secret : Required. Secret of the service principal.

--signalr

Name of the signalr service. Required if '--target-id' is not specified.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--signalr'] are not specified.

--target-resource-group --tg

The resource group which contains the signalr. Required if '--target-id' is not specified.

--workload-identity

The user-assigned managed identity used to create workload identity federation.

Usage: --workload-identity

user-identity-resource-id: Required. The resource id of the user assigned identity. Please DO NOT use AKS control plane identity and kubelet identity which is not supported by federated identity credential.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create sql

Preview

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a aks connection to sql.

az aks connection create sql [--appconfig-id]
                             [--client-type {django, dotnet, dotnet-internal, go, java, nodejs, none, php, python, ruby, springBoot}]
                             [--connection]
                             [--connstr-props]
                             [--customized-keys]
                             [--database]
                             [--kube-namespace]
                             [--name]
                             [--no-wait]
                             [--opt-out {auth, configinfo, publicnetwork}]
                             [--private-endpoint {false, true}]
                             [--resource-group]
                             [--secret]
                             [--server]
                             [--service-endpoint {false, true}]
                             [--source-id]
                             [--target-id]
                             [--target-resource-group]

Examples

Create a connection between aks and sql interactively

az aks connection create sql

Create a connection between aks and sql with resource name

az aks connection create sql -g ClusterRG -n MyCluster --tg SqlRG --server MyServer --database MyDB --secret name=XX secret=XX

Create a connection between aks and sql with resource id

az aks connection create sql --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.Sql/servers/{server}/databases/{database} --secret name=XX secret=XX

Optional Parameters

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: django, dotnet, dotnet-internal, go, java, nodejs, none, php, python, ruby, springBoot
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--database

Name of the sql database. Required if '--target-id' is not specified.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--private-endpoint

Connect target service by private endpoint. The private endpoint in source virtual network must be created ahead.

Accepted values: false, true
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret name=XX secret=XX --secret name=XX secret-name=XX

name : Required. Username or account name for secret auth. secret : One of <secret, secret-uri, secret-name> is required. Password or account key for secret auth. secret-name : One of <secret, secret-uri, secret-name> is required. Keyvault secret name which stores password. It's for AKS only.

--server

Name of the sql server. Required if '--target-id' is not specified.

--service-endpoint

Connect target service by service endpoint. Source resource must be in the VNet and target SKU must support service endpoint feature.

Accepted values: false, true
--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--server', '--database'] are not specified.

--target-resource-group --tg

The resource group which contains the sql server. Required if '--target-id' is not specified.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create sql (serviceconnector-passwordless extension)

Create a aks connection to sql.

az aks connection create sql [--appconfig-id]
                             [--client-type {django, dotnet, dotnet-internal, go, java, nodejs, none, php, python, ruby, springBoot}]
                             [--connection]
                             [--customized-keys]
                             [--database]
                             [--kube-namespace]
                             [--name]
                             [--new]
                             [--no-wait]
                             [--opt-out {auth, configinfo, publicnetwork}]
                             [--private-endpoint {false, true}]
                             [--resource-group]
                             [--secret]
                             [--server]
                             [--service-endpoint {false, true}]
                             [--service-principal]
                             [--source-id]
                             [--target-id]
                             [--target-resource-group]
                             [--workload-identity]
                             [--yes]

Examples

Create a connection between aks and sql interactively

az aks connection create sql

Create a connection between aks and sql with resource name

az aks connection create sql -g ClusterRG -n MyCluster --tg SqlRG --server MyServer --database MyDB --secret name=XX secret=XX

Create a connection between aks and sql with resource id

az aks connection create sql --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.Sql/servers/{server}/databases/{database} --secret name=XX secret=XX

Optional Parameters

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: django, dotnet, dotnet-internal, go, java, nodejs, none, php, python, ruby, springBoot
--connection

Name of the aks connection.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--database

Name of the sql database. Required if '--target-id' is not specified.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--new

Deleting existing users with the same name before creating a new user in database.

Default value: False
--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--private-endpoint

Connect target service by private endpoint. The private endpoint in source virtual network must be created ahead.

Accepted values: false, true
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret name=XX secret=XX --secret name=XX secret-uri=XX --secret name=XX secret-name=XX

name : Required. Username or account name for secret auth. secret : One of <secret, secret-uri, secret-name> is required. Password or account key for secret auth. secret-uri : One of <secret, secret-uri, secret-name> is required. Keyvault secret uri which stores password. secret-name : One of <secret, secret-uri, secret-name> is required. Keyvault secret name which stores password. It's for AKS only.

