If you're working with containerized applications and want to easily scale using Kubernetes on Azure, Azure Kubernetes Service (AKS) combined with Bicep provides a modern, secure, and reproducible way to manage infrastructure.
In this article, we'll walk through how to create an AKS cluster and an Azure Container Registry (ACR) using Bicep, and how to deploy your application.
✅ Prerequisites
Make sure you have the following tools installed:
-
VS Code with the extensions:
-
Bicep (for syntax highlighting and intellisense)
-
Azure CLI Tools
-
Kubernetes (for manifest editing and AKS integration)
-
🏠 1. Prepare the Environment
Log in to Azure and install the Bicep CLI if needed:
az login
az bicep install📁 2. File Structure
infra/
├── main.bicep
├── parameters.json (optional)
📄 3. main.bicep File
This file defines the resources to be created: an ACR, an AKS cluster, and a role assignment so the AKS cluster can pull images from the ACR.
@description('Resource location')
param location string = 'westeurope'
@description('Resource Group name')
param resourceGroupName string = 'rg-my-aks'
@description('AKS cluster name')
param aksName string = 'myAKSCluster'
@description('ACR name')
param acrName string = 'myContainerRegistry'
resource acr 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' = {
name: acrName
location: location
sku: {
name: 'Basic'
}
properties: {
adminUserEnabled: true
}
}
resource aks 'Microsoft.ContainerService/managedClusters@2023-01-01' = {
name: aksName
location: location
identity: {
type: 'SystemAssigned'
}
properties: {
dnsPrefix: '\${aksName}-dns'
agentPoolProfiles: [
{
name: 'nodepool1'
count: 2
vmSize: 'Standard_DS2_v2'
mode: 'System'
osType: 'Linux'
type: 'VirtualMachineScaleSets'
}
]
linuxProfile: {
adminUsername: 'azureuser'
ssh: {
publicKeys: [
{
keyData: 'ssh-rsa AAAA... your SSH key ...'
}
]
}
}
networkProfile: {
networkPlugin: 'azure'
}
addonProfiles: {}
enableRBAC: true
aadProfile: {
managed: true
}
}
}
resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = {
name: guid(aks.id, 'acrpull')
scope: acr
properties: {
roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f951dda-4ed3-4680-a7ca-43fe172d538d') // AcrPull
principalId: aks.identity.principalId
principalType: 'ServicePrincipal'
}
}🚀 4. Deploy with Azure CLI
az deployment sub create \
--location westeurope \
--template-file infra/main.bicep \
--parameters resourceGroupName=rg-my-aks \
aksName=myAKSCluster \
acrName=myContainerRegistry📦 5. Deploy Your Application
After deploying the infrastructure:
-
Build and push your image to ACR:
docker build -t myapp:v1 .
docker tag myapp:v1 mycontainerregistry.azurecr.io/myapp:v1
docker push mycontainerregistry.azurecr.io/myapp:v1-
Get AKS cluster credentials:
az aks get-credentials --resource-group rg-my-aks --name myAKSCluster-
Create Kubernetes manifests (deployment.yaml + service.yaml) and apply them:
kubectl apply -f deployment.yaml
kubectl apply -f service.yaml-
Get the public IP address:
kubectl get service🔧 Automation
You can integrate this entire setup with GitHub Actions or Azure DevOps for full CI/CD. Let me know if you’d like help setting that up.
With Bicep, you can manage infrastructure declaratively and securely. This is especially useful for teams that want consistency across development, staging, and production environments.
Stay tuned for the next post on CI/CD with GitHub Actions for AKS!
