You configure almost all (99%) of Azure cloud resources using environment activation
parameters. These parameters are available by querying Azure resource providers in the old
environment. You use these parameters, which you manually document, during the activation of
the new environment.
The Azure environment activation settings you want
to carry over to the new environment include the compute VM size (E16ds_v4 or E16_v3),
any user-assigned, managed identity, subnets, private CDW and IP CIDRS, overlay
networking, and minimum permissions.
-
Obtain a managed identity for Azure activations.
The new, required managed identity parameter provides privileges to deploy the
AKS cluster. For more information about required minimal privileges, see
"Setting up minimum
permissions".
-
Query the environment to get the Azure environment activation settings you want
to carry over to the new environment.
Query the environment to get the activation parameters.
az aks show -n <AKS_CLUSTER_NAME> -g <CDW_RESOURCE_GROUP> --query '{Agentpools:agentPoolProfiles[].{Name:name, Version:orchestratorVersion, State:provisioningState, AZ:availabilityZones, SKU:vmSize, VnetSubnet:vnetSubnetId, PodSubnet:podSubnetId, CDW_Timestamp:tags.timestamp, PowerState: powerState}, Api:apiServerAccessProfile, NetworkType:networkProfile.networkPluginMode, DockerCIDR:networkProfile.dockerBridgeCidr, outboundType:networkProfile.outboundType, privateFQDN:privateFqdn, Identity:identity, FQDN:fqdn, AKSVersion:kubernetesVersion, Location:location, SKU: sku, OMS: addonProfiles.omsagent}' -o jsonc
The query output maps to the following activation parameters:
- Compute VM Size: Agentpoolc.SKU
- Subnet: Agentpoolc.VnetSubnet
- Private CDW: api.enablePrivateCluster
- Managed identity: Identity
- Availability Zones: agentpoolss.AZ
- AKS Monitoring: oms
- K8s CIDR: api.authorizedIpRanges
- Overlay networking: NetworkType
- Docker CIDR: dockerCidr
- AKS DNS Zone: api.privateDnsZone
- OutboundType: outboundType
-
Get the internal load balancer settings in one of the following ways.
az resource list -g MC_<AKS_CLUSTER_NAME>_<REGION> --query "[?type == 'Microsoft.Network/loadBalancers'].{Name: name, Type: type}" -o jsonc
If
the output lists an internal load balancer, the environment has been
activated with the
Enable internal load balancers
option.
-
Get the PostgreSQL server setting using Azure CLI.
az postgres flexible-server show -g <CDW_RESOURCE_GROUP> -n <SQL_SERVER_NAME> --query '{Name:name, FQDN: fullyQualifiedDomainName, Version: version, Network:network}' -o jsonc
Note the following activation parameters:
- Private-sql-subnet-name: delegatedSubnetResourceId
- Private-dns-zone-sql: privateDnsZoneArmResourceId