--server

Name of the sql server. Required if '--target-id' is not specified.

--service-endpoint

Connect target service by service endpoint. Source resource must be in the VNet and target SKU must support service endpoint feature.

Accepted values: false, true
--service-principal

The service principal auth info.

Usage: --service-principal client-id=XX secret=XX

client-id : Required. Client id of the service principal. object-id : Optional. Object id of the service principal (Enterprise Application). secret : Required. Secret of the service principal.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--server', '--database'] are not specified.

--target-resource-group --tg

The resource group which contains the sql server. Required if '--target-id' is not specified.

--workload-identity

The user-assigned managed identity used to create workload identity federation.

Usage: --workload-identity

user-identity-resource-id: Required. The resource id of the user assigned identity. Please DO NOT use AKS control plane identity and kubelet identity which is not supported by federated identity credential.

--yes -y

Do not prompt for confirmation.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create storage-blob

Preview

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a aks connection to storage-blob.

az aks connection create storage-blob [--account]
                                      [--appconfig-id]
                                      [--client-type {dotnet, dotnet-internal, java, nodejs, none, python, springBoot}]
                                      [--connection]
                                      [--connstr-props]
                                      [--customized-keys]
                                      [--kube-namespace]
                                      [--name]
                                      [--new {false, true}]
                                      [--no-wait]
                                      [--opt-out {auth, configinfo, publicnetwork}]
                                      [--private-endpoint {false, true}]
                                      [--resource-group]
                                      [--secret]
                                      [--service-endpoint {false, true}]
                                      [--service-principal]
                                      [--source-id]
                                      [--target-id]
                                      [--target-resource-group]
                                      [--workload-identity]

Examples

Create a connection between aks and storage-blob interactively

az aks connection create storage-blob

Create a connection between aks and storage-blob with resource name

az aks connection create storage-blob -g ClusterRG -n MyCluster --tg StorageRG --account MyAccount --secret

Create a connection between aks and storage-blob with resource id

az aks connection create storage-blob --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.Storage/storageAccounts/{account}/blobServices/default --secret

Create a new storage-blob and connect aks to it interactively

az aks connection create storage-blob --new

Create a new storage-blob and connect aks to it

az aks connection create storage-blob --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --new

Optional Parameters

--account

Name of the storage account. Required if '--target-id' is not specified.

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: dotnet, dotnet-internal, java, nodejs, none, python, springBoot
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--new

Indicates whether to create a new storage-blob when creating the aks connection.

Accepted values: false, true
Default value: False
--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--private-endpoint

Connect target service by private endpoint. The private endpoint in source virtual network must be created ahead.

Accepted values: false, true
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret.

--service-endpoint

Connect target service by service endpoint. Source resource must be in the VNet and target SKU must support service endpoint feature.

Accepted values: false, true
--service-principal

The service principal auth info.

Usage: --service-principal client-id=XX secret=XX

client-id : Required. Client id of the service principal. object-id : Optional. Object id of the service principal (Enterprise Application). secret : Required. Secret of the service principal.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--account'] are not specified.

--target-resource-group --tg

The resource group which contains the storage account. Required if '--target-id' is not specified.

--workload-identity

The user-assigned managed identity used to create workload identity federation.

Usage: --workload-identity

user-identity-resource-id: Required. The resource id of the user assigned identity. Please DO NOT use AKS control plane identity and kubelet identity which is not supported by federated identity credential.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create storage-file

Preview

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a aks connection to storage-file.

az aks connection create storage-file [--account]
                                      [--appconfig-id]
                                      [--client-type {dotnet, dotnet-internal, java, nodejs, none, php, python, ruby, springBoot}]
                                      [--connection]
                                      [--connstr-props]
                                      [--customized-keys]
                                      [--kube-namespace]
                                      [--name]
                                      [--no-wait]
                                      [--opt-out {auth, configinfo, publicnetwork}]
                                      [--private-endpoint {false, true}]
                                      [--resource-group]
                                      [--secret]
                                      [--service-endpoint {false, true}]
                                      [--source-id]
                                      [--target-id]
                                      [--target-resource-group]

Examples

Create a connection between aks and storage-file interactively

az aks connection create storage-file

Create a connection between aks and storage-file with resource name

az aks connection create storage-file -g ClusterRG -n MyCluster --tg StorageRG --account MyAccount --secret

Create a connection between aks and storage-file with resource id

az aks connection create storage-file --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.Storage/storageAccounts/{account}/fileServices/default --secret

Optional Parameters

--account

Name of the storage account. Required if '--target-id' is not specified.

