AKS requirements
Verify system requirements
Although Calico Cloud checks that your cluster meets System requirements, verifying now can save you time troubleshooting.
Verify AKS settings
Check that you're using a supported CNI and network policy configuration by running the following command on your AKS cluster:
az aks show --query 'networkProfile'
You must have one of the following combinations of values for
networkPlugin
andnetworkPolicy
:"networkPlugin": "none"
and"networkPolicy": null
"networkPlugin": "azure"
and"networkPolicy": null
"networkPlugin": "azure"
and"networkPolicy": "calico"
Verify that transparent mode is being used by running one of the following commands.
cat /etc/cni/net.d/*
OR
az vmss run-command invoke -g <resource-group> -n <vmss-name> --scripts "cat /etc/cni/net.d/*" --command-id RunShellScript --instance-id 0 --query 'value[0].message'
If the Azure CNI is enabled, the output should include
"mode": "transparent"
.
For help in the Azure portal, see Azure CNI in transparent mode.
Verify IAM permissions
Verify that your user account has IAM permissions to create Kubernetes ClusterRoles, ClusterRoleBindings, Deployments, Service Accounts, and Custom Resource Definitions. The easiest way to grant permissions is to assign the "Kubernetes Service Cluster Admin Role” to your user account. For help, see AKS access control.