Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Cluster extensions provide an Azure Resource Manager driven experience for installation and lifecycle management of services like Azure Machine Learning or Kubernetes applications on an AKS cluster. This feature enables:
- Azure Resource Manager-based deployment of extensions, including at-scale deployments across AKS clusters.
- Lifecycle management of the extension (Update, Delete) from Azure Resource Manager.
Categories of cluster extensions
There are two categories of cluster extensions, Core and Standard that can be deployed onto AKS clusters.
Core extensions
Core Kubernetes extensions have broader region availability, a more integrated AKS experience, and release alignment to AKS version releases. Azure Backup is a core extension.
AKS native experience
Core extensions can be managed using az aks CLI command.
az aks extension create \
--name <core extension name> \
--extension-type <type> \
--cluster-name <name> \
--resource-group <group>
For more information about the commands, see az aks.
Release policy
Minor and major upgrades of core extensions occur alongside AKS minor and major version updates to avoid introducing breaking changes and provide better reliability.
Cluster extension requirements
The cluster extensions platform is supported in all regions where AKS is deployed, except Qatar Central and US air gapped clouds. Although the platform is available in all regions, check the region availability for individual extensions.
Important
Ensure that your AKS cluster is created with a managed identity, as cluster extensions don't work with service principal-based clusters.
For new clusters created with az aks create, managed identity is configured by default. For existing service principal-based clusters that need to be switched over to managed identity, it can be enabled by running az aks update with the --enable-managed-identity flag. For more information, see Use managed identity.
Note
If you enabled Microsoft Entra pod-managed identity on your AKS cluster or are considering implementing it, recommendations and options to set up your cluster to use a Microsoft Entra Workload ID (preview). This authentication method replaces pod-managed identity (preview), which integrates with the Kubernetes native capabilities to federate with any external identity providers.
Currently available extensions
| Extension | Description |
|---|---|
| Azure App Configuration | Use Azure App Configuration to centrally manage application settings and feature flags. |
| Azure Machine Learning | Use Azure Kubernetes Service clusters to train, inference, and manage machine learning models in Azure Machine Learning. |
| [Flux (GitOps)][gitops-overview] | Use GitOps with Flux to manage cluster configuration and application deployment. See also [supported versions of Flux (GitOps)][gitops-support] and [Tutorial: Deploy applications using GitOps with Flux v2][gitops-tutorial]. |
| Azure Container Storage | Use Azure Container Storage to manage block storage on AKS clusters to store data in persistent volumes. |
Note
Cluster extensions provide a platform for different extensions to be installed and managed on an AKS cluster. If you're facing issues while using any of these extensions, open a support ticket with the respective service.