Microsoft.ContainerService managedClusters 2021-02-01
- Latest
- 2024-06-02-preview
- 2024-05-02-preview
- 2024-05-01
- 2024-04-02-preview
- 2024-03-02-preview
- 2024-02-01
- 2024-01-02-preview
- 2024-01-01
- 2023-11-02-preview
- 2023-11-01
- 2023-10-02-preview
- 2023-10-01
- 2023-09-02-preview
- 2023-09-01
- 2023-08-02-preview
- 2023-08-01
- 2023-07-02-preview
- 2023-07-01
- 2023-06-02-preview
- 2023-06-01
- 2023-05-02-preview
- 2023-05-01
- 2023-04-02-preview
- 2023-04-01
- 2023-03-02-preview
- 2023-03-01
- 2023-02-02-preview
- 2023-02-01
- 2023-01-02-preview
- 2023-01-01
- 2022-11-02-preview
- 2022-11-01
- 2022-10-02-preview
- 2022-09-01
- 2022-08-03-preview
- 2022-08-02-preview
- 2022-07-01
- 2022-06-01
- 2022-04-01
- 2022-03-01
- 2022-02-01
- 2022-01-01
- 2021-10-01
- 2021-09-01
- 2021-08-01
- 2021-07-01
- 2021-05-01
- 2021-03-01
- 2021-02-01
- 2020-12-01
- 2020-11-01
- 2020-09-01
Bicep resource definition
The managedClusters resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Remarks
For information about available add-ons, see Add-ons, extensions, and other integrations with Azure Kubernetes Service.
Resource format
To create a Microsoft.ContainerService/managedClusters resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.ContainerService/managedClusters@2021-02-01' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
sku: {
name: 'Basic'
tier: 'string'
}
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
properties: {
aadProfile: {
adminGroupObjectIDs: [
'string'
]
clientAppID: 'string'
enableAzureRBAC: bool
managed: bool
serverAppID: 'string'
serverAppSecret: 'string'
tenantID: 'string'
}
addonProfiles: {
{customized property}: {
config: {
{customized property}: 'string'
}
enabled: bool
}
}
agentPoolProfiles: [
{
availabilityZones: [
'string'
]
count: int
enableAutoScaling: bool
enableEncryptionAtHost: bool
enableNodePublicIP: bool
kubeletConfig: {
allowedUnsafeSysctls: [
'string'
]
containerLogMaxFiles: int
containerLogMaxSizeMB: int
cpuCfsQuota: bool
cpuCfsQuotaPeriod: 'string'
cpuManagerPolicy: 'string'
failSwapOn: bool
imageGcHighThreshold: int
imageGcLowThreshold: int
podMaxPids: int
topologyManagerPolicy: 'string'
}
kubeletDiskType: 'string'
linuxOSConfig: {
swapFileSizeMB: int
sysctls: {
fsAioMaxNr: int
fsFileMax: int
fsInotifyMaxUserWatches: int
fsNrOpen: int
kernelThreadsMax: int
netCoreNetdevMaxBacklog: int
netCoreOptmemMax: int
netCoreRmemDefault: int
netCoreRmemMax: int
netCoreSomaxconn: int
netCoreWmemDefault: int
netCoreWmemMax: int
netIpv4IpLocalPortRange: 'string'
netIpv4NeighDefaultGcThresh1: int
netIpv4NeighDefaultGcThresh2: int
netIpv4NeighDefaultGcThresh3: int
netIpv4TcpFinTimeout: int
netIpv4TcpkeepaliveIntvl: int
netIpv4TcpKeepaliveProbes: int
netIpv4TcpKeepaliveTime: int
netIpv4TcpMaxSynBacklog: int
netIpv4TcpMaxTwBuckets: int
netIpv4TcpTwReuse: bool
netNetfilterNfConntrackBuckets: int
netNetfilterNfConntrackMax: int
vmMaxMapCount: int
vmSwappiness: int
vmVfsCachePressure: int
}
transparentHugePageDefrag: 'string'
transparentHugePageEnabled: 'string'
}
maxCount: int
maxPods: int
minCount: int
mode: 'string'
name: 'string'
nodeLabels: {
{customized property}: 'string'
}
nodePublicIPPrefixID: 'string'
nodeTaints: [
'string'
]
orchestratorVersion: 'string'
osDiskSizeGB: int
osDiskType: 'string'
osType: 'string'
podSubnetID: 'string'
proximityPlacementGroupID: 'string'
scaleSetEvictionPolicy: 'string'
scaleSetPriority: 'string'
spotMaxPrice: json('decimal-as-string')
tags: {}
type: 'string'
upgradeSettings: {
maxSurge: 'string'
}
vmSize: 'string'
vnetSubnetID: 'string'
}
]
apiServerAccessProfile: {
authorizedIPRanges: [
'string'
]
enablePrivateCluster: bool
privateDNSZone: 'string'
}
autoScalerProfile: {
'balance-similar-node-groups': 'string'
expander: 'string'
'max-empty-bulk-delete': 'string'
'max-graceful-termination-sec': 'string'
'max-node-provision-time': 'string'
'max-total-unready-percentage': 'string'
'new-pod-scale-up-delay': 'string'
'ok-total-unready-count': 'string'
'scale-down-delay-after-add': 'string'
'scale-down-delay-after-delete': 'string'
'scale-down-delay-after-failure': 'string'
'scale-down-unneeded-time': 'string'
'scale-down-unready-time': 'string'
'scale-down-utilization-threshold': 'string'
'scan-interval': 'string'
'skip-nodes-with-local-storage': 'string'
'skip-nodes-with-system-pods': 'string'
}
autoUpgradeProfile: {
upgradeChannel: 'string'
}
diskEncryptionSetID: 'string'
dnsPrefix: 'string'
enablePodSecurityPolicy: bool
enableRBAC: bool
fqdnSubdomain: 'string'
identityProfile: {
{customized property}: {
clientId: 'string'
objectId: 'string'
resourceId: 'string'
}
}
kubernetesVersion: 'string'
linuxProfile: {
adminUsername: 'string'
ssh: {
publicKeys: [
{
keyData: 'string'
}
]
}
}
networkProfile: {
dnsServiceIP: 'string'
dockerBridgeCidr: 'string'
loadBalancerProfile: {
allocatedOutboundPorts: int
effectiveOutboundIPs: [
{
id: 'string'
}
]
idleTimeoutInMinutes: int
managedOutboundIPs: {
count: int
}
outboundIPPrefixes: {
publicIPPrefixes: [
{
id: 'string'
}
]
}
outboundIPs: {
publicIPs: [
{
id: 'string'
}
]
}
}
loadBalancerSku: 'string'
networkMode: 'string'
networkPlugin: 'string'
networkPolicy: 'string'
outboundType: 'string'
podCidr: 'string'
serviceCidr: 'string'
}
nodeResourceGroup: 'string'
podIdentityProfile: {
allowNetworkPluginKubenet: bool
enabled: bool
userAssignedIdentities: [
{
identity: {
clientId: 'string'
objectId: 'string'
resourceId: 'string'
}
name: 'string'
namespace: 'string'
}
]
userAssignedIdentityExceptions: [
{
name: 'string'
namespace: 'string'
podLabels: {
{customized property}: 'string'
}
}
]
}
servicePrincipalProfile: {
clientId: 'string'
secret: 'string'
}
windowsProfile: {
adminPassword: 'string'
adminUsername: 'string'
licenseType: 'string'
}
}
}
Property values
managedClusters
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) Character limit: 1-63 Valid characters: Alphanumerics, underscores, and hyphens. Start and end with alphanumeric. |
| location | Resource location | string (required) |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| sku | The managed cluster SKU. | ManagedClusterSKU |
| identity | The identity of the managed cluster, if configured. | ManagedClusterIdentity |
| properties | Properties of a managed cluster. | ManagedClusterProperties |
ManagedClusterIdentity
| Name | Description | Value |
|---|---|---|
| type | The type of identity used for the managed cluster. Type 'SystemAssigned' will use an implicitly created identity in master components and an auto-created user assigned identity in MC_ resource group in agent nodes. Type 'None' will not use MSI for the managed cluster, service principal will be used instead. | 'None' 'SystemAssigned' 'UserAssigned' |
| userAssignedIdentities | The user identity associated with the managed cluster. This identity will be used in control plane and only one user assigned identity is allowed. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | ManagedClusterIdentityUserAssignedIdentities |
ManagedClusterIdentityUserAssignedIdentities
| Name | Description | Value |
|---|---|---|
| {customized property} | Components1Umhcm8SchemasManagedclusteridentityProper... |
Components1Umhcm8SchemasManagedclusteridentityProper...
