To follow the procedures in Consuming Azure Flexible Server for PostgreSQL on Tanzu Application Platform with Azure Service Operator (ASO) you need:

If you do not already have a cluster that meets these requirements, you can follow this procedure to create and configure a cluster:

  1. Install the Azure CLI. For how to do so, see the Microsoft documentation.

  2. Ensure that you are logged in to Azure by running:

    az login
  3. Create an Azure Kubernetes Service (AKS) cluster. The quickest and simplest way to create an AKS cluster is to use the Azure CLI, as in the following example that creates a new ResourceGroup and AKS cluster:

    # Name of the resource group to contain the AKS cluster
    # Location of the Cluster
    # Cluster name
    # Arbitrary labels for the cluster
    LABELS="key=value key2=value2"
    # Number of k8s nodes
    az group create --name "${RESOURCE_GROUP_NAME}" --location "${LOCATION}"
    az aks create -g "${RESOURCE_GROUP_NAME}" -n "${CLUSTER_NAME}" --enable-managed-identity --node-count "${NODES}" --enable-addons monitoring --tags "${LABELS}" -s Standard_DS3_v2 --generate-ssh-keys  --uptime-sla
    az aks get-credentials --resource-group "${RESOURCE_GROUP_NAME}" --name "${CLUSTER_NAME}"

    Note: This creates an AKS cluster with a paid tier using the --uptime-sla flag. Not setting this flag will cause the Kubernetes Control plane to potentially have resource limitation issues. See

    For more information about AKS, see the Microsoft documentation.

  4. Install Tanzu Application Platform v1.2.0 or later and Cluster Essentials v1.2.0 or later on the Kubernetes cluster. For more information, see Installing Tanzu Application Platform

  5. Verify that you have the appropriate versions by running:

    kubectl api-resources | grep secrettemplate

    This command returns the SecretTemplate API. If it does not work for you, you might not have Cluster Essentials for VMware Tanzu v1.2.0 or later installed.

  6. Install the Azure Service Operator (ASO) and configure it in the cluster. You must have the appropriate permission in Azure to create a service principal and configure Azure access. v2.0.0-beta.2 is known to work with this use case. Install the latest stable version of the operator by running:

    AZURE_TENANT_ID=$(az account show | jq -r '.tenantId')
    AZURE_SUBSCRIPTION_ID=$(az account show | jq -r '.id')
    az ad sp create-for-rbac -n tap-azure-service-operator --role contributor \
    --scopes /subscriptions/"${AZURE_SUBSCRIPTION_ID}" > /tmp/aso-creds.json
    AZURE_CLIENT_ID=$(cat /tmp/aso-creds.json | jq -r '.appId')
    AZURE_CLIENT_SECRET=$(cat /tmp/aso-creds.json | jq -r '.password' )
    rm -f  /tmp/aso-creds.json
    # requires carvel kapp v0.46+
    kapp deploy -a aso -f -y --wait=false
    cat <<EOF | kubectl apply -f -
    apiVersion: v1
    kind: Secret
      name: aso-controller-settings
      namespace: azureserviceoperator-system
    kubectl wait deployment -n azureserviceoperator-system -l app=azure-service-operator-v2 --for=condition=Available=True

Next Steps

See Consuming Azure Flexible Server for PostgreSQL on Tanzu Application Platform with Azure Service Operator (ASO).

check-circle-line exclamation-circle-line close-line
Scroll to top icon