Installation: From YAML


  1. You have installed Cert Manager as per the installation instructions up to the “install from Helm” step.
  2. You have followed the instructions for creating a Managed Identity or Service Principal and set the appropriate environment variables.

Installation (operator)

  1. Download and install the latest version of asoctl.

  2. Install the latest v2+ release of Azure Service Operator.

    asoctl export template --version v2.6.0 --crd-pattern "<your pattern>" | kubectl apply -f -

    When specifying --crd-pattern, ensure you choose only the CRDs you need, for example: --crd-pattern "*;*;*;*;*". For more information about what --crd-pattern means, see CRD management in ASO.

  3. Create the Azure Service Operator v2 global secret. This secret contains the identity that Azure Service Operator will run as. Make sure that you have the 4 environment variables from the create a service principal step of the Helm instructions set.

    cat <<EOF | kubectl apply -f -
    apiVersion: v1
    kind: Secret
      name: aso-controller-settings
      namespace: azureserviceoperator-system

    Note that unlike the Helm installation instructions, we use the ASO global secret here. To learn more about different secret scopes and formats, see the authentication documentation.

Installation (crds)

The operator manages its own CRDs by default, based on the --crd-pattern specified during installation.

If you don’t want the operator to manage the CRDs itself, you can install the latest version of the CRDs yourself:

kubectl apply --server-side=true -f


Metadata too long

If you omit the --server-side=true flag from the kubectl apply command, you will see an error like the following: "" is invalid:
metadata.annotations: Too long: must have at most 262144 bytes

Why does this happen? ASO CRDs are a complete representation of the Azure Resource surface area, including documentation. This is tremendously useful - but also means they are quite large.