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
ManagedClusterProperties
| Name | Description | Value |
|---|---|---|
| aadProfile | Profile of Azure Active Directory configuration. | ManagedClusterAADProfile |
| addonProfiles | Profile of managed cluster add-on. | ManagedClusterPropertiesAddonProfiles |
| agentPoolProfiles | Properties of the agent pool. | ManagedClusterAgentPoolProfile[] |
| apiServerAccessProfile | Access profile for managed cluster API server. | ManagedClusterAPIServerAccessProfile |
| autoScalerProfile | Parameters to be applied to the cluster-autoscaler when enabled | ManagedClusterPropertiesAutoScalerProfile |
| autoUpgradeProfile | Profile of auto upgrade configuration. | ManagedClusterAutoUpgradeProfile |
| diskEncryptionSetID | ResourceId of the disk encryption set to use for enabling encryption at rest. | string |
| dnsPrefix | DNS prefix specified when creating the managed cluster. | string |
| enablePodSecurityPolicy | (DEPRECATING) Whether to enable Kubernetes pod security policy (preview). This feature is set for removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy. | bool |
| enableRBAC | Whether to enable Kubernetes Role-Based Access Control. | bool |
| fqdnSubdomain | FQDN subdomain specified when creating private cluster with custom private dns zone. | string |
| identityProfile | Identities associated with the cluster. | ManagedClusterPropertiesIdentityProfile |
| kubernetesVersion | Version of Kubernetes specified when creating the managed cluster. | string |
| linuxProfile | Profile for Linux VMs in the container service cluster. | ContainerServiceLinuxProfile |
| networkProfile | Profile of network configuration. | ContainerServiceNetworkProfile |
| nodeResourceGroup | Name of the resource group containing agent pool nodes. | string |
| podIdentityProfile | Profile of managed cluster pod identity. | ManagedClusterPodIdentityProfile |
| servicePrincipalProfile | Information about a service principal identity for the cluster to use for manipulating Azure APIs. | ManagedClusterServicePrincipalProfile |
| windowsProfile | Profile for Windows VMs in the container service cluster. | ManagedClusterWindowsProfile |
ManagedClusterAADProfile
| Name | Description | Value |
|---|---|---|
| adminGroupObjectIDs | AAD group object IDs that will have admin role of the cluster. | string[] |
| clientAppID | The client AAD application ID. | string |
| enableAzureRBAC | Whether to enable Azure RBAC for Kubernetes authorization. | bool |
| managed | Whether to enable managed AAD. | bool |
| serverAppID | The server AAD application ID. | string |
| serverAppSecret | The server AAD application secret. | string |
| tenantID | The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment subscription. | string |
ManagedClusterPropertiesAddonProfiles
| Name | Description | Value |
|---|---|---|
| {customized property} | ManagedClusterAddonProfile |
ManagedClusterAddonProfile
| Name | Description | Value |
|---|---|---|
| config | Key-value pairs for configuring an add-on. | ManagedClusterAddonProfileConfig |
| enabled | Whether the add-on is enabled or not. | bool (required) |
ManagedClusterAddonProfileConfig
| Name | Description | Value |
|---|---|---|
| {customized property} | string |
ManagedClusterAgentPoolProfile
| Name | Description | Value |
|---|---|---|
| availabilityZones | Availability zones for nodes. Must use VirtualMachineScaleSets AgentPoolType. | string[] |
| count | Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 100 (inclusive) for user pools and in the range of 1 to 100 (inclusive) for system pools. The default value is 1. | int |
| enableAutoScaling | Whether to enable auto-scaler | bool |
| enableEncryptionAtHost | Whether to enable EncryptionAtHost | bool |
| enableNodePublicIP | Enable public IP for nodes | bool |
| kubeletConfig | KubeletConfig specifies the configuration of kubelet on agent nodes. | KubeletConfig |
| kubeletDiskType | KubeletDiskType determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. Currently allows one value, OS, resulting in Kubelet using the OS disk for data. | 'OS' 'Temporary' |
| linuxOSConfig | LinuxOSConfig specifies the OS configuration of linux agent nodes. | LinuxOSConfig |
| maxCount | Maximum number of nodes for auto-scaling | int |
| maxPods | Maximum number of pods that can run on a node. | int |
| minCount | Minimum number of nodes for auto-scaling | int |
| mode | AgentPoolMode represents mode of an agent pool | 'System' 'User' |
| name | Unique name of the agent pool profile in the context of the subscription and resource group. | string (required) Constraints: Pattern = ^[a-z][a-z0-9]{0,11}$ |
| nodeLabels | Agent pool node labels to be persisted across all nodes in agent pool. | ManagedClusterAgentPoolProfilePropertiesNodeLabels |
| nodePublicIPPrefixID | Public IP Prefix ID. VM nodes use IPs assigned from this Public IP Prefix. | string |
| nodeTaints | Taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. | string[] |
| orchestratorVersion | Version of orchestrator specified when creating the managed cluster. | string |
| osDiskSizeGB | OS Disk Size in GB to be used to specify the disk size for every machine in this master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified. | int Constraints: Min value = 0 Max value = 1023 |
| osDiskType | OS disk type to be used for machines in a given agent pool. Allowed values are 'Ephemeral' and 'Managed'. If unspecified, defaults to 'Ephemeral' when the VM supports ephemeral OS and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. | 'Ephemeral' 'Managed' |
| osType | OsType to be used to specify os type. Choose from Linux and Windows. Default to Linux. | 'Linux' 'Windows' |
| podSubnetID | Pod SubnetID specifies the VNet's subnet identifier for pods. | string |
| proximityPlacementGroupID | The ID for Proximity Placement Group. | string |
| scaleSetEvictionPolicy | ScaleSetEvictionPolicy to be used to specify eviction policy for Spot virtual machine scale set. Default to Delete. | 'Deallocate' 'Delete' |
| scaleSetPriority | ScaleSetPriority to be used to specify virtual machine scale set priority. Default to regular. | 'Regular' 'Spot' |
| spotMaxPrice | SpotMaxPrice to be used to specify the maximum price you are willing to pay in US Dollars. Possible values are any decimal value greater than zero or -1 which indicates default price to be up-to on-demand. To specify a decimal value, use the json() function. | int or json decimal |
| tags | Agent pool tags to be persisted on the agent pool virtual machine scale set. | object |
| type | AgentPoolType represents types of an agent pool | 'AvailabilitySet' 'VirtualMachineScaleSets' |
| upgradeSettings | Settings for upgrading the agentpool | AgentPoolUpgradeSettings |
| vmSize | Size of agent VMs. | 'Standard_A1' 'Standard_A10' 'Standard_A11' 'Standard_A1_v2' 'Standard_A2' 'Standard_A2_v2' 'Standard_A2m_v2' 'Standard_A3' 'Standard_A4' 'Standard_A4_v2' 'Standard_A4m_v2' 'Standard_A5' 'Standard_A6' 'Standard_A7' 'Standard_A8' 'Standard_A8_v2' 'Standard_A8m_v2' 'Standard_A9' 'Standard_B2ms' 'Standard_B2s' 'Standard_B4ms' 'Standard_B8ms' 'Standard_D1' 'Standard_D11' 'Standard_D11_v2' 'Standard_D11_v2_Promo' 'Standard_D12' 'Standard_D12_v2' 'Standard_D12_v2_Promo' 'Standard_D13' 'Standard_D13_v2' 'Standard_D13_v2_Promo' 'Standard_D14' 'Standard_D14_v2' 'Standard_D14_v2_Promo' 'Standard_D15_v2' 'Standard_D16_v3' 'Standard_D16s_v3' 'Standard_D1_v2' 'Standard_D2' 'Standard_D2_v2' 'Standard_D2_v2_Promo' 'Standard_D2_v3' 'Standard_D2s_v3' 'Standard_D3' 'Standard_D32_v3' 'Standard_D32s_v3' 'Standard_D3_v2' 'Standard_D3_v2_Promo' 'Standard_D4' 'Standard_D4_v2' 'Standard_D4_v2_Promo' 'Standard_D4_v3' 'Standard_D4s_v3' 'Standard_D5_v2' 'Standard_D5_v2_Promo' 'Standard_D64_v3' 'Standard_D64s_v3' 'Standard_D8_v3' 'Standard_D8s_v3' 'Standard_DS1' 'Standard_DS11' 'Standard_DS11_v2' 'Standard_DS11_v2_Promo' 'Standard_DS12' 'Standard_DS12_v2' 'Standard_DS12_v2_Promo' 'Standard_DS13' 'Standard_DS13-2_v2' 'Standard_DS13-4_v2' 'Standard_DS13_v2' 'Standard_DS13_v2_Promo' 'Standard_DS14' 'Standard_DS14-4_v2' 'Standard_DS14-8_v2' 'Standard_DS14_v2' 'Standard_DS14_v2_Promo' 'Standard_DS15_v2' 'Standard_DS1_v2' 'Standard_DS2' 'Standard_DS2_v2' 'Standard_DS2_v2_Promo' 'Standard_DS3' 'Standard_DS3_v2' 'Standard_DS3_v2_Promo' 'Standard_DS4' 'Standard_DS4_v2' 'Standard_DS4_v2_Promo' 'Standard_DS5_v2' 'Standard_DS5_v2_Promo' 'Standard_E16_v3' 'Standard_E16s_v3' 'Standard_E2_v3' 'Standard_E2s_v3' 'Standard_E32-16s_v3' 'Standard_E32-8s_v3' 'Standard_E32_v3' 'Standard_E32s_v3' 'Standard_E4_v3' 'Standard_E4s_v3' 'Standard_E64-16s_v3' 'Standard_E64-32s_v3' 'Standard_E64_v3' 'Standard_E64s_v3' 'Standard_E8_v3' 'Standard_E8s_v3' 'Standard_F1' 'Standard_F16' 'Standard_F16s' 'Standard_F16s_v2' 'Standard_F1s' 'Standard_F2' 'Standard_F2s' 'Standard_F2s_v2' 'Standard_F32s_v2' 'Standard_F4' 'Standard_F4s' 'Standard_F4s_v2' 'Standard_F64s_v2' 'Standard_F72s_v2' 'Standard_F8' 'Standard_F8s' 'Standard_F8s_v2' 'Standard_G1' 'Standard_G2' 'Standard_G3' 'Standard_G4' 'Standard_G5' 'Standard_GS1' 'Standard_GS2' 'Standard_GS3' 'Standard_GS4' 'Standard_GS4-4' 'Standard_GS4-8' 'Standard_GS5' 'Standard_GS5-16' 'Standard_GS5-8' 'Standard_H16' 'Standard_H16m' 'Standard_H16mr' 'Standard_H16r' 'Standard_H8' 'Standard_H8m' 'Standard_L16s' 'Standard_L32s' 'Standard_L4s' 'Standard_L8s' 'Standard_M128-32ms' 'Standard_M128-64ms' 'Standard_M128ms' 'Standard_M128s' 'Standard_M64-16ms' 'Standard_M64-32ms' 'Standard_M64ms' 'Standard_M64s' 'Standard_NC12' 'Standard_NC12s_v2' 'Standard_NC12s_v3' 'Standard_NC24' 'Standard_NC24r' 'Standard_NC24rs_v2' 'Standard_NC24rs_v3' 'Standard_NC24s_v2' 'Standard_NC24s_v3' 'Standard_NC6' 'Standard_NC6s_v2' 'Standard_NC6s_v3' 'Standard_ND12s' 'Standard_ND24rs' 'Standard_ND24s' 'Standard_ND6s' 'Standard_NV12' 'Standard_NV24' 'Standard_NV6' |
| vnetSubnetID | VNet SubnetID specifies the VNet's subnet identifier for nodes and maybe pods | string |
KubeletConfig
| Name | Description | Value |
|---|---|---|
| allowedUnsafeSysctls | Allowlist of unsafe sysctls or unsafe sysctl patterns (ending in *). |
string[] |
| containerLogMaxFiles | The maximum number of container log files that can be present for a container. The number must be ≥ 2. | int Constraints: Min value = 2 |
| containerLogMaxSizeMB | The maximum size (e.g. 10Mi) of container log file before it is rotated. | int |
| cpuCfsQuota | Enable CPU CFS quota enforcement for containers that specify CPU limits. | bool |
| cpuCfsQuotaPeriod | Sets CPU CFS quota period value. | string |
| cpuManagerPolicy | CPU Manager policy to use. | string |
| failSwapOn | If set to true it will make the Kubelet fail to start if swap is enabled on the node. | bool |
| imageGcHighThreshold | The percent of disk usage after which image garbage collection is always run. | int |
| imageGcLowThreshold | The percent of disk usage before which image garbage collection is never run. | int |
| podMaxPids | The maximum number of processes per pod. | int |
| topologyManagerPolicy | Topology Manager policy to use. | string |
LinuxOSConfig
| Name | Description | Value |
|---|---|---|
| swapFileSizeMB | SwapFileSizeMB specifies size in MB of a swap file will be created on each node. | int |
| sysctls | Sysctl settings for Linux agent nodes. | SysctlConfig |
| transparentHugePageDefrag | Transparent Huge Page defrag configuration. | string |
| transparentHugePageEnabled | Transparent Huge Page enabled configuration. | string |
SysctlConfig
| Name | Description | Value |
|---|---|---|
| fsAioMaxNr | Sysctl setting fs.aio-max-nr. | int |
| fsFileMax | Sysctl setting fs.file-max. | int |
| fsInotifyMaxUserWatches | Sysctl setting fs.inotify.max_user_watches. | int |
| fsNrOpen | Sysctl setting fs.nr_open. | int |
| kernelThreadsMax | Sysctl setting kernel.threads-max. | int |
| netCoreNetdevMaxBacklog | Sysctl setting net.core.netdev_max_backlog. | int |
| netCoreOptmemMax | Sysctl setting net.core.optmem_max. | int |
| netCoreRmemDefault | Sysctl setting net.core.rmem_default. | int |
| netCoreRmemMax | Sysctl setting net.core.rmem_max. | int |
| netCoreSomaxconn | Sysctl setting net.core.somaxconn. | int |
| netCoreWmemDefault | Sysctl setting net.core.wmem_default. | int |
| netCoreWmemMax | Sysctl setting net.core.wmem_max. | int |
| netIpv4IpLocalPortRange | Sysctl setting net.ipv4.ip_local_port_range. | string |