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: dotnet, dotnet-internal, java, nodejs, none, php, python, ruby, springBoot
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--private-endpoint

Connect target service by private endpoint. The private endpoint in source virtual network must be created ahead.

Accepted values: false, true
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret.

--service-endpoint

Connect target service by service endpoint. Source resource must be in the VNet and target SKU must support service endpoint feature.

Accepted values: false, true
--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--account'] are not specified.

--target-resource-group --tg

The resource group which contains the storage account. Required if '--target-id' is not specified.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create storage-queue

Preview

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a aks connection to storage-queue.

az aks connection create storage-queue [--account]
                                       [--appconfig-id]
                                       [--client-type {dotnet, dotnet-internal, java, nodejs, none, python, springBoot}]
                                       [--connection]
                                       [--connstr-props]
                                       [--customized-keys]
                                       [--kube-namespace]
                                       [--name]
                                       [--no-wait]
                                       [--opt-out {auth, configinfo, publicnetwork}]
                                       [--private-endpoint {false, true}]
                                       [--resource-group]
                                       [--secret]
                                       [--service-endpoint {false, true}]
                                       [--service-principal]
                                       [--source-id]
                                       [--target-id]
                                       [--target-resource-group]
                                       [--workload-identity]

Examples

Create a connection between aks and storage-queue interactively

az aks connection create storage-queue

Create a connection between aks and storage-queue with resource name

az aks connection create storage-queue -g ClusterRG -n MyCluster --tg StorageRG --account MyAccount --secret

Create a connection between aks and storage-queue with resource id

az aks connection create storage-queue --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.Storage/storageAccounts/{account}/queueServices/default --secret

Optional Parameters

--account

Name of the storage account. Required if '--target-id' is not specified.

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: dotnet, dotnet-internal, java, nodejs, none, python, springBoot
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--private-endpoint

Connect target service by private endpoint. The private endpoint in source virtual network must be created ahead.

Accepted values: false, true
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret.

--service-endpoint

Connect target service by service endpoint. Source resource must be in the VNet and target SKU must support service endpoint feature.

Accepted values: false, true
--service-principal

The service principal auth info.

Usage: --service-principal client-id=XX secret=XX

client-id : Required. Client id of the service principal. object-id : Optional. Object id of the service principal (Enterprise Application). secret : Required. Secret of the service principal.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--account'] are not specified.

--target-resource-group --tg

The resource group which contains the storage account. Required if '--target-id' is not specified.

--workload-identity

The user-assigned managed identity used to create workload identity federation.

Usage: --workload-identity

user-identity-resource-id: Required. The resource id of the user assigned identity. Please DO NOT use AKS control plane identity and kubelet identity which is not supported by federated identity credential.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create storage-table

Preview

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a aks connection to storage-table.

az aks connection create storage-table [--account]
                                       [--appconfig-id]
                                       [--client-type {dotnet, dotnet-internal, java, nodejs, none, python}]
                                       [--connection]
                                       [--connstr-props]
                                       [--customized-keys]
                                       [--kube-namespace]
                                       [--name]
                                       [--no-wait]
                                       [--opt-out {auth, configinfo, publicnetwork}]
                                       [--private-endpoint {false, true}]
                                       [--resource-group]
                                       [--secret]
                                       [--service-endpoint {false, true}]
                                       [--service-principal]
                                       [--source-id]
                                       [--target-id]
                                       [--target-resource-group]
                                       [--workload-identity]

Examples

Create a connection between aks and storage-table interactively

az aks connection create storage-table

Create a connection between aks and storage-table with resource name

az aks connection create storage-table -g ClusterRG -n MyCluster --tg StorageRG --account MyAccount --secret

Create a connection between aks and storage-table with resource id

az aks connection create storage-table --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.Storage/storageAccounts/{account}/tableServices/default --secret

Optional Parameters

--account

Name of the storage account. Required if '--target-id' is not specified.

