Gathering Azure activation parameters

You configure almost all (99%) of Azure cloud resources using environment activation parameters. These parameters are available by querying Azure resource providers in the old environment. You use these parameters, which you manually document, during the activation of the new environment.

The Azure environment activation settings you want to carry over to the new environment include the compute VM size (E16ds_v4 or E16_v3), any user-assigned, managed identity, subnets, private CDW and IP CIDRS, overlay networking, and minimum permissions.
  1. Obtain a managed identity for Azure activations.
    The new, required managed identity parameter provides privileges to deploy the AKS cluster. For more information about required minimal privileges, see "Setting up minimum permissions".
  2. Query the environment to get the Azure environment activation settings you want to carry over to the new environment.
    Query the environment to get the activation parameters.
    az aks show -n <AKS_CLUSTER_NAME>  -g <CDW_RESOURCE_GROUP> --query '{Agentpools:agentPoolProfiles[].{Name:name, Version:orchestratorVersion, State:provisioningState, AZ:availabilityZones, SKU:vmSize, VnetSubnet:vnetSubnetId, PodSubnet:podSubnetId, CDW_Timestamp:tags.timestamp, PowerState: powerState}, Api:apiServerAccessProfile, NetworkType:networkProfile.networkPluginMode, DockerCIDR:networkProfile.dockerBridgeCidr, outboundType:networkProfile.outboundType, privateFQDN:privateFqdn, Identity:identity, FQDN:fqdn, AKSVersion:kubernetesVersion, Location:location, SKU: sku, OMS: addonProfiles.omsagent}' -o jsonc
    The query output maps to the following activation parameters:
    • Compute VM Size: Agentpoolc.SKU
    • Subnet: Agentpoolc.VnetSubnet
    • Private CDW: api.enablePrivateCluster
    • Managed identity: Identity
    • Availability Zones: agentpoolss.AZ
    • AKS Monitoring: oms
    • K8s CIDR: api.authorizedIpRanges
    • Overlay networking: NetworkType
    • Docker CIDR: dockerCidr
    • AKS DNS Zone: api.privateDnsZone
    • OutboundType: outboundType
  3. Get the internal load balancer settings in one of the following ways.
    az resource list -g  MC_<AKS_CLUSTER_NAME>_<REGION> --query "[?type == 'Microsoft.Network/loadBalancers'].{Name: name, Type: type}" -o jsonc
    If the output lists an internal load balancer, the environment has been activated with the Enable internal load balancers option.
  4. Get the PostgreSQL server setting using Azure CLI.
    az postgres flexible-server show -g <CDW_RESOURCE_GROUP> -n <SQL_SERVER_NAME> --query '{Name:name, FQDN: fullyQualifiedDomainName, Version: version, Network:network}' -o jsonc
    Note the following activation parameters:
    • Private-sql-subnet-name: delegatedSubnetResourceId
    • Private-dns-zone-sql: privateDnsZoneArmResourceId