azure-aks
Azure Kubernetes Service (AKS) Skill
Deploy and manage containerized applications with Azure Kubernetes Service.
Triggers
Use this skill when you see:
- azure aks, aks cluster, azure kubernetes
- managed kubernetes, aks node pool
- aks networking, aks identity
- aks monitoring, container insights
Instructions
Create AKS Cluster
# Create resource group
az group create --name mygroup --location eastus
# Create AKS cluster
az aks create \
--resource-group mygroup \
--name myaks \
--node-count 3 \
--node-vm-size Standard_DS2_v2 \
--enable-managed-identity \
--enable-addons monitoring \
--generate-ssh-keys
# Get credentials
az aks get-credentials --resource-group mygroup --name myaks
# Verify connection
kubectl get nodes
Node Pools
# Add node pool
az aks nodepool add \
--resource-group mygroup \
--cluster-name myaks \
--name gpupool \
--node-count 2 \
--node-vm-size Standard_NC6 \
--node-taints sku=gpu:NoSchedule \
--labels workload=gpu
# Scale node pool
az aks nodepool scale \
--resource-group mygroup \
--cluster-name myaks \
--name nodepool1 \
--node-count 5
# Enable cluster autoscaler
az aks nodepool update \
--resource-group mygroup \
--cluster-name myaks \
--name nodepool1 \
--enable-cluster-autoscaler \
--min-count 1 \
--max-count 10
# List node pools
az aks nodepool list --resource-group mygroup --cluster-name myaks -o table
Networking
# Create AKS with Azure CNI
az aks create \
--resource-group mygroup \
--name myaks \
--network-plugin azure \
--vnet-subnet-id /subscriptions/.../subnets/aks-subnet \
--service-cidr 10.0.0.0/16 \
--dns-service-ip 10.0.0.10 \
--docker-bridge-address 172.17.0.1/16
# Enable HTTP application routing
az aks enable-addons \
--resource-group mygroup \
--name myaks \
--addons http_application_routing
# Create internal load balancer
kubectl apply -f - <<EOF
apiVersion: v1
kind: Service
metadata:
name: internal-app
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
spec:
type: LoadBalancer
ports:
- port: 80
selector:
app: myapp
EOF
Azure Container Registry Integration
# Create ACR
az acr create --resource-group mygroup --name myacr --sku Standard
# Attach ACR to AKS
az aks update \
--resource-group mygroup \
--name myaks \
--attach-acr myacr
# Build and push image
az acr build --registry myacr --image myapp:v1 .
# Use in deployment
# image: myacr.azurecr.io/myapp:v1
Identity and Security
# Enable workload identity
az aks update \
--resource-group mygroup \
--name myaks \
--enable-oidc-issuer \
--enable-workload-identity
# Create managed identity
az identity create \
--name myapp-identity \
--resource-group mygroup
# Create service account with workload identity
kubectl apply -f - <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: myapp-sa
annotations:
azure.workload.identity/client-id: <CLIENT_ID>
EOF
# Enable Azure RBAC for Kubernetes
az aks update \
--resource-group mygroup \
--name myaks \
--enable-azure-rbac
# Assign Azure Kubernetes Service RBAC Cluster Admin
az role assignment create \
--role "Azure Kubernetes Service RBAC Cluster Admin" \
--assignee <USER_PRINCIPAL_ID> \
--scope /subscriptions/.../resourceGroups/mygroup/providers/Microsoft.ContainerService/managedClusters/myaks
Monitoring
# Enable Container Insights
az aks enable-addons \
--resource-group mygroup \
--name myaks \
--addons monitoring \
--workspace-resource-id /subscriptions/.../workspaces/myworkspace
# View logs
az aks browse --resource-group mygroup --name myaks
# Query logs with KQL
# ContainerLog
# | where LogEntry contains "error"
# | project TimeGenerated, LogEntry
Ingress Controller
# Install NGINX ingress controller
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx \
--namespace ingress-nginx \
--create-namespace \
--set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-health-probe-request-path"=/healthz
# Create ingress
kubectl apply -f - <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myapp-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- host: myapp.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: myapp-service
port:
number: 80
EOF
GitOps with Flux
# Enable GitOps extension
az k8s-extension create \
--resource-group mygroup \
--cluster-name myaks \
--cluster-type managedClusters \
--name flux \
--extension-type microsoft.flux
# Create Flux configuration
az k8s-configuration flux create \
--resource-group mygroup \
--cluster-name myaks \
--cluster-type managedClusters \
--name gitops-config \
--namespace flux-system \
--url https://github.com/myorg/myrepo \
--branch main \
--kustomization name=infra path=./infrastructure prune=true \
--kustomization name=apps path=./apps prune=true dependsOn=infra
Maintenance
# Upgrade AKS
az aks get-upgrades --resource-group mygroup --name myaks -o table
az aks upgrade --resource-group mygroup --name myaks --kubernetes-version 1.28.0
# Start/Stop cluster (dev/test)
az aks stop --resource-group mygroup --name myaks
az aks start --resource-group mygroup --name myaks
# Get cluster info
az aks show --resource-group mygroup --name myaks -o table
Best Practices
- Node Pools: Use multiple node pools for different workloads
- Autoscaling: Enable cluster autoscaler for cost optimization
- Security: Use workload identity, enable Azure RBAC
- Networking: Use Azure CNI for production workloads
- Monitoring: Enable Container Insights for observability
Common Workflows
Deploy Application to AKS
- Create AKS cluster with managed identity
- Attach ACR for container images
- Deploy application manifests
- Configure ingress for external access
- Set up monitoring with Container Insights
Set Up GitOps
- Enable Flux extension on AKS
- Create Git repository with manifests
- Configure Flux to sync from repository
- Use Kustomize for environment overlays
- Monitor sync status in Azure Portal
More from housegarofalo/claude-code-base
mqtt-iot
Configure MQTT brokers (Mosquitto, EMQX) for IoT messaging, device communication, and smart home integration. Manage topics, QoS levels, authentication, and bridging. Use when setting up IoT messaging, smart home communication, or device-to-cloud connectivity. (project)
22devops-engineer-agent
Infrastructure and DevOps specialist. Manages Docker, Kubernetes, CI/CD pipelines, and cloud deployments. Expert in GitHub Actions, Azure DevOps, Terraform, and container orchestration. Use for deployment automation, infrastructure setup, or CI/CD optimization.
6postgresql
Design, optimize, and manage PostgreSQL databases. Covers indexing, pgvector for AI embeddings, JSON operations, full-text search, and query optimization. Use when working with PostgreSQL, database design, or building data-intensive applications.
6home-assistant
Ultimate Home Assistant skill - complete administration, wireless protocols (Zigbee/ZHA/Z2M, Z-Wave JS, Thread, Matter), ESPHome device building, advanced troubleshooting, performance optimization, security hardening, custom integration development, and professional dashboard design. Covers configuration, REST API, automation debugging, database optimization, SSL/TLS, Jinja2 templating, and HACS custom cards. Use for any HA task.
6testing
Comprehensive testing skill covering unit, integration, and E2E testing with pytest, Jest, Cypress, and Playwright. Use for writing tests, improving coverage, debugging test failures, and setting up testing infrastructure.
5react-typescript
Build modern React applications with TypeScript. Covers React 18+ patterns, hooks, component architecture, state management (Zustand, Redux Toolkit), server components, and best practices. Use for React development, TypeScript integration, component design, and frontend architecture.
5