ZPC offers insight into your Microsoft Azure Kubernetes public clusters. ZPC provides a script for you to download and run on your AKS clusters. The script enables ZPC APIs to access and collect AKS cluster configuration metadata.

The script:

1. Creates a cluster role and role binding with the service principal used for onboarding the Microsoft Azure account.
2. Allowlists the ZPC IP addresses if your Kubernetes cluster has authorized IP ranges enabled.

Prerequisites

Before you onboard AKS clusters, you need to:

• Make sure the Microsoft Azure cloud accounts that contain the clusters are onboarded to ZPC. To learn how to onboard a Microsoft Azure account, see Onboarding a Microsoft Azure Account.
• Make sure you are a Kubernetes Cluster Admin.
• Make sure you have necessary roles for the following authentication and authorization methods:
  • Azure AD Authentication with Kubernetes RBAC: You need to be a part of the AAD group which has the Cluster Admin Access role.
  • Azure AD Authentication with Azure RBAC: You have the Azure Kubernetes Service RBAC Cluster Admin role.

Onboarding AKS Clusters in a Single Microsoft Azure Account

To onboard AKS clusters in a single Microsoft Azure account on ZPC:

1. In the ZPC Admin Portal, go to Administration > Cloud Accounts.
2. Click the Accounts tab.
3. Click the Actions icon, then select the Add Kubernetes Cluster option for a Microsoft Azure account.

See image.

4. On the Cluster Selection page, you can view and search for the following AKS cluster details available in the selected Microsoft Azure account:
   • Cluster Name: Name of the AKS cluster.
   • Region: Region of the AKS cluster.
   • Kubernetes Version: Current Kubernetes version running on the cluster.
   • Status: Onboarding status of the cluster (Success, Pending, or Failure).
   • Private Cluster: Whether the cluster is public or private.
5. Select clusters you want to onboard, then click Next.

See image.

6. On the Cluster Access page, click Download the bash script.
7. Click Log in to AZURE cloud console and execute the bash script.
8. After the script is deployed, in the ZPC Admin Portal, click Finish.

Onboarding AKS clusters in a Microsoft Azure organization

You can choose to onboard AKS clusters from multiple accounts belonging to a single Microsoft Azure organization. To onboard AKS clusters in a Microsoft Azure organization on ZPC:

1. In the ZPC Admin Portal, go to Administration > Cloud Accounts.
2. Click the Organizations tab.
3. Click the Actions icon, then select the Add Kubernetes Cluster option for a Microsoft Azure account.

See image.

4. On the Cluster Selection page, you can view and search for the following AKS cluster details available on the selected Microsoft Azure organization:
   • Cluster Name: Name of the AKS cluster.
   • Region: Region of the AKS cluster.
   • Kubernetes Version: Current Kubernetes version running on the cluster.
   • Status: Onboarding status of the cluster (Success, Pending, or Failure).
   • Private Cluster: Whether the cluster is public or private.
5. Select clusters you want to onboard, then click Next.

See image.

6. On the Cluster Access page, click Download the bash script.
7. Click Log in to AZURE cloud console and execute the bash script.
8. After the script is deployed, in the ZPC Admin Portal, click Finish.