Assign capacity reservation groups to Azure Kubernetes Service (AKS) node pools

As your workload demands change, you can associate existing capacity reservation groups (CRGs) to your Azure Kubernetes Service (AKS) node pools to guarantee allocated capacity for them. Capacity reservation groups allow you to reserve compute capacity in an Azure region or availability zone for any duration of time. This feature is useful for workloads that require guaranteed capacity, such as those with predictable traffic patterns or those that need to meet specific performance requirements.

In this article, you learn how to use capacity reservation groups with node pools in AKS.

Prerequisites for using capacity reservation groups with AKS node pools

• You need the Azure CLI version 2.56 or later installed and configured. Run az --version to find the version. If you need to install or upgrade, see Install Azure CLI.
• You need an existing capacity reservation group with at least one capacity reservation. If not, the node pool is added to the cluster with a warning and no capacity reservation group gets associated.
• You need to create a user-assigned managed identity with the Contributor role for the resource group that contains the capacity reservation group and assign the identity to your AKS cluster. System-assigned managed identities don't work for this feature.

Create a user-assigned managed identity and assign it to an AKS cluster

1. Create a user-assigned managed identity using the az identity create command.

   az identity create --name <identity-name> --resource-group <resource-group-name> --location <location>
   

2. Get the ID of the user-assigned managed identity using the az identity show command and set it to an environment variable.

   IDENTITY_ID=$(az identity show --name <identity-name> --resource-group <resource-group-name> --query identity.id -o tsv)
   

3. Assign the Contributor role to the user-assigned identity using the az role assignment create command.

   az role assignment create --assignee $IDENTITY_ID --role "Contributor" --scope /subscriptions/<subscription-id>/resourceGroups/<resource-group-name>
   

   It can take up to 60 minutes for the role assignment to propagate.

4. Assign the user-assigned managed identity to a new or existing AKS cluster using the --assign-identity flag with the az aks create or az aks update command.

   # Create a new AKS cluster with the user-assigned managed identity
   az aks create \
    --resource-group <resource-group-name> \
    --name <cluster-name> \
    --location <location> \
    --node-vm-size <vm-size> --node-count <node-count> \
    --assign-identity $IDENTITY_ID \
    --generate-ssh-keys
   
   # Update an existing AKS cluster to use the user-assigned managed identity
   az aks update \
    --resource-group <resource-group-name> \
    --name <cluster-name> \
    --location <location> \
    --node-vm-size <vm-size> \
    --node-count <node-count> \
    --enable-managed-identity \
    --assign-identity $IDENTITY_ID 
   

Get the ID of an existing capacity reservation group

Get the ID of an existing capacity reservation group by using the az capacity reservation group show command and set it to an environment variable.

CRG_ID=$(az capacity reservation group show --capacity-reservation-group <crg-name> --resource-group <resource-group-name> --query id -o tsv)

Associate an existing capacity reservation group with a new node pool

Associate an existing capacity reservation group with a new node pool by using the az aks nodepool add command with the --crg-id flag. The following example assumes you have a CRG named "myCRG".

az aks nodepool add --resource-group <resource-group-name> --cluster-name <cluster-name> --name <node-pool-name> --crg-id $CRG_ID

Associate an existing capacity reservation group with an existing node pool (Preview)

Associate an existing capacity reservation group with an existing node pool by using the az aks nodepool update command with the --crg-id flag.

• For zonal node pools, this operation initiates a rolling update of the target node pool. The update process involves rolling cordon and drain of all nodes, followed by a reboot to apply the change.
• For non-zonal (regional) node pools during the preview, first scale the node pool to zero, then apply the capacity reservation group.

Prerequisites

• Install the aks-preview Azure CLI extension version 20.0.0b7 or later before running this command.

• Ensure the capacity reservation group has enough capacity for your node pool upgrade strategy. When maxSurge > 0, reserve extra capacity for the max surge value. For example, a 10-node pool with maxSurge set to 2 can run up to 12 nodes during an upgrade. This extra capacity isn't required for maxUnavailable only rollouts or regional scaled-to-zero paths.

  az aks nodepool update --resource-group <resource-group-name> --cluster-name <cluster-name> --name <node-pool-name> --crg-id $CRG_ID
  

Associate an existing capacity reservation group with a system node pool

To associate an existing capacity reservation group with a system node pool, you need to assign the user-assigned managed identity with the Contributor role to the cluster during cluster creation. You can then use the --crg-id flag to associate the capacity reservation group with the system node pool.

• Create a new AKS cluster with the user-assigned managed identity and associate it with the capacity reservation group using the --assign-identity and --crg-id flags with the az aks create command.

  az aks create \
   --resource-group <resource-group-name> \
   --name <cluster-name> \
   --location <location> \
   --node-vm-size <vm-size> --node-count <node-count> \
   --assign-identity $IDENTITY_ID \
   --crg-id $CRG_ID \
   --generate-ssh-keys
  

Next steps: Manage node pools in AKS

To learn more about managing node pools in AKS, see Manage node pools in Azure Kubernetes Service (AKS).