Skip to main content

AKS requirements

Verify system requirements

Although Calico Cloud checks that your cluster meets System requirements, verifying now can save you time troubleshooting.

Verify AKS settings

  1. Check that you're using a supported CNI and network policy configuration by running the following command on your AKS cluster:

    az aks show --query 'networkProfile'

    You must have one of the following combinations of values fornetworkPlugin and networkPolicy:

    • "networkPlugin": "none" and "networkPolicy": null
    • "networkPlugin": "azure" and "networkPolicy": null
    • "networkPlugin": "azure" and "networkPolicy": "calico"
  2. Verify that transparent mode is being used by running one of the following commands.

    cat /etc/cni/net.d/*


    az vmss run-command invoke -g <resource-group> -n <vmss-name> --scripts "cat /etc/cni/net.d/*" --command-id RunShellScript --instance-id 0 --query 'value[0].message'

    If the Azure CNI is enabled, the output should include "mode": "transparent".

For help in the Azure portal, see Azure CNI in transparent mode.

Verify IAM permissions

Verify that your user account has IAM permissions to create Kubernetes ClusterRoles, ClusterRoleBindings, Deployments, Service Accounts, and Custom Resource Definitions. The easiest way to grant permissions is to assign the "Kubernetes Service Cluster Admin Role” to your user account. For help, see AKS access control.

Need help connecting your cluster?

Troubleshooting checklist