← marketplace
devopsplatformsha:d7eeb40ac5a94d9dmanual
azure-kubernetes
Use when running workloads on Azure Kubernetes Service: cluster sizing, identity, networking, autoscaling, upgrade strategy, and observability for AKS specifically rather than vanilla Kubernetes.
source: https://github.com/microsoft/azure-skills/tree/main/skills/azure-kubernetes ↗microsoft/azure-skills· ★ 1.1k
Install confidence
curl --create-dirs -fsSL https://skillmake.xyz/i/azure-kubernetes -o ~/.claude/skills/azure-kubernetes/SKILL.md
Pinned content
sha:d7eeb40ac5a94d9d
Generated with
manual
Source
github.com
The file served at /api/marketplace/azure-kubernetes-d7eeb40a/raw matches this hash. Inspect before install, then copy the command.
3,238 chars · ~810 tokens
--- name: azure-kubernetes description: "Use when running workloads on Azure Kubernetes Service: cluster sizing, identity, networking, autoscaling, upgrade strategy, and observability for AKS specifically rather than vanilla Kubernetes." source: https://github.com/microsoft/azure-skills/tree/main/skills/azure-kubernetes generated: 2026-05-25T02:43:55.500Z category: platform audience: devops --- ## When to use - Provisioning a production-grade AKS cluster instead of using the portal defaults that won't survive a real workload - Wiring workload identity, Key Vault CSI, and Entra-integrated RBAC so pods authenticate without baked-in secrets - Choosing between Azure CNI, Azure CNI Overlay, and kubenet for a network topology that fits the org's VNet plan - Planning a minor-version upgrade and node-image rotation without a self-inflicted outage ## Key concepts ### Cluster identity model Modern clusters use a managed identity for the control plane and workload identity for pods. Service principals are legacy and should be migrated. ### Network plugin choice Azure CNI assigns VNet IPs to every pod (IP-hungry, low latency), Azure CNI Overlay uses an overlay network (IP-cheap), kubenet is legacy. Choose at cluster create; switching later is invasive. ### Autoscaling layers Cluster Autoscaler scales nodes, Horizontal Pod Autoscaler scales replicas, KEDA scales on external metrics. They compose; understand the order of operations before tuning. ### Upgrade and node images AKS minor-version upgrades and node-image upgrades are separate. Stale node images carry CVE risk even on a current control plane. ### Add-ons vs bring-your-own Managed add-ons (CSI, monitoring, ingress) are easy to enable but constrain customization; many teams disable the managed ingress in favor of NGINX or Gateway API. ## API reference ``` npx skills add microsoft/azure-skills --skill azure-kubernetes ``` Install the AKS skill bundle. ``` npx skills add microsoft/azure-skills --skill azure-kubernetes ``` ``` az aks create / az aks get-credentials / az aks upgrade ``` Create a cluster with sensible production defaults, fetch kubeconfig, then perform a controlled upgrade. ``` az aks create -g rg -n aks-prod --node-count 3 --network-plugin azure --network-plugin-mode overlay --enable-managed-identity --enable-workload-identity --enable-oidc-issuer --tier standard az aks get-credentials -g rg -n aks-prod az aks upgrade -g rg -n aks-prod --kubernetes-version 1.30.0 --control-plane-only ``` ## Gotchas - Free-tier control plane has no SLA; production should run on Standard or Premium tier - Pod IP exhaustion on Azure CNI is a silent killer; pick a subnet with room for max-pods * max-nodes - Stopping a cluster does not free node disks or load balancers; cost continues unless you fully delete - Node-image upgrades reboot nodes; if pods have no PDB, you can take an outage during routine maintenance - Managed Prometheus and Container Insights both bill on ingestion; enable selectively or you will see a surprise on the invoice --- Generated by SkillMake from https://github.com/microsoft/azure-skills/tree/main/skills/azure-kubernetes on 2026-05-25T02:43:55.500Z. Verify against source before relying on details.
File: ~/.claude/skills/azure-kubernetes/SKILL.md