| netIpv4NeighDefaultGcThresh1 | Sysctl setting net.ipv4.neigh.default.gc_thresh1. | int |
| netIpv4NeighDefaultGcThresh2 | Sysctl setting net.ipv4.neigh.default.gc_thresh2. | int |
| netIpv4NeighDefaultGcThresh3 | Sysctl setting net.ipv4.neigh.default.gc_thresh3. | int |
| netIpv4TcpFinTimeout | Sysctl setting net.ipv4.tcp_fin_timeout. | int |
| netIpv4TcpkeepaliveIntvl | Sysctl setting net.ipv4.tcp_keepalive_intvl. | int |
| netIpv4TcpKeepaliveProbes | Sysctl setting net.ipv4.tcp_keepalive_probes. | int |
| netIpv4TcpKeepaliveTime | Sysctl setting net.ipv4.tcp_keepalive_time. | int |
| netIpv4TcpMaxSynBacklog | Sysctl setting net.ipv4.tcp_max_syn_backlog. | int |
| netIpv4TcpMaxTwBuckets | Sysctl setting net.ipv4.tcp_max_tw_buckets. | int |
| netIpv4TcpTwReuse | Sysctl setting net.ipv4.tcp_tw_reuse. | bool |
| netNetfilterNfConntrackBuckets | Sysctl setting net.netfilter.nf_conntrack_buckets. | int |
| netNetfilterNfConntrackMax | Sysctl setting net.netfilter.nf_conntrack_max. | int |
| vmMaxMapCount | Sysctl setting vm.max_map_count. | int |
| vmSwappiness | Sysctl setting vm.swappiness. | int |
| vmVfsCachePressure | Sysctl setting vm.vfs_cache_pressure. | int |
ManagedClusterAgentPoolProfilePropertiesNodeLabels
| Name | Description | Value |
|---|---|---|
| {customized property} | string |
AgentPoolUpgradeSettings
| Name | Description | Value |
|---|---|---|
| maxSurge | Count or percentage of additional nodes to be added during upgrade. If empty uses AKS default | string |
ManagedClusterAPIServerAccessProfile
| Name | Description | Value |
|---|---|---|
| authorizedIPRanges | Authorized IP Ranges to kubernetes API server. | string[] |
| enablePrivateCluster | Whether to create the cluster as a private cluster or not. | bool |
| privateDNSZone | Private dns zone mode for private cluster. | string |
ManagedClusterPropertiesAutoScalerProfile
| Name | Description | Value |
|---|---|---|
| balance-similar-node-groups | string | |
| expander | 'least-waste' 'most-pods' 'priority' 'random' |
|
| max-empty-bulk-delete | string | |
| max-graceful-termination-sec | string | |
| max-node-provision-time | string | |
| max-total-unready-percentage | string | |
| new-pod-scale-up-delay | string | |
| ok-total-unready-count | string | |
| scale-down-delay-after-add | string | |
| scale-down-delay-after-delete | string | |
| scale-down-delay-after-failure | string | |
| scale-down-unneeded-time | string | |
| scale-down-unready-time | string | |
| scale-down-utilization-threshold | string | |
| scan-interval | string | |
| skip-nodes-with-local-storage | string | |
| skip-nodes-with-system-pods | string |
ManagedClusterAutoUpgradeProfile
| Name | Description | Value |
|---|---|---|
| upgradeChannel | upgrade channel for auto upgrade. | 'none' 'patch' 'rapid' 'stable' |
ManagedClusterPropertiesIdentityProfile
| Name | Description | Value |
|---|---|---|
| {customized property} | ComponentsQit0EtSchemasManagedclusterpropertiesPrope... |
ComponentsQit0EtSchemasManagedclusterpropertiesPrope...
| Name | Description | Value |
|---|---|---|
| clientId | The client id of the user assigned identity. | string |
| objectId | The object id of the user assigned identity. | string |
| resourceId | The resource id of the user assigned identity. | string |
ContainerServiceLinuxProfile
| Name | Description | Value |
|---|---|---|
| adminUsername | The administrator username to use for Linux VMs. | string (required) Constraints: Pattern = ^[A-Za-z][-A-Za-z0-9_]*$ |
| ssh | SSH configuration for Linux-based VMs running on Azure. | ContainerServiceSshConfiguration (required) |
ContainerServiceSshConfiguration
| Name | Description | Value |
|---|---|---|
| publicKeys | The list of SSH public keys used to authenticate with Linux-based VMs. Only expect one key specified. | ContainerServiceSshPublicKey[] (required) |
ContainerServiceSshPublicKey
| Name | Description | Value |
|---|---|---|
| keyData | Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or without headers. | string (required) |
ContainerServiceNetworkProfile
| Name | Description | Value |
|---|---|---|
| dnsServiceIP | An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. | string Constraints: Pattern = ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ |
| dockerBridgeCidr | A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range. | string Constraints: Pattern = ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ |
| loadBalancerProfile | Profile of the cluster load balancer. | ManagedClusterLoadBalancerProfile |
| loadBalancerSku | The load balancer sku for the managed cluster. | 'basic' 'standard' |
| networkMode | Network mode used for building Kubernetes network. | 'bridge' 'transparent' |
| networkPlugin | Network plugin used for building Kubernetes network. | 'azure' 'kubenet' |
| networkPolicy | Network policy used for building Kubernetes network. | 'azure' 'calico' |
| outboundType | The outbound (egress) routing method. | 'loadBalancer' 'userDefinedRouting' |
| podCidr | A CIDR notation IP range from which to assign pod IPs when kubenet is used. | string Constraints: Pattern = ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ |
| serviceCidr | A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. | string Constraints: Pattern = ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ |
ManagedClusterLoadBalancerProfile
| Name | Description | Value |
|---|---|---|
| allocatedOutboundPorts | Desired number of allocated SNAT ports per VM. Allowed values must be in the range of 0 to 64000 (inclusive). The default value is 0 which results in Azure dynamically allocating ports. | int Constraints: Min value = 0 Max value = 64000 |
| effectiveOutboundIPs | The effective outbound IP resources of the cluster load balancer. | ResourceReference[] |
| idleTimeoutInMinutes | Desired outbound flow idle timeout in minutes. Allowed values must be in the range of 4 to 120 (inclusive). The default value is 30 minutes. | int Constraints: Min value = 4 Max value = 120 |
| managedOutboundIPs | Desired managed outbound IPs for the cluster load balancer. | ManagedClusterLoadBalancerProfileManagedOutboundIPs |
| outboundIPPrefixes | Desired outbound IP Prefix resources for the cluster load balancer. | ManagedClusterLoadBalancerProfileOutboundIPPrefixes |
| outboundIPs | Desired outbound IP resources for the cluster load balancer. | ManagedClusterLoadBalancerProfileOutboundIPs |
ResourceReference
| Name | Description | Value |
|---|---|---|
| id | The fully qualified Azure resource id. | string |
ManagedClusterLoadBalancerProfileManagedOutboundIPs
| Name | Description | Value |
|---|---|---|
| count | Desired number of outbound IP created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 1. | int Constraints: Min value = 1 Max value = 100 |
ManagedClusterLoadBalancerProfileOutboundIPPrefixes
| Name | Description | Value |
|---|---|---|
| publicIPPrefixes | A list of public IP prefix resources. | ResourceReference[] |
ManagedClusterLoadBalancerProfileOutboundIPs
| Name | Description | Value |
|---|---|---|
| publicIPs | A list of public IP resources. | ResourceReference[] |
ManagedClusterPodIdentityProfile
| Name | Description | Value |
|---|---|---|
| allowNetworkPluginKubenet | Customer consent for enabling AAD pod identity addon in cluster using Kubenet network plugin. | bool |
| enabled | Whether the pod identity addon is enabled. | bool |
| userAssignedIdentities | User assigned pod identity settings. | ManagedClusterPodIdentity[] |
| userAssignedIdentityExceptions | User assigned pod identity exception settings. | ManagedClusterPodIdentityException[] |
ManagedClusterPodIdentity
| Name | Description | Value |
|---|---|---|
| identity | Information of the user assigned identity. | UserAssignedIdentity (required) |
| name | Name of the pod identity. | string (required) |
| namespace | Namespace of the pod identity. | string (required) |
UserAssignedIdentity
| Name | Description | Value |
|---|---|---|
| clientId | The client id of the user assigned identity. | string |
| objectId | The object id of the user assigned identity. | string |
| resourceId | The resource id of the user assigned identity. | string |
ManagedClusterPodIdentityException
| Name | Description | Value |
|---|---|---|
| name | Name of the pod identity exception. | string (required) |
| namespace | Namespace of the pod identity exception. | string (required) |
| podLabels | Pod labels to match. | ManagedClusterPodIdentityExceptionPodLabels (required) |
ManagedClusterPodIdentityExceptionPodLabels
| Name | Description | Value |
|---|---|---|
| {customized property} | string |
ManagedClusterServicePrincipalProfile
| Name | Description | Value |
|---|---|---|
| clientId | The ID for the service principal. | string (required) |
| secret | The secret password associated with the service principal in plain text. | string |
ManagedClusterWindowsProfile
| Name | Description | Value |
|---|---|---|
| adminPassword | Specifies the password of the administrator account. Minimum-length: 8 characters Max-length: 123 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!" |
string |
| adminUsername | Specifies the name of the administrator account. restriction: Cannot end in "." Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". Minimum-length: 1 character Max-length: 20 characters |
string (required) |
| licenseType | The licenseType to use for Windows VMs. Windows_Server is used to enable Azure Hybrid User Benefits for Windows VMs. | 'None' 'Windows_Server' |
ManagedClusterSKU
| Name | Description | Value |
|---|---|---|
| name | Name of a managed cluster SKU. | 'Basic' |
| tier | Tier of a managed cluster SKU. | 'Free' 'Paid' |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
CI/CD using Jenkins on Azure Container Service (AKS) |
Containers make it very easy for you to continuously build and deploy your applications. By orchestrating deployment of those containers using Kubernetes in Azure Container Service, you can achieve replicable, manageable clusters of containers. By setting up a continuous build to produce your container images and orchestration, you can increase the speed and reliability of your deployment. |
| min.io Azure Gateway |
Fully private min.io Azure Gateway deployment to provide an S3 compliant storage API backed by blob storage |
| AKS Cluster with a NAT Gateway and an Application Gateway |
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. |
| Create a Private AKS Cluster |
This sample shows how to create a private AKS cluster in a virtual network along with a jumpbox virtual machine. |
| Create a Private AKS Cluster with a Public DNS Zone |
This sample shows how to a deploy a private AKS cluster with a Public DNS Zone. |
| Deploy a managed Kubernetes Cluster (AKS) |
This ARM template demonstrates the deployment of an AKS instance with advanced networking features into an existing virtual network. Additionally, the chosen Service Principal is assigned the Network Contributor role against the subnet that contains the AKS cluster. |
| Deploy a managed Kubernetes Cluster with AAD (AKS) |
This ARM template demonstrates the deployment of an AKS instance with advanced networking features into an existing virtual network and Azure AD Integeration. Additionally, the chosen Service Principal is assigned the Network Contributor role against the subnet that contains the AKS cluster. |
| Deploy an AKS cluster for Azure ML |
This template allows you to deploy an entreprise compliant AKS cluster which can be attached to Azure ML |
| Azure Container Service (AKS) |
Deploy a managed cluster with Azure Container Service (AKS) |
| Azure Container Service (AKS) |
Deploy a managed cluster with Azure Container Service (AKS) using Azure Linux container hosts |
| Azure Container Service (AKS) with Helm |
Deploy a managed cluster with Azure Container Service (AKS) with Helm |
| Azure Kubernetes Service (AKS) |
Deploys a managed Kubernetes cluster via Azure Kubernetes Service (AKS) |
| AKS cluster with the Application Gateway Ingress Controller |
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault |
ARM template resource definition
The managedClusters resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Remarks
For information about available add-ons, see Add-ons, extensions, and other integrations with Azure Kubernetes Service.
