Claude-skill-registry az-aks-agent
Azure AKS Agentic CLI - AI-powered troubleshooting and insights tool for Azure Kubernetes Service. Use when diagnosing AKS cluster issues, getting cluster health insights, troubleshooting networking/storage/security problems, or analyzing cluster configuration with natural language queries.
install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/az-aks-agent" ~/.claude/skills/majiayu000-claude-skill-registry-az-aks-agent && rm -rf "$T"
manifest:
skills/data/az-aks-agent/SKILL.mdsource content
Azure AKS Agent CLI Skill
Overview
The Agentic CLI for Azure Kubernetes Service (AKS) is an AI-powered troubleshooting and insights tool (currently in preview) that brings advanced diagnostics directly to your terminal. It allows you to ask natural language questions about your cluster's health, configuration, and issues without requiring deep Kubernetes expertise or knowledge of complex command syntax.
Primary Command:
az aks agentQuick Reference
Installation
# Prerequisites: Azure CLI version 2.76 or higher az version # Install the extension (takes 5-10 minutes) az extension add --name aks-agent --debug # Verify installation az extension list az aks agent --help # Initialize LLM configuration (interactive wizard) az aks agent-init # Remove extension if needed az extension remove --name aks-agent --debug
Basic Usage
# Get cluster credentials first az aks get-credentials --resource-group <rg-name> --name <cluster-name> # Start interactive troubleshooting az aks agent -g <resource-group> -n <cluster-name> # Ask a specific question az aks agent -g <resource-group> -n <cluster-name> --query "What's wrong with my cluster?" # Non-interactive mode (batch processing) az aks agent -g <resource-group> -n <cluster-name> --no-interactive --query "Check pod health"
Workflow Decision Tree
What do you need to do? ├── Cluster Health Check? │ └── Use: az aks agent --query "What's the health status of my cluster?" ├── Troubleshoot Pod Issues? │ └── Use: az aks agent --query "Why are my pods failing?" ├── Networking Problems? │ └── Use: az aks agent --query "Diagnose networking issues" ├── Storage Issues? │ └── Use: az aks agent --query "Check storage configuration" ├── Security/RBAC Issues? │ └── Use: az aks agent --query "Review RBAC configuration" ├── Node Pool Problems? │ └── Use: az aks agent --query "Check node pool health" └── Configuration Review? └── Use: az aks agent --query "Review cluster configuration"
Command Reference
Core Commands
| Command | Description |
|---|---|
| Start interactive AI-powered troubleshooting |
| Initialize LLM provider configuration |
| Show help and available options |
Command Parameters
| Parameter | Description | Default |
|---|---|---|
| Resource group name | Required |
| AKS cluster name | Required |
| LLM API key | From env or config |
| Config file path | |
| Max investigation steps | 10 |
| LLM model specification | From config |
| Run in batch mode | false |
| Display tool call outputs | false |
| Refresh toolsets status | false |
LLM Model Specifications
# Azure OpenAI --model "azure/gpt-4o" --model "azure/gpt-4o-mini" # OpenAI --model "gpt-4o" --model "gpt-4o-mini" # Anthropic --model "anthropic/claude-sonnet-4" --model "anthropic/claude-3-5-sonnet" # Gemini --model "gemini/gemini-pro"
Configuration
Environment Variables
# Azure OpenAI API Key export AZURE_API_KEY="your-azure-openai-key" # OpenAI API Key export OPENAI_API_KEY="your-openai-key" # Anthropic API Key export ANTHROPIC_API_KEY="your-anthropic-key"
Config File Structure (~/.azure/aksAgent.config)
# Azure OpenAI Configuration llm_provider: azure azure_api_base: https://<your-endpoint>.openai.azure.com/ azure_api_version: 2025-04-01-preview model: gpt-4o # OR OpenAI Configuration llm_provider: openai model: gpt-4o # OR Anthropic Configuration llm_provider: anthropic model: claude-sonnet-4
Azure OpenAI Requirements
- Deployment name: Must match model name
- Minimum TPM: 1,000,000+ (Tokens Per Minute)
- Minimum context size: 128,000+ tokens
- API Base Format:
(NOT AI Foundry URI)https://{endpoint}.openai.azure.com/
Common Use Cases
Cluster Health Analysis
# General health check az aks agent -g myRG -n myCluster --query "What's the overall health of my cluster?" # Node status az aks agent -g myRG -n myCluster --query "Are all nodes healthy and ready?" # Resource utilization az aks agent -g myRG -n myCluster --query "Show me resource utilization across nodes"
Pod Troubleshooting
# Failed pods analysis az aks agent -g myRG -n myCluster --query "Why are pods in CrashLoopBackOff?" # Pending pods az aks agent -g myRG -n myCluster --query "Why are some pods stuck in Pending state?" # OOMKilled pods az aks agent -g myRG -n myCluster --query "Investigate OOMKilled containers"
Networking Issues
# Network policy review az aks agent -g myRG -n myCluster --query "Are there network policies blocking traffic?" # DNS troubleshooting az aks agent -g myRG -n myCluster --query "Diagnose DNS resolution issues" # Service connectivity az aks agent -g myRG -n myCluster --query "Why can't pods reach external services?"
