|
| 1 | +--- |
| 2 | +title: AKS on Azure Local connectivity modes |
| 3 | +description: Learn about running AKS on Azure Local in disconnected & semi-connected mode |
| 4 | +ms.topic: overview |
| 5 | +ms.date: 02/28/2025 |
| 6 | +author: sethmanheim |
| 7 | +ms.author: sethm |
| 8 | +ms.reviewer: abha |
| 9 | +ms.lastreviewed: 04/08/2025 |
| 10 | +ms.custom: conceptual |
| 11 | + |
| 12 | +--- |
| 13 | + |
| 14 | +# AKS on Azure Local connectivity modes |
| 15 | + |
| 16 | +AKS on Azure Local requires connectivity to Azure in order to utilize features such as Kubernetes cluster upgrades and identity and access options like Azure Entra ID. Additionally, Azure Arc agents on the AKS Arc cluster must remain connected to enable functionalities like [configurations (GitOps)](conceptual-gitops-flux2.md), Arc extensions and [cluster connect](conceptual-cluster-connect.md). Since AKS on Azure Local clusters deployed at the edge might not always have stable network access, the Kubernetes cluster may occasionally be unable to reach Azure when operating in a semi-connected state. |
| 17 | + |
| 18 | +## Understand connectivity modes |
| 19 | + |
| 20 | +When working with AKS on Azure Local clusters, it's important to understand how network connectivity modes impact your operations. |
| 21 | + |
| 22 | +- **Fully connected**: With ongoing network connectivity, AKS and Arc agents can consistently communicate with Azure. In this mode, there is typically little delay with tasks such as scaling out your AKS Arc cluster, upgrading the Kubernetes version, propagating GitOps configurations, enforcing Azure Policy and Gatekeeper policies, or collecting workload metrics and logs in Azure Monitor. |
| 23 | + |
| 24 | +- **Semi-connected**: Refers to a temporary loss of connectivity with Azure, which is supported for a duration of up to 30 days. This constraint is due to the 30-day validity period of certificates managed by AKS on Azure Local. If network connectivity is not restored within this timeframe, the AKS Arc cluster may cease to function. To maintain cluster operability, it is recommended that the AKS Arc cluster establish connectivity with Azure at least once every 30 days. Failure to do so may result in certificate expiration, requiring the cluster to be deleted and redeployed. |
| 25 | + |
| 26 | +- **Disconnected**: We currently do not support running AKS on Azure Local in a disconnected environment beyond 30 days. |
| 27 | + |
| 28 | +## Impact of semi-connected mode (temporary disconnection) on AKS on Azure Local operations |
| 29 | + |
| 30 | +The connectivity status of a cluster is determined by the time of the latest heartbeat received from the Azure Arc agents deployed on the cluster. |
| 31 | + |
| 32 | +| AKS operation | Impact of temprorary disconnection | Details | Workaround | |
| 33 | +| ------------- | ---------------------------------- |---------|------------| |
| 34 | +| Creating, updating, upgrading & deleting Kubernetes cluster | Not supported | Since Kubernetes CRUD operations are driven via Azure, you will not be able to perform any CRUD operation while disconnected. | No supported workaround | |
| 35 | +| Scaling the Kubernetes cluster | Partially supported | You will not be able to manually scale an existing nodepool or add a new nodepool to the Kubernetes cluster | Your Kubernetes cluster will scale dynamically if you've [enabled autoscalar](auto-scale-aks-arc.md) while creating the Kubernetes cluster. | |
| 36 | +| Access the Kubernetes cluster | Partially supported | You will not be able to use [Azure Entra](enable-authentication-microsoft-entra-id.md) and `az connectedk8s proxy` since these require connectivity to Azure. | [Retrieve admin kubeconfig](retrieve-admin-kubeconfig.md) to access the Kubernetes cluster. | |
| 37 | +| Viewing Kubernetes cluster status | Partially supported | You will not be able to use Azure portal or ARM APIs to view Kubernetes cluster status. | Use local tools such as [kubectl get](https://kubernetes.io/docs/reference/kubectl/quick-reference/#viewing-and-finding-resources). | |
| 38 | +| MetalLB Arc extension | Partially supported | Your load balancer will continue working but you will not be able to add/remove IP pools or update MetalLB configuration | No supported workaround | |
| 39 | +| AKS cluster and application observability | Partially supported | You will not be able to use Container Insights and [create diagnostic settings using Container Insights](kubernetes-monitor-audit-events#create-a-diagnostic-setting) since these require connectivity to Azure | Use [3rd party on-premises monitoring solutions](aks-monitor-logging.md). |
| 40 | +| SSH into the Kubernetes VMs | Supported | You will be able to SSH into Kubernetes VMs. | No workaround needed | |
| 41 | +| Collect logs for troubleshooting | Supported | You will be able to collect logs for troubleshooting issues. | No workaround needed | |
| 42 | + |
| 43 | +## Next steps |
| 44 | + |
| 45 | +- [Azure Arc connectivity modes](/azure-arc/kubernetes/conceptual-connectivity-modes.md) |
| 46 | +- [Create and manage Kubernetes clusters on-premises using Azure CLI](aks-create-clusters-cli.md) |
0 commit comments