Resource format
To create a Microsoft.ContainerService/managedClusters resource, add the following JSON to your template.
{
"type": "Microsoft.ContainerService/managedClusters",
"apiVersion": "2021-02-01",
"name": "string",
"location": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"sku": {
"name": "Basic",
"tier": "string"
},
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {}
}
},
"properties": {
"aadProfile": {
"adminGroupObjectIDs": [ "string" ],
"clientAppID": "string",
"enableAzureRBAC": "bool",
"managed": "bool",
"serverAppID": "string",
"serverAppSecret": "string",
"tenantID": "string"
},
"addonProfiles": {
"{customized property}": {
"config": {
"{customized property}": "string"
},
"enabled": "bool"
}
},
"agentPoolProfiles": [
{
"availabilityZones": [ "string" ],
"count": "int",
"enableAutoScaling": "bool",
"enableEncryptionAtHost": "bool",
"enableNodePublicIP": "bool",
"kubeletConfig": {
"allowedUnsafeSysctls": [ "string" ],
"containerLogMaxFiles": "int",
"containerLogMaxSizeMB": "int",
"cpuCfsQuota": "bool",
"cpuCfsQuotaPeriod": "string",
"cpuManagerPolicy": "string",
"failSwapOn": "bool",
"imageGcHighThreshold": "int",
"imageGcLowThreshold": "int",
"podMaxPids": "int",
"topologyManagerPolicy": "string"
},
"kubeletDiskType": "string",
"linuxOSConfig": {
"swapFileSizeMB": "int",
"sysctls": {
"fsAioMaxNr": "int",
"fsFileMax": "int",
"fsInotifyMaxUserWatches": "int",
"fsNrOpen": "int",
"kernelThreadsMax": "int",
"netCoreNetdevMaxBacklog": "int",
"netCoreOptmemMax": "int",
"netCoreRmemDefault": "int",
"netCoreRmemMax": "int",
"netCoreSomaxconn": "int",
"netCoreWmemDefault": "int",
"netCoreWmemMax": "int",
"netIpv4IpLocalPortRange": "string",
"netIpv4NeighDefaultGcThresh1": "int",
"netIpv4NeighDefaultGcThresh2": "int",
"netIpv4NeighDefaultGcThresh3": "int",
"netIpv4TcpFinTimeout": "int",
"netIpv4TcpkeepaliveIntvl": "int",
"netIpv4TcpKeepaliveProbes": "int",
"netIpv4TcpKeepaliveTime": "int",
"netIpv4TcpMaxSynBacklog": "int",
"netIpv4TcpMaxTwBuckets": "int",
"netIpv4TcpTwReuse": "bool",
"netNetfilterNfConntrackBuckets": "int",
"netNetfilterNfConntrackMax": "int",
"vmMaxMapCount": "int",
"vmSwappiness": "int",
"vmVfsCachePressure": "int"
},
"transparentHugePageDefrag": "string",
"transparentHugePageEnabled": "string"
},
"maxCount": "int",
"maxPods": "int",
"minCount": "int",
"mode": "string",
"name": "string",
"nodeLabels": {
"{customized property}": "string"
},
"nodePublicIPPrefixID": "string",
"nodeTaints": [ "string" ],
"orchestratorVersion": "string",
"osDiskSizeGB": "int",
"osDiskType": "string",
"osType": "string",
"podSubnetID": "string",
"proximityPlacementGroupID": "string",
"scaleSetEvictionPolicy": "string",
"scaleSetPriority": "string",
"spotMaxPrice": "[json('decimal-as-string')]",
"tags": {},
"type": "string",
"upgradeSettings": {
"maxSurge": "string"
},
"vmSize": "string",
"vnetSubnetID": "string"
}
],
"apiServerAccessProfile": {
"authorizedIPRanges": [ "string" ],
"enablePrivateCluster": "bool",
"privateDNSZone": "string"
},
"autoScalerProfile": {
"balance-similar-node-groups": "string",
"expander": "string",
"max-empty-bulk-delete": "string",
"max-graceful-termination-sec": "string",
"max-node-provision-time": "string",
"max-total-unready-percentage": "string",
"new-pod-scale-up-delay": "string",
"ok-total-unready-count": "string",
"scale-down-delay-after-add": "string",
"scale-down-delay-after-delete": "string",
"scale-down-delay-after-failure": "string",
"scale-down-unneeded-time": "string",
"scale-down-unready-time": "string",
"scale-down-utilization-threshold": "string",
"scan-interval": "string",
"skip-nodes-with-local-storage": "string",
"skip-nodes-with-system-pods": "string"
},
"autoUpgradeProfile": {
"upgradeChannel": "string"
},
"diskEncryptionSetID": "string",
"dnsPrefix": "string",
"enablePodSecurityPolicy": "bool",
"enableRBAC": "bool",
"fqdnSubdomain": "string",
"identityProfile": {
"{customized property}": {
"clientId": "string",
"objectId": "string",
"resourceId": "string"
}
},
"kubernetesVersion": "string",
"linuxProfile": {
"adminUsername": "string",
"ssh": {
"publicKeys": [
{
"keyData": "string"
}
]
}
},
"networkProfile": {
"dnsServiceIP": "string",
"dockerBridgeCidr": "string",
"loadBalancerProfile": {
"allocatedOutboundPorts": "int",
"effectiveOutboundIPs": [
{
"id": "string"
}
],
"idleTimeoutInMinutes": "int",
"managedOutboundIPs": {
"count": "int"
},
"outboundIPPrefixes": {
"publicIPPrefixes": [
{
"id": "string"
}
]
},
"outboundIPs": {
"publicIPs": [
{
"id": "string"
}
]
}
},
"loadBalancerSku": "string",
"networkMode": "string",
"networkPlugin": "string",
"networkPolicy": "string",
"outboundType": "string",
"podCidr": "string",
"serviceCidr": "string"
},
"nodeResourceGroup": "string",
"podIdentityProfile": {
"allowNetworkPluginKubenet": "bool",
"enabled": "bool",
"userAssignedIdentities": [
{
"identity": {
"clientId": "string",
"objectId": "string",
"resourceId": "string"
},
"name": "string",
"namespace": "string"
}
],
"userAssignedIdentityExceptions": [
{
"name": "string",
"namespace": "string",
"podLabels": {
"{customized property}": "string"
}
}
]
},
"servicePrincipalProfile": {
"clientId": "string",
"secret": "string"
},
"windowsProfile": {
"adminPassword": "string",
"adminUsername": "string",
"licenseType": "string"
}
}
}
Property values
managedClusters
| Name | Description | Value |
|---|---|---|
| type | The resource type | 'Microsoft.ContainerService/managedClusters' |
| apiVersion | The resource api version | '2021-02-01' |
| name | The resource name | string (required) Character limit: 1-63 Valid characters: Alphanumerics, underscores, and hyphens. Start and end with alphanumeric. |
| location | Resource location | string (required) |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| sku | The managed cluster SKU. | ManagedClusterSKU |
| identity | The identity of the managed cluster, if configured. | ManagedClusterIdentity |
| properties | Properties of a managed cluster. | ManagedClusterProperties |
ManagedClusterIdentity
| Name | Description | Value |
|---|---|---|
| type | The type of identity used for the managed cluster. Type 'SystemAssigned' will use an implicitly created identity in master components and an auto-created user assigned identity in MC_ resource group in agent nodes. Type 'None' will not use MSI for the managed cluster, service principal will be used instead. | 'None' 'SystemAssigned' 'UserAssigned' |
| userAssignedIdentities | The user identity associated with the managed cluster. This identity will be used in control plane and only one user assigned identity is allowed. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | ManagedClusterIdentityUserAssignedIdentities |
ManagedClusterIdentityUserAssignedIdentities
| Name | Description | Value |
|---|---|---|
| {customized property} | Components1Umhcm8SchemasManagedclusteridentityProper... |
Components1Umhcm8SchemasManagedclusteridentityProper...
