Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
Azure Kubernetes Service on bare metal is currently in preview. See the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability. Azure Kubernetes Service on bare metal previews are partially covered by customer support on a best-effort basis.
This article describes the hardware, network, and Azure requirements for deploying Azure Kubernetes Service (AKS) on bare metal.
Hardware requirements
Use one of the supported devices for small form factor deployments of Azure Local.
Network requirements
Outbound internet connectivity
The bare metal host requires outbound internet access to the following endpoints:
| Endpoint | Purpose |
|---|---|
*.arc.azure.net |
Azure Arc connectivity |
management.azure.com |
Azure Resource Manager |
login.microsoftonline.com |
Microsoft Entra authentication |
mcr.microsoft.com |
Container image pulls |
*.data.mcr.microsoft.com |
Container image data |
guestnotificationservice.azure.com |
Arc guest notifications |
IP address planning
You need one IP address planned before deployment:
| IP type | Purpose | Notes |
|---|---|---|
| Control plane IP | Kubernetes API server endpoint | Must be in the same subnet as the host or match the host IP |
Azure prerequisites
Subscription and permissions
| Requirement | Details |
|---|---|
| Azure subscription | Active subscription with billing enabled |
| Region | East US (only supported region for public preview) |
| Role | Owner or Contributor + User Access Administrator on the resource group |
| Role assignment status | Must be both Active and Permanent |
| Resource providers | Microsoft.HybridCompute, Microsoft.HybridContainerService, Microsoft.Kubernetes, Microsoft.ExtendedLocation must be registered |
Important
If your role assignment isn't active and permanent, you might need to temporarily elevate your permissions before running deployment commands.
Register resource providers
Ensure Azure CLI is installed and signed in.
az provider register --namespace Microsoft.HybridCompute
az provider register --namespace Microsoft.HybridContainerService
az provider register --namespace Microsoft.Kubernetes
az provider register --namespace Microsoft.ExtendedLocation
Azure CLI extensions
Install the required CLI extensions:
az extension add --name connectedk8s
Note
The connectedk8s extension is required to connect to your cluster after deployment using az connectedk8s proxy.
Arc-enabled machine
Before deploying an AKS cluster, you must have a small form factor Azure Local device set up by following the Azure Local documentation.
Entra ID requirements
To use Azure RBAC for cluster access:
| Requirement | Details |
|---|---|
| Entra ID group | A security group containing users who need cluster admin access |
| Group object ID | The object ID of the Entra ID group (found in Azure portal → Entra ID → Groups) |