Storage Troubleshooting
# PVC issues az aks agent -g myRG -n myCluster --query "Why are PersistentVolumeClaims pending?" # Storage class review az aks agent -g myRG -n myCluster --query "Review storage class configuration"
Security Analysis
# RBAC review az aks agent -g myRG -n myCluster --query "Are RBAC permissions configured correctly?" # Security best practices az aks agent -g myRG -n myCluster --query "What security improvements do you recommend?"
AKS Events Reference
Viewing Cluster Events
# Get cluster credentials first az aks get-credentials --resource-group $RESOURCE_GROUP --name $AKS_CLUSTER # List all events kubectl get events # Filter by namespace kubectl get events --namespace default # Watch auto-repair events kubectl get events --field-selector=source=aks-auto-repair --watch # Detailed pod events kubectl describe pod $POD_NAME
Event Types
| Type | Description |
|---|---|
| Routine operations and expected activities |
| Potentially problematic situations requiring attention |
Common Event Reasons
| Reason | Description |
|---|---|
| Pod failed to be scheduled on a node |
| Container is in a restart loop |
| Pod successfully assigned to a node |
| Container image successfully pulled |
| Container created |
| Container started |
| Container killed due to out of memory |
Event Fields
| Field | Description |
|---|---|
| Warning or Normal |
| Short reason code |
| Human-readable description |
| Kubernetes namespace |
| First observation timestamp |
| Most recent observation |
| Associated Kubernetes object |
Best Practices
Effective Query Strategies
-
Start broad, then narrow
# Start with general health "What's wrong with my cluster?" # Then focus on specific issues "Why are pods in namespace X failing?" -
Provide context about symptoms
"Pods are restarting frequently in the production namespace" "Services are experiencing intermittent timeouts" -
Ask for specific recommendations
"What changes do you recommend to improve cluster performance?" "How can I fix the networking issues you identified?" -
Request historical analysis
"What patterns do you see in recent pod failures?" "Have there been any unusual events in the last 24 hours?"
Security Considerations
- Ensure proper RBAC permissions are configured
- Use Azure AD integration for authentication
- Follow principle of least privilege
- Audit command usage through Azure activity logs
- Service account tokens for automation
Integration Tips
- Combine with traditional monitoring: Use alongside Azure Monitor and Container Insights
- Proactive monitoring: Run health checks regularly
- Document findings: Save important diagnostic outputs
- Enable Container Insights: For events beyond 1-hour retention
Troubleshooting the Agent
Installation Issues
# Verify Azure CLI version az version # Upgrade Azure CLI if needed az upgrade # Force reinstall extension az extension remove --name aks-agent az extension add --name aks-agent --debug
Authentication Issues
# Verify Azure login az account show # Re-authenticate az login # Check subscription az account set --subscription <subscription-id>
LLM Connection Issues
# Reinitialize LLM configuration az aks agent-init # Check API key environment variable echo $AZURE_API_KEY # Test with explicit API key az aks agent -g myRG -n myCluster --api-key "your-key"
Rate Limiting
- Symptom: Slow responses or errors
- Solution: Increase TPM quota in Azure OpenAI deployment
- Minimum recommended: 1,000,000 TPM
Important Notes
- Preview Feature: This is currently in preview with limited warranty coverage
- Not for Production Critical: Not recommended for production-critical decision making
- Event Retention: Kubernetes events only persist for 1 hour by default
- Context Window: Requires 128,000+ token context for optimal performance
- Authentication: Always authenticate with
before usingaz login
Resources
References
Core References
- Complete CLI command referencereferences/cli-commands.md
- Extended troubleshooting guidereferences/troubleshooting.md
- Practical usage examplesreferences/examples.md
Diagnostics & Monitoring
- AKS Diagnose and Solve Problems guidereferences/diagnostics.md
- Comprehensive AKS monitoring guidereferences/monitoring.md
- Control plane metrics (API Server, etcd)references/control-plane-metrics.md
Troubleshooting Guides
- Kubelet logs access and analysisreferences/kubelet-logs.md
- Memory saturation identification and resolutionreferences/memory-saturation.md
- Node auto-repair process and monitoringreferences/node-auto-repair.md
- API server and etcd troubleshootingreferences/api-server-etcd.md