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
ManagedClusterProperties
| Name | Description | Value |
|---|---|---|
| aadProfile | Profile of Azure Active Directory configuration. | ManagedClusterAADProfile |
| addonProfiles | Profile of managed cluster add-on. | ManagedClusterPropertiesAddonProfiles |
| agentPoolProfiles | Properties of the agent pool. | ManagedClusterAgentPoolProfile[] |
| apiServerAccessProfile | Access profile for managed cluster API server. | ManagedClusterAPIServerAccessProfile |
| autoScalerProfile | Parameters to be applied to the cluster-autoscaler when enabled | ManagedClusterPropertiesAutoScalerProfile |
| autoUpgradeProfile | Profile of auto upgrade configuration. | ManagedClusterAutoUpgradeProfile |
| diskEncryptionSetID | ResourceId of the disk encryption set to use for enabling encryption at rest. | string |
| dnsPrefix | DNS prefix specified when creating the managed cluster. | string |
| enablePodSecurityPolicy | (DEPRECATING) Whether to enable Kubernetes pod security policy (preview). This feature is set for removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy. | bool |
| enableRBAC | Whether to enable Kubernetes Role-Based Access Control. | bool |
| fqdnSubdomain | FQDN subdomain specified when creating private cluster with custom private dns zone. | string |
| identityProfile | Identities associated with the cluster. | ManagedClusterPropertiesIdentityProfile |
| kubernetesVersion | Version of Kubernetes specified when creating the managed cluster. | string |
| linuxProfile | Profile for Linux VMs in the container service cluster. | ContainerServiceLinuxProfile |
| networkProfile | Profile of network configuration. | ContainerServiceNetworkProfile |
| nodeResourceGroup | Name of the resource group containing agent pool nodes. | string |
| podIdentityProfile | Profile of managed cluster pod identity. | ManagedClusterPodIdentityProfile |
| servicePrincipalProfile | Information about a service principal identity for the cluster to use for manipulating Azure APIs. | ManagedClusterServicePrincipalProfile |
| windowsProfile | Profile for Windows VMs in the container service cluster. | ManagedClusterWindowsProfile |
ManagedClusterAADProfile
| Name | Description | Value |
|---|---|---|
| adminGroupObjectIDs | AAD group object IDs that will have admin role of the cluster. | string[] |
| clientAppID | The client AAD application ID. | string |
| enableAzureRBAC | Whether to enable Azure RBAC for Kubernetes authorization. | bool |
| managed | Whether to enable managed AAD. | bool |
| serverAppID | The server AAD application ID. | string |
| serverAppSecret | The server AAD application secret. | string |
| tenantID | The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment subscription. | string |
ManagedClusterPropertiesAddonProfiles
| Name | Description | Value |
|---|---|---|
| {customized property} | ManagedClusterAddonProfile |
ManagedClusterAddonProfile
| Name | Description | Value |
|---|---|---|
| config | Key-value pairs for configuring an add-on. | ManagedClusterAddonProfileConfig |
| enabled | Whether the add-on is enabled or not. | bool (required) |
ManagedClusterAddonProfileConfig
| Name | Description | Value |
|---|---|---|
| {customized property} | string |
ManagedClusterAgentPoolProfile
| Name | Description | Value |
|---|---|---|
| availabilityZones | Availability zones for nodes. Must use VirtualMachineScaleSets AgentPoolType. | string[] |
| count | Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 100 (inclusive) for user pools and in the range of 1 to 100 (inclusive) for system pools. The default value is 1. | int |
| enableAutoScaling | Whether to enable auto-scaler | bool |
| enableEncryptionAtHost | Whether to enable EncryptionAtHost | bool |
| enableNodePublicIP | Enable public IP for nodes | bool |
| kubeletConfig | KubeletConfig specifies the configuration of kubelet on agent nodes. | KubeletConfig |
| kubeletDiskType | KubeletDiskType determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. Currently allows one value, OS, resulting in Kubelet using the OS disk for data. | 'OS' 'Temporary' |
| linuxOSConfig | LinuxOSConfig specifies the OS configuration of linux agent nodes. | LinuxOSConfig |
| maxCount | Maximum number of nodes for auto-scaling | int |
| maxPods | Maximum number of pods that can run on a node. | int |
| minCount | Minimum number of nodes for auto-scaling | int |
| mode | AgentPoolMode represents mode of an agent pool | 'System' 'User' |
| name | Unique name of the agent pool profile in the context of the subscription and resource group. | string (required) Constraints: Pattern = ^[a-z][a-z0-9]{0,11}$ |
| nodeLabels | Agent pool node labels to be persisted across all nodes in agent pool. | ManagedClusterAgentPoolProfilePropertiesNodeLabels |
| nodePublicIPPrefixID | Public IP Prefix ID. VM nodes use IPs assigned from this Public IP Prefix. | string |
| nodeTaints | Taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. | string[] |
| orchestratorVersion | Version of orchestrator specified when creating the managed cluster. | string |
| osDiskSizeGB | OS Disk Size in GB to be used to specify the disk size for every machine in this master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified. | int Constraints: Min value = 0 Max value = 1023 |
| osDiskType | OS disk type to be used for machines in a given agent pool. Allowed values are 'Ephemeral' and 'Managed'. If unspecified, defaults to 'Ephemeral' when the VM supports ephemeral OS and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. | 'Ephemeral' 'Managed' |
| osType | OsType to be used to specify os type. Choose from Linux and Windows. Default to Linux. | 'Linux' 'Windows' |
| podSubnetID | Pod SubnetID specifies the VNet's subnet identifier for pods. | string |
| proximityPlacementGroupID | The ID for Proximity Placement Group. | string |
| scaleSetEvictionPolicy | ScaleSetEvictionPolicy to be used to specify eviction policy for Spot virtual machine scale set. Default to Delete. | 'Deallocate' 'Delete' |
| scaleSetPriority | ScaleSetPriority to be used to specify virtual machine scale set priority. Default to regular. | 'Regular' 'Spot' |
| spotMaxPrice | SpotMaxPrice to be used to specify the maximum price you are willing to pay in US Dollars. Possible values are any decimal value greater than zero or -1 which indicates default price to be up-to on-demand. To specify a decimal value, use the json() function. | int or json decimal |
| tags | Agent pool tags to be persisted on the agent pool virtual machine scale set. | object |
| type | AgentPoolType represents types of an agent pool | 'AvailabilitySet' 'VirtualMachineScaleSets' |
| upgradeSettings | Settings for upgrading the agentpool | AgentPoolUpgradeSettings |
| vmSize | Size of agent VMs. | 'Standard_A1' 'Standard_A10' 'Standard_A11' 'Standard_A1_v2' 'Standard_A2' 'Standard_A2_v2' 'Standard_A2m_v2' 'Standard_A3' 'Standard_A4' 'Standard_A4_v2' 'Standard_A4m_v2' 'Standard_A5' 'Standard_A6' 'Standard_A7' 'Standard_A8' 'Standard_A8_v2' 'Standard_A8m_v2' 'Standard_A9' 'Standard_B2ms' 'Standard_B2s' 'Standard_B4ms' 'Standard_B8ms' 'Standard_D1' 'Standard_D11' 'Standard_D11_v2' 'Standard_D11_v2_Promo' 'Standard_D12' 'Standard_D12_v2' 'Standard_D12_v2_Promo' 'Standard_D13' 'Standard_D13_v2' 'Standard_D13_v2_Promo' 'Standard_D14' 'Standard_D14_v2' 'Standard_D14_v2_Promo' 'Standard_D15_v2' 'Standard_D16_v3' 'Standard_D16s_v3' 'Standard_D1_v2' 'Standard_D2' 'Standard_D2_v2' 'Standard_D2_v2_Promo' 'Standard_D2_v3' 'Standard_D2s_v3' 'Standard_D3' 'Standard_D32_v3' 'Standard_D32s_v3' 'Standard_D3_v2' 'Standard_D3_v2_Promo' 'Standard_D4' 'Standard_D4_v2' 'Standard_D4_v2_Promo' 'Standard_D4_v3' 'Standard_D4s_v3' 'Standard_D5_v2' 'Standard_D5_v2_Promo' 'Standard_D64_v3' 'Standard_D64s_v3' 'Standard_D8_v3' 'Standard_D8s_v3' 'Standard_DS1' 'Standard_DS11' 'Standard_DS11_v2' 'Standard_DS11_v2_Promo' 'Standard_DS12' 'Standard_DS12_v2' 'Standard_DS12_v2_Promo' 'Standard_DS13' 'Standard_DS13-2_v2' 'Standard_DS13-4_v2' 'Standard_DS13_v2' 'Standard_DS13_v2_Promo' 'Standard_DS14' 'Standard_DS14-4_v2' 'Standard_DS14-8_v2' 'Standard_DS14_v2' 'Standard_DS14_v2_Promo' 'Standard_DS15_v2' 'Standard_DS1_v2' 'Standard_DS2' 'Standard_DS2_v2' 'Standard_DS2_v2_Promo' 'Standard_DS3' 'Standard_DS3_v2' 'Standard_DS3_v2_Promo' 'Standard_DS4' 'Standard_DS4_v2' 'Standard_DS4_v2_Promo' 'Standard_DS5_v2' 'Standard_DS5_v2_Promo' 'Standard_E16_v3' 'Standard_E16s_v3' 'Standard_E2_v3' 'Standard_E2s_v3' 'Standard_E32-16s_v3' 'Standard_E32-8s_v3' 'Standard_E32_v3' 'Standard_E32s_v3' 'Standard_E4_v3' 'Standard_E4s_v3' 'Standard_E64-16s_v3' 'Standard_E64-32s_v3' 'Standard_E64_v3' 'Standard_E64s_v3' 'Standard_E8_v3' 'Standard_E8s_v3' 'Standard_F1' 'Standard_F16' 'Standard_F16s' 'Standard_F16s_v2' 'Standard_F1s' 'Standard_F2' 'Standard_F2s' 'Standard_F2s_v2' 'Standard_F32s_v2' 'Standard_F4' 'Standard_F4s' 'Standard_F4s_v2' 'Standard_F64s_v2' 'Standard_F72s_v2' 'Standard_F8' 'Standard_F8s' 'Standard_F8s_v2' 'Standard_G1' 'Standard_G2' 'Standard_G3' 'Standard_G4' 'Standard_G5' 'Standard_GS1' 'Standard_GS2' 'Standard_GS3' 'Standard_GS4' 'Standard_GS4-4' 'Standard_GS4-8' 'Standard_GS5' 'Standard_GS5-16' 'Standard_GS5-8' 'Standard_H16' 'Standard_H16m' 'Standard_H16mr' 'Standard_H16r' 'Standard_H8' 'Standard_H8m' 'Standard_L16s' 'Standard_L32s' 'Standard_L4s' 'Standard_L8s' 'Standard_M128-32ms' 'Standard_M128-64ms' 'Standard_M128ms' 'Standard_M128s' 'Standard_M64-16ms' 'Standard_M64-32ms' 'Standard_M64ms' 'Standard_M64s' 'Standard_NC12' 'Standard_NC12s_v2' 'Standard_NC12s_v3' 'Standard_NC24' 'Standard_NC24r' 'Standard_NC24rs_v2' 'Standard_NC24rs_v3' 'Standard_NC24s_v2' 'Standard_NC24s_v3' 'Standard_NC6' 'Standard_NC6s_v2' 'Standard_NC6s_v3' 'Standard_ND12s' 'Standard_ND24rs' 'Standard_ND24s' 'Standard_ND6s' 'Standard_NV12' 'Standard_NV24' 'Standard_NV6' |
| vnetSubnetID | VNet SubnetID specifies the VNet's subnet identifier for nodes and maybe pods | string |
KubeletConfig
| Name | Description | Value |
|---|---|---|
| allowedUnsafeSysctls | Allowlist of unsafe sysctls or unsafe sysctl patterns (ending in *). |
string[] |
| containerLogMaxFiles | The maximum number of container log files that can be present for a container. The number must be ≥ 2. | int Constraints: Min value = 2 |
