Before deploying a production-grade AKS cluster, you must properly configure Azure CLI, subscription settings, networking, and identity.
This guide walks through the exact foundational steps used by platform engineers when building AKS in eastus2.
π― Goal of Phase 1
By the end of this phase, you will have:
- Azure CLI installed and configured
- Subscription properly selected
- Default region set to
eastus2 - Resource Group created
- Virtual Network + Subnet created
- Managed Identity created
- Required Azure resource providers registered
This sets the stage for production AKS deployment.
π Step 1 β Install Azure CLI
On Ubuntu / WSL:
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
Verify installation:
az version
You are now ready to manage resources in:
- Microsoft Azure
π Step 2 β Authenticate
az login
This authenticates via:
- Microsoft Entra ID
List available subscriptions:
az account list --output table
Set your working subscription:
az account set --subscription "<SUBSCRIPTION_ID>"
Confirm:
az account show --output table
π Step 3 β Set Default Region to East US 2
Instead of specifying --location every time:
az configure --defaults location=eastus2
Verify available regions:
az account list-locations --output table
Now all new resources default to:
eastus2
π¦ Step 4 β Create Resource Group
Resource Groups logically organize infrastructure.
az group create \
--name aks-east2-rg
Verify:
az group show --name aks-east2-rg --output table
π Step 5 β Create Production Networking (VNet + Subnet)
We prepare networking before creating AKS.
az network vnet create \
--resource-group aks-east2-rg \
--name aks-vnet \
--address-prefix 10.0.0.0/8 \
--subnet-name aks-subnet \
--subnet-prefix 10.240.0.0/16
This creates:
- Virtual Network
- Subnet dedicated for AKS
This integrates later with:
- Azure Virtual Network
π Step 6 β Create Managed Identity
Modern AKS uses Managed Identity instead of Service Principals.
az identity create \
--resource-group aks-east2-rg \
--name aks-mi
Capture:
principalIdclientIdid
This identity will later allow AKS to manage networking and cloud resources securely.
π¨ Step 7 β Register Required Resource Providers
When enabling monitoring later, many users hit this error:
MissingSubscriptionRegistration:
Microsoft.OperationalInsights
This happens because new subscriptions do not automatically register all providers.
Register them once:
az provider register --namespace Microsoft.OperationalInsights
az provider register --namespace Microsoft.ContainerService
az provider register --namespace Microsoft.Network
az provider register --namespace Microsoft.Compute
Verify registration:
az provider show \
--namespace Microsoft.OperationalInsights \
--query registrationState
Wait until:
Registered
Why this matters:
Monitoring uses:
- Azure Monitor
- Log Analytics
Which depend on the Microsoft.OperationalInsights namespace.
This step prevents AKS deployment failures later.
π§ What You Learned in Phase 1
You now understand:
- Azure subscription context management
- Default region configuration
- Azure networking basics for AKS
- Managed identity creation
- Azure provider registration mechanics
- Why monitoring requires Operational Insights
Most AKS failures in real environments happen because Phase 1 was skipped or done incorrectly.
Youβve now built a clean, production-ready foundation.
π Current Architecture State
Subscription
β
βββ Resource Group: aks-east2-rg
βββ Virtual Network: aks-vnet
β βββ Subnet: aks-subnet
βββ Managed Identity: aks-mi
No Kubernetes cluster yet β just solid groundwork.
β Whatβs Next?
In Phase 2, we will:
- Attach AKS to existing VNet
- Use Azure CNI
- Assign network roles to Managed Identity
- Enable OIDC & Workload Identity
- Enable Monitoring
- Deploy a production-ready cluster
Top comments (0)