Running production workloads on Azure Kubernetes Service (AKS) is becoming the norm for platform teams building cloud‑native applications at scale. As these environments increasingly host stateful workloads using persistent volumes, ensuring data protection and rapid recovery becomes mission‑critical.
Today, we’re excited to introduce an alternate simplified CLI‑based experience that allows customers to configure backups for AKS using Azure Backup with a single command.
The challenge with AKS backup onboarding today
Until now, enabling backup for an AKS cluster through Azure CLI required customers to understand and coordinate across multiple CLI domains, including:
- az aks
- az k8s-extension
- az dataprotection
Configuring vaulted backup involved:
- Extension installation
- Storage account provisioning
- Backup vault creation
- Policy configuration
- Trusted access setup
- Backup instance initialization
All of which required orchestrating 8 separate lifecycle steps across 15+ CLI commands.
For platform teams managing tens or hundreds of AKS clusters through automation or CI/CD pipelines, this multi‑step setup often became a barrier to experimentation and adoption.
A simpler way: Configure backup in one CLI command
With this new experience, customers can now enable full‑cluster backup for AKS using a single CLI command:
az dataprotection enable-backup trigger \
--datasource-type AzureKubernetesService \
--datasource-id <cluster-arm-id> \
--backup-strategy <strategy> \
--backup-configuration-file @config.json
This command orchestrates the entire AKS backup enablement workflow behind the scenes by automatically performing the following steps:
- Validate AKS cluster existence and running state
- Create or identify region‑specific backup resource group
- Check if Backup Extension is already installed on the cluster
- Install Backup Extension (if not present)
- Create or reuse Storage Account for backup data
- Create or reuse Backup Vault
- Create or reuse Backup Policy
- Enable Trusted Access between vault and cluster
- Initialize and create Backup Instance
Customers no longer need to manually orchestrate resources across different CLI surfaces.
Backup Strategy Presets
Customers can select predefined strategies aligned to common protection needs:
|
Strategy |
Op Store Retention |
Vault Store Retention |
Use Case |
|
Week (default) |
7 days |
— |
Dev/Test |
|
Month |
30 days |
— |
Production |
|
DisasterRecovery |
7 days |
90 days |
Cross‑region DR |
|
Custom |
User-defined |
User-defined |
BYO Vault & Policy |
Example:
az dataprotection enable-backup trigger \
--datasource-type AzureKubernetesService \
--datasource-id <cluster-arm-id> \
--backup-strategy DisasterRecovery
Backup Configuration JSON (Advanced Customization)
Advanced users can optionally provide a configuration JSON file to:
- Use existing vaults or policies
- Bring your own storage account
- Apply enterprise tags
- Use custom backup resource groups
Supported Parameters
|
Parameter |
When Required |
Description |
|
backupVaultId |
Custom strategy |
Use existing vault |
|
backupPolicyId |
Custom strategy |
Use existing policy |
|
storageAccountResourceId |
Optional |
Use existing SA |
|
blobContainerName |
Optional |
Custom container |
|
backupResourceGroupId |
Optional |
Use existing RG |
|
tags |
Optional |
Apply to created resources |
Built‑in validations for reliability
Before enabling backup, the CLI automatically validates:
- Cluster existence
- Running state
- Backup compatibility
- Required RBAC permissions
- Resource availability (if provided)
Faster time‑to‑protection for AKS workloads
By collapsing a previously multi‑step setup into a single command:
- Backup onboarding becomes automation‑friendly
- Platform teams can enable protection consistently across environments
- Setup errors from manual orchestration are reduced
- Backup rollout across large AKS estates becomes significantly faster
What’s next
The simplified single‑command backup enablement experience introduced for AKS is part of a broader effort to make Azure Backup more automation‑friendly across cloud‑native and platform workloads.
We are actively working to extend this model to other workloads supported by Azure Backup, enabling customers to:
- Configure protection using native CLI workflows
- Reduce onboarding complexity across backup‑supported resources
- Integrate backup enablement seamlessly into CI/CD pipelines
- Achieve faster time‑to‑protection across heterogeneous environments
Over time, customers can expect similar single‑command backup configuration experiences for additional Azure Backup‑supported workloads — bringing consistency and ease of adoption across their backup strategy.
For more information, see how to configure AKS backup using a single CLI command.
Microsoft