| containerLogMaxSizeMB | The maximum size (e.g. 10Mi) of container log file before it is rotated. | int |
| cpuCfsQuota | Enable CPU CFS quota enforcement for containers that specify CPU limits. | bool |
| cpuCfsQuotaPeriod | Sets CPU CFS quota period value. | string |
| cpuManagerPolicy | CPU Manager policy to use. | string |
| failSwapOn | If set to true it will make the Kubelet fail to start if swap is enabled on the node. | bool |
| imageGcHighThreshold | The percent of disk usage after which image garbage collection is always run. | int |
| imageGcLowThreshold | The percent of disk usage before which image garbage collection is never run. | int |
| podMaxPids | The maximum number of processes per pod. | int |
| topologyManagerPolicy | Topology Manager policy to use. | string |
LinuxOSConfig
| Name | Description | Value |
|---|---|---|
| swapFileSizeMB | SwapFileSizeMB specifies size in MB of a swap file will be created on each node. | int |
| sysctls | Sysctl settings for Linux agent nodes. | SysctlConfig |
| transparentHugePageDefrag | Transparent Huge Page defrag configuration. | string |
| transparentHugePageEnabled | Transparent Huge Page enabled configuration. | string |
SysctlConfig
| Name | Description | Value |
|---|---|---|
| fsAioMaxNr | Sysctl setting fs.aio-max-nr. | int |
| fsFileMax | Sysctl setting fs.file-max. | int |
| fsInotifyMaxUserWatches | Sysctl setting fs.inotify.max_user_watches. | int |
| fsNrOpen | Sysctl setting fs.nr_open. | int |
| kernelThreadsMax | Sysctl setting kernel.threads-max. | int |
| netCoreNetdevMaxBacklog | Sysctl setting net.core.netdev_max_backlog. | int |
| netCoreOptmemMax | Sysctl setting net.core.optmem_max. | int |
| netCoreRmemDefault | Sysctl setting net.core.rmem_default. | int |
| netCoreRmemMax | Sysctl setting net.core.rmem_max. | int |
| netCoreSomaxconn | Sysctl setting net.core.somaxconn. | int |
| netCoreWmemDefault | Sysctl setting net.core.wmem_default. | int |
| netCoreWmemMax | Sysctl setting net.core.wmem_max. | int |
| netIpv4IpLocalPortRange | Sysctl setting net.ipv4.ip_local_port_range. | string |
| netIpv4NeighDefaultGcThresh1 | Sysctl setting net.ipv4.neigh.default.gc_thresh1. | int |
| netIpv4NeighDefaultGcThresh2 | Sysctl setting net.ipv4.neigh.default.gc_thresh2. | int |
| netIpv4NeighDefaultGcThresh3 | Sysctl setting net.ipv4.neigh.default.gc_thresh3. | int |
| netIpv4TcpFinTimeout | Sysctl setting net.ipv4.tcp_fin_timeout. | int |
| netIpv4TcpkeepaliveIntvl | Sysctl setting net.ipv4.tcp_keepalive_intvl. | int |
| netIpv4TcpKeepaliveProbes | Sysctl setting net.ipv4.tcp_keepalive_probes. | int |
| netIpv4TcpKeepaliveTime | Sysctl setting net.ipv4.tcp_keepalive_time. | int |
| netIpv4TcpMaxSynBacklog | Sysctl setting net.ipv4.tcp_max_syn_backlog. | int |
| netIpv4TcpMaxTwBuckets | Sysctl setting net.ipv4.tcp_max_tw_buckets. | int |
| netIpv4TcpTwReuse | Sysctl setting net.ipv4.tcp_tw_reuse. | bool |
| netNetfilterNfConntrackBuckets | Sysctl setting net.netfilter.nf_conntrack_buckets. | int |
| netNetfilterNfConntrackMax | Sysctl setting net.netfilter.nf_conntrack_max. | int |
| vmMaxMapCount | Sysctl setting vm.max_map_count. | int |
| vmSwappiness | Sysctl setting vm.swappiness. | int |
| vmVfsCachePressure | Sysctl setting vm.vfs_cache_pressure. | int |
ManagedClusterAgentPoolProfilePropertiesNodeLabels
| Name | Description | Value |
|---|---|---|
| {customized property} | string |
AgentPoolUpgradeSettings
| Name | Description | Value |
|---|---|---|
| maxSurge | Count or percentage of additional nodes to be added during upgrade. If empty uses AKS default | string |
ManagedClusterAPIServerAccessProfile
| Name | Description | Value |
|---|---|---|
| authorizedIPRanges | Authorized IP Ranges to kubernetes API server. | string[] |
| enablePrivateCluster | Whether to create the cluster as a private cluster or not. | bool |
| privateDNSZone | Private dns zone mode for private cluster. | string |
ManagedClusterPropertiesAutoScalerProfile
| Name | Description | Value |
|---|---|---|
| balance-similar-node-groups | string | |
| expander | 'least-waste' 'most-pods' 'priority' 'random' |
|
| max-empty-bulk-delete | string | |
| max-graceful-termination-sec | string | |
| max-node-provision-time | string | |
| max-total-unready-percentage | string | |
| new-pod-scale-up-delay | string | |
| ok-total-unready-count | string | |
| scale-down-delay-after-add | string | |
| scale-down-delay-after-delete | string | |
| scale-down-delay-after-failure | string | |
| scale-down-unneeded-time | string | |
| scale-down-unready-time | string | |
| scale-down-utilization-threshold | string | |
| scan-interval | string | |
| skip-nodes-with-local-storage | string | |
| skip-nodes-with-system-pods | string |
ManagedClusterAutoUpgradeProfile
| Name | Description | Value |
|---|---|---|
| upgradeChannel | upgrade channel for auto upgrade. | 'none' 'patch' 'rapid' 'stable' |
ManagedClusterPropertiesIdentityProfile
| Name | Description | Value |
|---|---|---|
| {customized property} | ComponentsQit0EtSchemasManagedclusterpropertiesPrope... |
ComponentsQit0EtSchemasManagedclusterpropertiesPrope...
| Name | Description | Value |
|---|---|---|
| clientId | The client id of the user assigned identity. | string |
| objectId | The object id of the user assigned identity. | string |
| resourceId | The resource id of the user assigned identity. | string |
ContainerServiceLinuxProfile
| Name | Description | Value |
|---|---|---|
| adminUsername | The administrator username to use for Linux VMs. | string (required) Constraints: Pattern = ^[A-Za-z][-A-Za-z0-9_]*$ |
| ssh | SSH configuration for Linux-based VMs running on Azure. | ContainerServiceSshConfiguration (required) |
ContainerServiceSshConfiguration
| Name | Description | Value |
|---|---|---|
| publicKeys | The list of SSH public keys used to authenticate with Linux-based VMs. Only expect one key specified. | ContainerServiceSshPublicKey[] (required) |
ContainerServiceSshPublicKey
| Name | Description | Value |
|---|---|---|
| keyData | Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or without headers. | string (required) |
ContainerServiceNetworkProfile
| Name | Description | Value |
|---|---|---|
| dnsServiceIP | An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. | string Constraints: Pattern = ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ |
| dockerBridgeCidr | A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range. | string Constraints: Pattern = ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ |
| loadBalancerProfile | Profile of the cluster load balancer. | ManagedClusterLoadBalancerProfile |
| loadBalancerSku | The load balancer sku for the managed cluster. | 'basic' 'standard' |
| networkMode | Network mode used for building Kubernetes network. | 'bridge' 'transparent' |
| networkPlugin | Network plugin used for building Kubernetes network. | 'azure' 'kubenet' |
| networkPolicy | Network policy used for building Kubernetes network. | 'azure' 'calico' |
| outboundType | The outbound (egress) routing method. | 'loadBalancer' 'userDefinedRouting' |
| podCidr | A CIDR notation IP range from which to assign pod IPs when kubenet is used. | string Constraints: Pattern = ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ |
| serviceCidr | A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. | string Constraints: Pattern = ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ |
ManagedClusterLoadBalancerProfile
| Name | Description | Value |
|---|---|---|
| allocatedOutboundPorts | Desired number of allocated SNAT ports per VM. Allowed values must be in the range of 0 to 64000 (inclusive). The default value is 0 which results in Azure dynamically allocating ports. | int Constraints: Min value = 0 Max value = 64000 |
| effectiveOutboundIPs | The effective outbound IP resources of the cluster load balancer. | ResourceReference[] |
| idleTimeoutInMinutes | Desired outbound flow idle timeout in minutes. Allowed values must be in the range of 4 to 120 (inclusive). The default value is 30 minutes. | int Constraints: Min value = 4 Max value = 120 |
| managedOutboundIPs | Desired managed outbound IPs for the cluster load balancer. | ManagedClusterLoadBalancerProfileManagedOutboundIPs |
| outboundIPPrefixes | Desired outbound IP Prefix resources for the cluster load balancer. | ManagedClusterLoadBalancerProfileOutboundIPPrefixes |
| outboundIPs | Desired outbound IP resources for the cluster load balancer. | ManagedClusterLoadBalancerProfileOutboundIPs |
ResourceReference
| Name | Description | Value |
|---|---|---|
| id | The fully qualified Azure resource id. | string |
ManagedClusterLoadBalancerProfileManagedOutboundIPs
| Name | Description | Value |
|---|---|---|
| count | Desired number of outbound IP created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 1. | int Constraints: Min value = 1 Max value = 100 |
ManagedClusterLoadBalancerProfileOutboundIPPrefixes
| Name | Description | Value |
|---|---|---|
| publicIPPrefixes | A list of public IP prefix resources. | ResourceReference[] |
ManagedClusterLoadBalancerProfileOutboundIPs
| Name | Description | Value |
|---|---|---|
| publicIPs | A list of public IP resources. | ResourceReference[] |
ManagedClusterPodIdentityProfile
| Name | Description | Value |
|---|---|---|
| allowNetworkPluginKubenet | Customer consent for enabling AAD pod identity addon in cluster using Kubenet network plugin. | bool |
| enabled | Whether the pod identity addon is enabled. | bool |
| userAssignedIdentities | User assigned pod identity settings. | ManagedClusterPodIdentity[] |
| userAssignedIdentityExceptions | User assigned pod identity exception settings. | ManagedClusterPodIdentityException[] |
ManagedClusterPodIdentity
| Name | Description | Value |
|---|---|---|
| identity | Information of the user assigned identity. | UserAssignedIdentity (required) |
| name | Name of the pod identity. | string (required) |
| namespace | Namespace of the pod identity. | string (required) |
UserAssignedIdentity
| Name | Description | Value |
|---|---|---|
| clientId | The client id of the user assigned identity. | string |
| objectId | The object id of the user assigned identity. | string |
| resourceId | The resource id of the user assigned identity. | string |
ManagedClusterPodIdentityException
| Name | Description | Value |
|---|---|---|
| name | Name of the pod identity exception. | string (required) |
