Create an Azure AKS cluster in your connected Azure account using Tanzu Mission Control.


Make sure you have already created an account credential that provides access to your Azure account, as described in Create an Azure AKS Credential.

The Azure service principal that is attached to the Tanzu Mission Control credential must be added to the AAD (Azure Active Directory) admin group(s) before starting the cluster creation process. Otherwise, the Tanzu Mission Control agent deployment process fails with the following error:
error: You must be logged in to the server (Unauthorized)
When creating AKS clusters, Tanzu Mission Control uses the following naming convention:


  1. In the Tanzu Mission Control console, click Administration in the left navigation pane.
  2. Click Clusters in the left navigation pane.
  3. Click Create cluster, and then choose Create AKS cluster from the dropdown.
  4. Enter a name for the cluster, and specify the cluster group.
    The cluster name must start and end with a letter or number, contain only lowercase letters, numbers, and hyphens, and be a maximum length of 63 characters.
  5. You can optionally add a description and label.
  6. Click Next.
  7. Configure the control plane.
    1. Select the account credential and subscription in which you want to create the cluster.
    2. Select the resource group.
    3. Optionally enter an AKS tag for the node pool.
    4. In the Cluster Details section, select the version of Kubernetes to use for the cluster, and its region.
      Note: Tanzu Mission Control provides a list of regions in which you can create the control plane. In Azure, the availability of geographical regions is determined by your subscription. It is possible to select a region from the list for which you do not have a subscription, in which case an error message appears after Tanzu Mission Control attempts to create the node plane.
    5. Select the type of cluster identity you want to use.
      You can accept the default system-assigned managed identity or specify a user-assigned managed identity. If you select user-assigned, you must provide a valid managed identity defined in your Azure subscription. The format of the identity looks something like this:
      For more information about managed identities in AKS, see the following topics in the Azure documentation:
    6. In the Network section, select the network configuration, either Kubenet or Azure CNI, and specify the DNS name prefix. Kubenet and CNI differ in how they assign IP addresses to nodes and pods. For more information, see Microsoft Azure Container Networking in the Azure documentation.
    7. Click Next.
  8. Configure node pools.
    1. Specify the node name.
    2. Select the mode, either System or User.
    3. Select the availability zones.
    4. Optionally enter a description.
    5. Optionally enter an AKS tag for the node pool, AKS labels, and taints.
    6. Configure the compute parameters by selecting VM size.
    7. Configure the scaling parameters.
    8. Click Disk encryption setting to provide your own key for managing disk encryption.
  9. Click Create.


The cluster is created and under Tanzu Mission Control lifecycle management.