Azure Kubernetes Service (AKS)
Overview
Azure Kubernetes Service is fully supported by OpsWorker. The standard Helm installation works on AKS clusters without Azure-specific configuration.
Setup
Follow the standard agent installation process.
AKS-Specific Notes
Networking
- NSG rules: Ensure outbound HTTPS (port 443) to
*.amazonaws.comis allowed in your Network Security Group. The OpsWorker backend runs on AWS. - Azure Firewall: If using Azure Firewall, add
*.amazonaws.comto the application rule collection for HTTPS. - NAT Gateway: If using a NAT Gateway for outbound traffic, ensure it allows HTTPS to AWS endpoints.
Identity
- Azure AD Pod Identity / Workload Identity not required: The agent uses a cluster token for authentication. No Azure identity integration is needed.
Node Pools
| Pool Type | Support |
|---|---|
| System node pool | Fully supported |
| User node pool | Fully supported |
| Virtual nodes (ACI) | Not tested |
Azure Policy
If Azure Policy for AKS is enabled, ensure policies don't block:
- Creating pods in the
opsworkernamespace - Outbound HTTPS connections to non-Azure endpoints
Next Steps
- Install the Agent — Step-by-step installation
- Verify Connection — Confirm the agent is connected