| namespace | Namespace of the pod identity exception. | string (required) |
| podLabels | Pod labels to match. | ManagedClusterPodIdentityExceptionPodLabels (required) |
ManagedClusterPodIdentityExceptionPodLabels
| Name | Description | Value |
|---|---|---|
| {customized property} | string |
ManagedClusterServicePrincipalProfile
| Name | Description | Value |
|---|---|---|
| clientId | The ID for the service principal. | string (required) |
| secret | The secret password associated with the service principal in plain text. | string |
ManagedClusterWindowsProfile
| Name | Description | Value |
|---|---|---|
| adminPassword | Specifies the password of the administrator account. Minimum-length: 8 characters Max-length: 123 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!" |
string |
| adminUsername | Specifies the name of the administrator account. restriction: Cannot end in "." Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". Minimum-length: 1 character Max-length: 20 characters |
string (required) |
| licenseType | The licenseType to use for Windows VMs. Windows_Server is used to enable Azure Hybrid User Benefits for Windows VMs. | 'None' 'Windows_Server' |
ManagedClusterSKU
| Name | Description | Value |
|---|---|---|
| name | Name of a managed cluster SKU. | 'Basic' |
| tier | Tier of a managed cluster SKU. | 'Free' 'Paid' |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
| CI/CD using Jenkins on Azure Container Service (AKS) |
Containers make it very easy for you to continuously build and deploy your applications. By orchestrating deployment of those containers using Kubernetes in Azure Container Service, you can achieve replicable, manageable clusters of containers. By setting up a continuous build to produce your container images and orchestration, you can increase the speed and reliability of your deployment. |
| min.io Azure Gateway |
Fully private min.io Azure Gateway deployment to provide an S3 compliant storage API backed by blob storage |
| AKS Cluster with a NAT Gateway and an Application Gateway |
This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. |
| Create a Private AKS Cluster |
This sample shows how to create a private AKS cluster in a virtual network along with a jumpbox virtual machine. |
| Create a Private AKS Cluster with a Public DNS Zone |
This sample shows how to a deploy a private AKS cluster with a Public DNS Zone. |
| Deploy a managed Kubernetes Cluster (AKS) |
This ARM template demonstrates the deployment of an AKS instance with advanced networking features into an existing virtual network. Additionally, the chosen Service Principal is assigned the Network Contributor role against the subnet that contains the AKS cluster. |
| Deploy a managed Kubernetes Cluster with AAD (AKS) |
This ARM template demonstrates the deployment of an AKS instance with advanced networking features into an existing virtual network and Azure AD Integeration. Additionally, the chosen Service Principal is assigned the Network Contributor role against the subnet that contains the AKS cluster. |
| Deploy an AKS cluster for Azure ML |
This template allows you to deploy an entreprise compliant AKS cluster which can be attached to Azure ML |
| Azure Container Service (AKS) |
Deploy a managed cluster with Azure Container Service (AKS) |
| Azure Container Service (AKS) |
Deploy a managed cluster with Azure Container Service (AKS) using Azure Linux container hosts |
| Azure Container Service (AKS) with Helm |
Deploy a managed cluster with Azure Container Service (AKS) with Helm |
| Azure Kubernetes Service (AKS) |
Deploys a managed Kubernetes cluster via Azure Kubernetes Service (AKS) |
| AKS cluster with the Application Gateway Ingress Controller |
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault |
Terraform (AzAPI provider) resource definition
The managedClusters resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ContainerService/managedClusters resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.ContainerService/managedClusters@2021-02-01"
name = "string"
location = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
identity {
type = "string"
identity_ids = []
}
body = jsonencode({
properties = {
aadProfile = {
adminGroupObjectIDs = [
"string"
]
clientAppID = "string"
enableAzureRBAC = bool
managed = bool
serverAppID = "string"
serverAppSecret = "string"
tenantID = "string"
}
addonProfiles = {
{customized property} = {
config = {
{customized property} = "string"
}
enabled = bool
}
}
agentPoolProfiles = [
{
availabilityZones = [
"string"
]
count = int
enableAutoScaling = bool
enableEncryptionAtHost = bool
enableNodePublicIP = bool
kubeletConfig = {
allowedUnsafeSysctls = [
"string"
]
containerLogMaxFiles = int
containerLogMaxSizeMB = int
cpuCfsQuota = bool
cpuCfsQuotaPeriod = "string"
cpuManagerPolicy = "string"
failSwapOn = bool
imageGcHighThreshold = int
imageGcLowThreshold = int
podMaxPids = int
topologyManagerPolicy = "string"
}
kubeletDiskType = "string"
linuxOSConfig = {
swapFileSizeMB = int
sysctls = {
fsAioMaxNr = int
fsFileMax = int
fsInotifyMaxUserWatches = int
fsNrOpen = int
kernelThreadsMax = int
netCoreNetdevMaxBacklog = int
netCoreOptmemMax = int
netCoreRmemDefault = int
netCoreRmemMax = int
netCoreSomaxconn = int
netCoreWmemDefault = int
netCoreWmemMax = int
netIpv4IpLocalPortRange = "string"
netIpv4NeighDefaultGcThresh1 = int
netIpv4NeighDefaultGcThresh2 = int
netIpv4NeighDefaultGcThresh3 = int
netIpv4TcpFinTimeout = int
netIpv4TcpkeepaliveIntvl = int
netIpv4TcpKeepaliveProbes = int
netIpv4TcpKeepaliveTime = int
netIpv4TcpMaxSynBacklog = int
netIpv4TcpMaxTwBuckets = int
netIpv4TcpTwReuse = bool
netNetfilterNfConntrackBuckets = int
netNetfilterNfConntrackMax = int
vmMaxMapCount = int
vmSwappiness = int
vmVfsCachePressure = int
}
transparentHugePageDefrag = "string"
transparentHugePageEnabled = "string"
}
maxCount = int
maxPods = int
minCount = int
mode = "string"
name = "string"
nodeLabels = {
{customized property} = "string"
}
nodePublicIPPrefixID = "string"
nodeTaints = [
"string"
]
orchestratorVersion = "string"
osDiskSizeGB = int
osDiskType = "string"
osType = "string"
podSubnetID = "string"
proximityPlacementGroupID = "string"
scaleSetEvictionPolicy = "string"
scaleSetPriority = "string"
spotMaxPrice = "decimal-as-string"
tags = {}
type = "string"
upgradeSettings = {
maxSurge = "string"
}
vmSize = "string"
vnetSubnetID = "string"
}
]
apiServerAccessProfile = {
authorizedIPRanges = [
"string"
]
enablePrivateCluster = bool
privateDNSZone = "string"
}
autoScalerProfile = {
balance-similar-node-groups = "string"
expander = "string"
max-empty-bulk-delete = "string"
max-graceful-termination-sec = "string"
max-node-provision-time = "string"
max-total-unready-percentage = "string"
new-pod-scale-up-delay = "string"
ok-total-unready-count = "string"
scale-down-delay-after-add = "string"
scale-down-delay-after-delete = "string"
scale-down-delay-after-failure = "string"
scale-down-unneeded-time = "string"
scale-down-unready-time = "string"
scale-down-utilization-threshold = "string"
scan-interval = "string"
skip-nodes-with-local-storage = "string"
skip-nodes-with-system-pods = "string"
}
autoUpgradeProfile = {
upgradeChannel = "string"
}
diskEncryptionSetID = "string"
dnsPrefix = "string"
enablePodSecurityPolicy = bool
enableRBAC = bool
fqdnSubdomain = "string"
identityProfile = {
{customized property} = {
clientId = "string"
objectId = "string"
resourceId = "string"
}
}
kubernetesVersion = "string"
linuxProfile = {
adminUsername = "string"
ssh = {
publicKeys = [
{
keyData = "string"
}
]
}
}
networkProfile = {
dnsServiceIP = "string"
dockerBridgeCidr = "string"
loadBalancerProfile = {
allocatedOutboundPorts = int
effectiveOutboundIPs = [
{
id = "string"
}
]
idleTimeoutInMinutes = int
managedOutboundIPs = {
count = int
}
outboundIPPrefixes = {
publicIPPrefixes = [
{
id = "string"
}
]
}
outboundIPs = {
publicIPs = [
{
id = "string"
}
]
}
}
loadBalancerSku = "string"
networkMode = "string"
networkPlugin = "string"
networkPolicy = "string"
outboundType = "string"
podCidr = "string"
serviceCidr = "string"
}
nodeResourceGroup = "string"
podIdentityProfile = {
allowNetworkPluginKubenet = bool
enabled = bool
userAssignedIdentities = [
{
identity = {
clientId = "string"
objectId = "string"
resourceId = "string"
}
name = "string"
namespace = "string"
}
]
userAssignedIdentityExceptions = [
{
name = "string"
namespace = "string"
podLabels = {
{customized property} = "string"
}
}
]
}
servicePrincipalProfile = {
clientId = "string"
secret = "string"
}
windowsProfile = {
adminPassword = "string"
adminUsername = "string"
licenseType = "string"
}
}
sku = {
name = "Basic"
tier = "string"
}
})
}
Property values
managedClusters
| Name | Description | Value |
|---|---|---|
| type | The resource type | "Microsoft.ContainerService/managedClusters@2021-02-01" |
| name | The resource name | string (required) Character limit: 1-63 Valid characters: Alphanumerics, underscores, and hyphens. Start and end with alphanumeric. |
| location | Resource location | string (required) |
| parent_id | To deploy to a resource group, use the ID of that resource group. | string (required) |
| tags | Resource tags | Dictionary of tag names and values. |
| sku | The managed cluster SKU. | ManagedClusterSKU |
| identity | The identity of the managed cluster, if configured. | ManagedClusterIdentity |
| properties | Properties of a managed cluster. | ManagedClusterProperties |
ManagedClusterIdentity
| Name | Description | Value |
|---|---|---|
| type | The type of identity used for the managed cluster. Type 'SystemAssigned' will use an implicitly created identity in master components and an auto-created user assigned identity in MC_ resource group in agent nodes. Type 'None' will not use MSI for the managed cluster, service principal will be used instead. | "SystemAssigned" "UserAssigned" |
| identity_ids | The user identity associated with the managed cluster. This identity will be used in control plane and only one user assigned identity is allowed. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | Array of user identity IDs. |
ManagedClusterIdentityUserAssignedIdentities
| Name | Description | Value |
|---|---|---|
| {customized property} | Components1Umhcm8SchemasManagedclusteridentityProper... |
Components1Umhcm8SchemasManagedclusteridentityProper...
