# Enable Kubectl Shell for AKS ## Step 1. Create a DuploCloud Service 1. From the **Tenant** list box, select the correct Tenant. 2. Navigate to **Kubernetes** -> **Services**. 3. Click **Add**. The **Add Service** page displays. 4. Fill in the fields below. Leave any fields not listed at their default values.

Add Service page field	Value
Name	`k8s-shell`
Cloud	`Azure`
Platform	`AKS Linux`
Docker Image	`duplocloud/shell:terraform-kubectl-latest`

5. Enter the following in the **Environmental Variables** field: ``` - Name: FLASK_APP_SECRET Value: b33d13ab-5b46-443d-a19d-asdfsd443 - Name: DUPLO_AUTH_URL Value: https://.duplocloud.net ``` 6. Click **Next**, and then **Create**. ## Step 2: Create a Load Balancer 1. From the DuploCloud Portal, navigate to **Kubernetes** -> **Services.** 2. From the **NAME** column, select the `k8s-shell` Service you created in the previous step. 3. Select the **Load Balancers** tab, and click **Configure Load Balancer**. 4. Fill in the fields below. Leave any fields not listed at their default values.


Type	`K8S Cluster IP`
Container port	`80`
Health Check	`/duplo_auth`
Backend Protocol	`TCP`

5. Click **Add**. ## Step 3: Add an Ingress 1. In the DuploCloud Portal, navigate to **Kubernetes** -> **Ingress**. 2. Click **Add**. The **Add Ingress** pane displays. 3. Fill in the fields below. Leave any fields not listed at their default values. | **Ingress name** | `K8s-shell` | | ---------------------- | ----------------------------------------------------------------------------------- | | **Ingress controller** | `azure-application-gateway` | | **Visibility** | `Public` | | **DNS Prefix** | `k8s-shell` | | **Certificate** | Select from the list box. If not present, you will need to configure a Certificate. | 4. In the **Ingress Rules** area Click **Add Rule**. 5. Complete the following fields in the **Add Ingress Rule** pane. Leave any fields not listed at their default values. | **Service Name** | `k8s-shell:80` | | ------------------ | -------------- | | **Container port** | `80` | 6. Click **Add Rule**. 7. Enter the following in the **Annotations** field: ``` appgw.ingress.kubernetes.io/health-probe-path: /duplo_auth ``` 6. Click **Submit**. 7. In the **Name** field, enter `kubect-shell`. Add a Path that defaults all traffic to the **kubectl** Service we created in the previous step: ## Step 4: Add the DNS Name to System Settings 1. Navigate to **Administrator** -> **Systems Settings**. 2. Select the **System Config** tab, and click **Add**. The **Add Config** pane displays. 3. Fill in the fields below.


Config Type	`AppConfig`
Key	`Other`
Key	`DuploShellFqdn`
Value	Paste the fully qualified DNS name* of your kubectl shell ingress/Load Balancer. Example: `https://k8s-shell.example.duplocloud.net`

{% hint style="info" %} To find the DNS name, go to **Kubernetes** → **Services**, select the `k8s-shell` Service, then select the **Load Balancers** tab. Click the name of the Load Balancer, and copy the DNS name from the **DNS Name box**. {% endhint %} 4. Click **Submit**. Access to the `kubectl` shell is enabled. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.duplocloud.com/docs/automation-platform/kubernetes-overview/kubectl/kubectl-shell/enable-kubectl-shell-for-aks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.