Azure AKS

CloudQuery Platform supports integration with Azure Kubernetes Service (AKS). To sync AKS clusters, assign the Azure Kubernetes Service Cluster User Role to your service principal.

Prerequisites

A CloudQuery Platform account with admin access
Azure CLI installed and configured
An existing Azure integration configured in CloudQuery Platform (this creates the service principal referenced below)
One or more AKS clusters running in your Azure subscription

Configure AKS cluster access

Assign the Azure Kubernetes Service Cluster User Role to the service principal created in the Azure integration setup guide.

Using the Azure CLI:


az role assignment create \
    --assignee "<APP_ID>" \
    --role "Azure Kubernetes Service Cluster User Role" \
    --scope "/subscriptions/<YOUR_SUBSCRIPTION_ID>"

<APP_ID> — the appId from the service principal you created in the Azure integration setup guide.
<YOUR_SUBSCRIPTION_ID> — the Azure subscription where your AKS cluster is deployed.

For more details on AKS access control, see the AKS identity and access management documentation.

Creating the K8s integration

Navigate to Data Pipelines → Integrations in CloudQuery Platform.
Click Create Integration and select K8s.
Select Microsoft Azure (Azure AKS) from the Cloud provider dropdown.

Cluster configuration

For each AKS cluster, fill in the following fields:

Cluster name — the name of your AKS cluster.
Client ID — the appId from your service principal.
Tenant ID — the tenant from your service principal.
Client Secret — the password from your service principal.
Subscription ID — the Azure subscription ID where the cluster is deployed.
Resource group name — the Azure resource group containing the AKS cluster.

To sync multiple AKS clusters, click Add cluster and repeat the configuration for each cluster.

To add clusters from a different cloud provider (AWS or GCP), create a separate K8s integration.

Click Test Connection to verify access.

What gets synced

The Kubernetes integration syncs cluster resources across all standard Kubernetes API groups. Some of the most commonly used tables include:

Category	Tables	Description
Workloads	`k8s_core_pods`, `k8s_apps_deployments`, `k8s_apps_stateful_sets`	Pods, Deployments, StatefulSets
Networking	`k8s_core_services`, `k8s_networking_ingresses`	Services, Ingresses
Configuration	`k8s_core_config_maps`, `k8s_core_secrets`	ConfigMaps, Secrets
Cluster	`k8s_core_nodes`, `k8s_core_namespaces`	Nodes, Namespaces
RBAC	`k8s_rbac_roles`, `k8s_rbac_cluster_roles`	Roles, ClusterRoles

See the full K8s table list for all available tables.

Verify the integration

After your first sync completes, open the SQL Console and run these queries to confirm Kubernetes data arrived:


-- Count synced pods
SELECT count(*) FROM k8s_core_pods


-- List namespaces
SELECT DISTINCT namespace FROM k8s_core_pods


-- View deployments
SELECT namespace, name FROM k8s_apps_deployments LIMIT 10


-- Check nodes
SELECT name FROM k8s_core_nodes

You can also browse your Kubernetes resources in the Asset Inventory under the Containers category.

Troubleshooting

Issue	Cause	Fix
Authentication error	Invalid service principal credentials	Verify the Client ID, Client Secret, and Tenant ID match the service principal output. If the secret expired, create a new one.
`Azure Kubernetes Service Cluster User Role` not assigned	Role assignment missing	Run `az role assignment list --assignee <APP_ID>` to verify the role is assigned. Re-run the `az role assignment create` command if needed.
Cluster not found	Wrong subscription or resource group	Verify the Subscription ID and Resource group name match the AKS cluster’s location in the Azure portal.
No data after sync	Cluster not reachable	Verify the AKS cluster is running and the API server is accessible. Check the cluster status in the Azure portal.

Next steps

Set up a sync to schedule when your cluster data is fetched
Browse synced resources in the Asset Inventory
Run advanced queries in the SQL Console
See the K8s integration documentation for full table reference