Add the Azure Kubernetes Services (AKS) engine prerequisites to the Azure Stack Hub Marketplace
You can set up the Azure Kubernetes Services (AKS) Engine for your users. Add the items described in this article to your Azure Stack Hub. Your users can then deploy a Kubernetes cluster in a single, coordinated operation. This article walks you through the steps you need to make the AKS engine available to your users in both connected and disconnected environments. The AKS engine depends on a service principle identity. The AKS engine also must have in the marketplace: a Custom Script extension, and the AKS base image. The AKS engine requires that you're running Azure Stack Hub 1910 or greater.
Note
You can find the mapping of Azure Stack Hub to AKS engine version number in the AKS engine release notes.
Check your user's service offering
Your users will need a plan, offer, and subscription to Azure Stack Hub with enough space. Users will often want to deploy clusters of up to six virtual machines, made of three masters and three worker nodes. You'll want to make sure they have a large enough quota.
If you need more information about planning and setting up a service offering, see Overview of offering services in Azure Stack Hub
Create a service principal and credentials
The Kubernetes cluster will need service principal (SPN) and role-based permissions in Azure Stack Hub.
Create an SPN in Microsoft Entra ID
If you use Microsoft Entra ID for your identity management service, you'll need to create an SPN for users deploying a Kubernetes cluster. Create an SPN using a client secret.
For instructions using the Administrative portal, see Create an app registration.
For instructions, see Create an app registration that uses a client secret credential.Create an SPN in AD FS
If you use Active Directory Federated Services (AD FS) for your identity management service, you'll need to create an SPN for users deploying a Kubernetes cluster. Create an SPN using a client secret.
For instructions using PowerShell, see Create an app registration that uses a client secret credential.
Assign a role
The SPN will need access to resources in the user subscription using the SPN. The SPN will need Contributor access. For instructions on assigning a role, see Assign a role.
Add an AKS Base Image
You can add an AKS Base Image to the marketplace by getting the item from Azure. However, if your Azure Stack Hub is disconnected, use these instructions Download marketplace items from Azure to add the item. Add the item specified in step 5.
Add the following item to the marketplace:
Sign in to the Administration portal
https://adminportal.local.azurestack.external
.Select All services, and then under the ADMINISTRATION category, select Marketplace management.
Select + Add from Azure.
Enter
AKS Base
.Select the image version that matches the version of the AKS engine. You can find listing of AKS Base Image to AKS engine version at Supported Kubernetes Versions.
Select Download.
Add a custom script extension
You can add the custom script to the marketplace by getting the item from Azure. However, if your Azure Stack Hub is disconnected, use the instructions Download marketplace items from Azure to add the item. Add the item specified in step 5.
Open the Administration portal
https://adminportal.local.azurestack.external
.Select ALL services and then under the ADMINISTRATION category, select Marketplace Management.
Select + Add from Azure.
Enter
Custom Script for Linux
.Select the script with the following profile:
Offer: Custom Script for Linux 2.0
Version: 2.0.6 (or latest version)
Publisher: Microsoft Corp
Note
More than one version of the Custom Script for Linux may be listed. You will need to add the last version of the item.
Select Download.