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: dotnet, dotnet-internal, java, nodejs, none, python
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--private-endpoint

Connect target service by private endpoint. The private endpoint in source virtual network must be created ahead.

Accepted values: false, true
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret.

--service-endpoint

Connect target service by service endpoint. Source resource must be in the VNet and target SKU must support service endpoint feature.

Accepted values: false, true
--service-principal

The service principal auth info.

Usage: --service-principal client-id=XX secret=XX

client-id : Required. Client id of the service principal. object-id : Optional. Object id of the service principal (Enterprise Application). secret : Required. Secret of the service principal.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--account'] are not specified.

--target-resource-group --tg

The resource group which contains the storage account. Required if '--target-id' is not specified.

--workload-identity

The user-assigned managed identity used to create workload identity federation.

Usage: --workload-identity

user-identity-resource-id: Required. The resource id of the user assigned identity. Please DO NOT use AKS control plane identity and kubelet identity which is not supported by federated identity credential.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az aks connection create webpubsub

Preview

Command group 'aks connection' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a aks connection to webpubsub.

az aks connection create webpubsub [--appconfig-id]
                                   [--client-type {dotnet, dotnet-internal, java, nodejs, none, python}]
                                   [--connection]
                                   [--connstr-props]
                                   [--customized-keys]
                                   [--kube-namespace]
                                   [--name]
                                   [--no-wait]
                                   [--opt-out {auth, configinfo, publicnetwork}]
                                   [--private-endpoint {false, true}]
                                   [--resource-group]
                                   [--secret]
                                   [--service-principal]
                                   [--source-id]
                                   [--target-id]
                                   [--target-resource-group]
                                   [--webpubsub]
                                   [--workload-identity]

Examples

Create a connection between aks and webpubsub interactively

az aks connection create webpubsub

Create a connection between aks and webpubsub with resource name

az aks connection create webpubsub -g ClusterRG -n MyCluster --tg WebpubsubRG --webpubsub MyWebPubSub --secret

Create a connection between aks and webpubsub with resource id

az aks connection create webpubsub --source-id /subscriptions/{subscription}/resourceGroups/{source_resource_group}/providers/Microsoft.ContainerService/managedClusters/{cluster} --target-id /subscriptions/{subscription}/resourceGroups/{target_resource_group}/providers/Microsoft.SignalRService/WebPubSub/{webpubsub} --secret

Optional Parameters

--appconfig-id

The app configuration id to store configuration.

--client-type

The client type used on the aks.

Accepted values: dotnet, dotnet-internal, java, nodejs, none, python
--connection

Name of the aks connection.

--connstr-props

The addtional connection string properties used to for building connection string.

--customized-keys

The customized keys used to change default configuration names. Key is the original name, value is the customized name.

--kube-namespace

The kubernetes namespace where the connection information will be saved into (as kubernetes secret).

Default value: default
--name -n

Name of the managed cluster. Required if '--source-id' is not specified.None.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--opt-out

Whether to disable some configuration steps. Use configinfo to disbale configuration information changes on source. Use publicnetwork to disable public network access configuration.Use auth to skip auth configuration such as enabling managed identity and granting RBAC roles.

Accepted values: auth, configinfo, publicnetwork
--private-endpoint

Connect target service by private endpoint. The private endpoint in source virtual network must be created ahead.

Accepted values: false, true
--resource-group -g

The resource group which contains the managed cluster. Required if '--source-id' is not specified.None.

--secret

The secret auth info.

Usage: --secret.

--service-principal

The service principal auth info.

Usage: --service-principal client-id=XX secret=XX

client-id : Required. Client id of the service principal. object-id : Optional. Object id of the service principal (Enterprise Application). secret : Required. Secret of the service principal.

--source-id

The resource id of a aks. Required if ['--resource-group', '--name'] are not specified.

--target-id

The resource id of target service. Required if ['--target-resource-group', '--webpubsub'] are not specified.

--target-resource-group --tg

The resource group which contains the webpubsub. Required if '--target-id' is not specified.

--webpubsub

Name of the webpubsub service. Required if '--target-id' is not specified.

--workload-identity

The user-assigned managed identity used to create workload identity federation.

Usage: --workload-identity

user-identity-resource-id: Required. The resource id of the user assigned identity. Please DO NOT use AKS control plane identity and kubelet identity which is not supported by federated identity credential.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.