# AKS Agentless Setup

Sedai independently connects to each Azure Kubernetes Service (AKS) cluster within an Azure account. AKS uses Azure Active Directory (AD) for **authentication** and Kubernetes Role Based Access Control (RBAC)/ Azure RBAC for **authorization**.

To connect an AKS cluster, follow these steps:

1. [Create Azure Active Directory Group](#create-azure-active-directory-group)
2. [Enable access for AD Group Users](#enable-access-for-ad-group-users)
3. [Provide Cluster-User level access to AD Group](#provide-cluster-user-level-access-to-ad-group)
4. [Create app registration and client secret](#undefined)
5. [Link app with AD Group](#undefined)

***

### Step 1: Create Azure Active Directory Group

{% hint style="info" %}
You can skip this step if you already have an Azure AD group with Cluster-User level access on your AKS cluster.
{% endhint %}

1\. Log in to you Azure CLI and create a new Azure AD group (you can name this whatever you'd like):

```
az ad group create --display-name AKSGroup --mail-nickname AKSGroup
```

2\. Get the **AD Group ID** — this is needed to create/update your AKS cluster:

```
az ad group show --group AKSGroup --query id -o tsv
```

3\. Create an Azure resource group (you can skip this step if you have an existing cluster):

{% hint style="info" %}
Enter the region of your choice, just ensure your desired node size for the cluster is available in your selected region.
{% endhint %}

```
az group create --name AKS --location southindia
```

### Step 2: Enable access for AD Group Users

Create or update an AKS cluster to enable access for the AD Group:

```
az aks create --resource-group AKS \
--name AKSCluster \
--enable-aad \
--aad-admin-group-object-ids 24a2a1e7-75aa-433b-b704-e03ff445fddf \
--node-vm-size Standard_D2--node-count 1
```

{% hint style="info" %}
This includes a few options, but can you can add more — reference [az aks create](https://docs.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest#az-aks-create) for more options.
{% endhint %}

### Step 3: Provide Cluster-User level access to AD Group

Run the following commands to assign AKS Cluster-User Role to the AD Group:

```
AKS_CLUSTER=$(az aks show --resource-group AKS --name AKSCluster --query id -o tsv)
ACCOUNT_ID=$(az ad group show --group AKSGroup --query id -o tsv)
az role assignment create --assignee $ACCOUNT_ID --scope $AKS_CLUSTER --role "Azure Kubernetes Service Cluster User Role"
```

Learn more about AKS built-in roles:

{% embed url="<https://docs.microsoft.com/en-us/answers/questions/162264/built-in-roles-for-azure-kubernetes-service-aks.html>" %}

### Step 4: Create app registration and client secret

For Sedai to interact with your Azure account as well as the AKS cluster, create an app registration in Azure AD. When you create an app registration, Azure also creates a **Service Principle**, which also needs to be linked to the AD Group.

* Copy the **Client ID** and **Tenant ID** (this will be used to connect Sedai to your cluster within the platform).
* Add a **client secret** for the app registration with a validity of your choice (you can update the client secret in Sedai if your current one expires).
* Copy the **secret** (this will be used as the client secret).

### Step 5: Link app with AD Group

Navigate to the Azure AD page and select the AD Group. Select **Add members** and search for the app registration name.

In order to connect your AKS cluster within Sedai, you will also need to fetch details from the Kube config file. Run the following command from Azure CLI:

```
az aks get-credentials --resource-group AKS --name AKSCluster
```

Open the `~/.kube/config` file and look for the following:

* `apiserver-id`
* `certificate-authority-data`
* `server`

When you're done, navigate to **Settings > Integrations** and select the **Add Cloud** button. Follow the prompts to add an AKS cluster.

{% hint style="info" %}
In the cluster integration screens, Sedai automatically generates Helm and kubectl commands to deploy the Smart Agent within your cluster. Underneath the commands is an option to switch to agentless setup.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sedai.io/get-started/onboarding/autonomous-cloud-management/connect-kubernetes-cluster/aks-agentless-setup.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.