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
ManagedClusterProperties
| Name | Description | Value |
|---|---|---|
| aadProfile | Profile of Azure Active Directory configuration. | ManagedClusterAADProfile |
| addonProfiles | Profile of managed cluster add-on. | ManagedClusterPropertiesAddonProfiles |
| agentPoolProfiles | Properties of the agent pool. | ManagedClusterAgentPoolProfile[] |
| apiServerAccessProfile | Access profile for managed cluster API server. | ManagedClusterAPIServerAccessProfile |
| autoScalerProfile | Parameters to be applied to the cluster-autoscaler when enabled | ManagedClusterPropertiesAutoScalerProfile |
| autoUpgradeProfile | Profile of auto upgrade configuration. | ManagedClusterAutoUpgradeProfile |
| diskEncryptionSetID | ResourceId of the disk encryption set to use for enabling encryption at rest. | string |
| dnsPrefix | DNS prefix specified when creating the managed cluster. | string |
| enablePodSecurityPolicy | (DEPRECATING) Whether to enable Kubernetes pod security policy (preview). This feature is set for removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy. | bool |
| enableRBAC | Whether to enable Kubernetes Role-Based Access Control. | bool |
| fqdnSubdomain | FQDN subdomain specified when creating private cluster with custom private dns zone. | string |
| identityProfile | Identities associated with the cluster. | ManagedClusterPropertiesIdentityProfile |
| kubernetesVersion | Version of Kubernetes specified when creating the managed cluster. | string |
| linuxProfile | Profile for Linux VMs in the container service cluster. | ContainerServiceLinuxProfile |
| networkProfile | Profile of network configuration. | ContainerServiceNetworkProfile |
| nodeResourceGroup | Name of the resource group containing agent pool nodes. | string |
| podIdentityProfile | Profile of managed cluster pod identity. | ManagedClusterPodIdentityProfile |
| servicePrincipalProfile | Information about a service principal identity for the cluster to use for manipulating Azure APIs. | ManagedClusterServicePrincipalProfile |
| windowsProfile | Profile for Windows VMs in the container service cluster. | ManagedClusterWindowsProfile |
ManagedClusterAADProfile
| Name | Description | Value |
|---|---|---|
| adminGroupObjectIDs | AAD group object IDs that will have admin role of the cluster. | string[] |
| clientAppID | The client AAD application ID. | string |
| enableAzureRBAC | Whether to enable Azure RBAC for Kubernetes authorization. | bool |
| managed | Whether to enable managed AAD. | bool |
| serverAppID | The server AAD application ID. | string |
| serverAppSecret | The server AAD application secret. | string |
| tenantID | The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment subscription. | string |
ManagedClusterPropertiesAddonProfiles
| Name | Description | Value |
|---|---|---|
| {customized property} | ManagedClusterAddonProfile |
ManagedClusterAddonProfile
| Name | Description | Value |
|---|---|---|
| config | Key-value pairs for configuring an add-on. | ManagedClusterAddonProfileConfig |
| enabled | Whether the add-on is enabled or not. | bool (required) |
ManagedClusterAddonProfileConfig
| Name | Description | Value |
|---|---|---|
| {customized property} | string |
ManagedClusterAgentPoolProfile
| Name | Description | Value |
|---|---|---|
| availabilityZones | Availability zones for nodes. Must use VirtualMachineScaleSets AgentPoolType. | string[] |
| count | Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 100 (inclusive) for user pools and in the range of 1 to 100 (inclusive) for system pools. The default value is 1. | int |
| enableAutoScaling | Whether to enable auto-scaler | bool |
| enableEncryptionAtHost | Whether to enable EncryptionAtHost | bool |
| enableNodePublicIP | Enable public IP for nodes | bool |
| kubeletConfig | KubeletConfig specifies the configuration of kubelet on agent nodes. | KubeletConfig |
| kubeletDiskType | KubeletDiskType determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. Currently allows one value, OS, resulting in Kubelet using the OS disk for data. | "OS" "Temporary" |
| linuxOSConfig | LinuxOSConfig specifies the OS configuration of linux agent nodes. | LinuxOSConfig |
| maxCount | Maximum number of nodes for auto-scaling | int |
| maxPods | Maximum number of pods that can run on a node. | int |
| minCount | Minimum number of nodes for auto-scaling | int |
| mode | AgentPoolMode represents mode of an agent pool | "System" "User" |
| name | Unique name of the agent pool profile in the context of the subscription and resource group. | string (required) Constraints: Pattern = ^[a-z][a-z0-9]{0,11}$ |
| nodeLabels | Agent pool node labels to be persisted across all nodes in agent pool. | ManagedClusterAgentPoolProfilePropertiesNodeLabels |
| nodePublicIPPrefixID | Public IP Prefix ID. VM nodes use IPs assigned from this Public IP Prefix. | string |
| nodeTaints | Taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. | string[] |
| orchestratorVersion | Version of orchestrator specified when creating the managed cluster. | string |
| osDiskSizeGB | OS Disk Size in GB to be used to specify the disk size for every machine in this master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified. | int Constraints: Min value = 0 Max value = 1023 |
| osDiskType | OS disk type to be used for machines in a given agent pool. Allowed values are 'Ephemeral' and 'Managed'. If unspecified, defaults to 'Ephemeral' when the VM supports ephemeral OS and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. | "Ephemeral" "Managed" |
| osType | OsType to be used to specify os type. Choose from Linux and Windows. Default to Linux. | "Linux" "Windows" |
| podSubnetID | Pod SubnetID specifies the VNet's subnet identifier for pods. | string |
| proximityPlacementGroupID | The ID for Proximity Placement Group. | string |
| scaleSetEvictionPolicy | ScaleSetEvictionPolicy to be used to specify eviction policy for Spot virtual machine scale set. Default to Delete. | "Deallocate" "Delete" |
| scaleSetPriority | ScaleSetPriority to be used to specify virtual machine scale set priority. Default to regular. | "Regular" "Spot" |
| spotMaxPrice | SpotMaxPrice to be used to specify the maximum price you are willing to pay in US Dollars. Possible values are any decimal value greater than zero or -1 which indicates default price to be up-to on-demand. Specify a decimal value as a string. | int or json decimal |
| tags | Agent pool tags to be persisted on the agent pool virtual machine scale set. | object |
| type | AgentPoolType represents types of an agent pool | "AvailabilitySet" "VirtualMachineScaleSets" |
| upgradeSettings | Settings for upgrading the agentpool | AgentPoolUpgradeSettings |
| vmSize | Size of agent VMs. | "Standard_A1" "Standard_A10" "Standard_A11" "Standard_A1_v2" "Standard_A2" "Standard_A2_v2" "Standard_A2m_v2" "Standard_A3" "Standard_A4" "Standard_A4_v2" "Standard_A4m_v2" "Standard_A5" "Standard_A6" "Standard_A7" "Standard_A8" "Standard_A8_v2" "Standard_A8m_v2" "Standard_A9" "Standard_B2ms" "Standard_B2s" "Standard_B4ms" "Standard_B8ms" "Standard_D1" "Standard_D11" "Standard_D11_v2" "Standard_D11_v2_Promo" "Standard_D12" "Standard_D12_v2" "Standard_D12_v2_Promo" "Standard_D13" "Standard_D13_v2" "Standard_D13_v2_Promo" "Standard_D14" "Standard_D14_v2" "Standard_D14_v2_Promo" "Standard_D15_v2" "Standard_D16_v3" "Standard_D16s_v3" "Standard_D1_v2" "Standard_D2" "Standard_D2_v2" "Standard_D2_v2_Promo" "Standard_D2_v3" "Standard_D2s_v3" "Standard_D3" "Standard_D32_v3" "Standard_D32s_v3" "Standard_D3_v2" "Standard_D3_v2_Promo" "Standard_D4" "Standard_D4_v2" "Standard_D4_v2_Promo" "Standard_D4_v3" "Standard_D4s_v3" "Standard_D5_v2" "Standard_D5_v2_Promo" "Standard_D64_v3" "Standard_D64s_v3" "Standard_D8_v3" "Standard_D8s_v3" "Standard_DS1" "Standard_DS11" "Standard_DS11_v2" "Standard_DS11_v2_Promo" "Standard_DS12" "Standard_DS12_v2" "Standard_DS12_v2_Promo" "Standard_DS13" "Standard_DS13-2_v2" "Standard_DS13-4_v2" "Standard_DS13_v2" "Standard_DS13_v2_Promo" "Standard_DS14" "Standard_DS14-4_v2" "Standard_DS14-8_v2" "Standard_DS14_v2" "Standard_DS14_v2_Promo" "Standard_DS15_v2" "Standard_DS1_v2" "Standard_DS2" "Standard_DS2_v2" "Standard_DS2_v2_Promo" "Standard_DS3" "Standard_DS3_v2" "Standard_DS3_v2_Promo" "Standard_DS4" "Standard_DS4_v2" "Standard_DS4_v2_Promo" "Standard_DS5_v2" "Standard_DS5_v2_Promo" "Standard_E16_v3" "Standard_E16s_v3" "Standard_E2_v3" "Standard_E2s_v3" "Standard_E32-16s_v3" "Standard_E32-8s_v3" "Standard_E32_v3" "Standard_E32s_v3" "Standard_E4_v3" "Standard_E4s_v3" "Standard_E64-16s_v3" "Standard_E64-32s_v3" "Standard_E64_v3" "Standard_E64s_v3" "Standard_E8_v3" "Standard_E8s_v3" "Standard_F1" "Standard_F16" "Standard_F16s" "Standard_F16s_v2" "Standard_F1s" "Standard_F2" "Standard_F2s" "Standard_F2s_v2" "Standard_F32s_v2" "Standard_F4" "Standard_F4s" "Standard_F4s_v2" "Standard_F64s_v2" "Standard_F72s_v2" "Standard_F8" "Standard_F8s" "Standard_F8s_v2" "Standard_G1" "Standard_G2" "Standard_G3" "Standard_G4" "Standard_G5" "Standard_GS1" "Standard_GS2" "Standard_GS3" "Standard_GS4" "Standard_GS4-4" "Standard_GS4-8" "Standard_GS5" "Standard_GS5-16" "Standard_GS5-8" "Standard_H16" "Standard_H16m" "Standard_H16mr" "Standard_H16r" "Standard_H8" "Standard_H8m" "Standard_L16s" "Standard_L32s" "Standard_L4s" "Standard_L8s" "Standard_M128-32ms" "Standard_M128-64ms" "Standard_M128ms" "Standard_M128s" "Standard_M64-16ms" "Standard_M64-32ms" "Standard_M64ms" "Standard_M64s" "Standard_NC12" "Standard_NC12s_v2" "Standard_NC12s_v3" "Standard_NC24" "Standard_NC24r" "Standard_NC24rs_v2" "Standard_NC24rs_v3" "Standard_NC24s_v2" "Standard_NC24s_v3" "Standard_NC6" "Standard_NC6s_v2" "Standard_NC6s_v3" "Standard_ND12s" "Standard_ND24rs" "Standard_ND24s" "Standard_ND6s" "Standard_NV12" "Standard_NV24" "Standard_NV6" |
| vnetSubnetID | VNet SubnetID specifies the VNet's subnet identifier for nodes and maybe pods | string |
KubeletConfig
| Name | Description | Value |
|---|---|---|
| allowedUnsafeSysctls | Allowlist of unsafe sysctls or unsafe sysctl patterns (ending in *). |
string[] |
| containerLogMaxFiles | The maximum number of container log files that can be present for a container. The number must be ≥ 2. | int Constraints: Min value = 2 |
| containerLogMaxSizeMB | The maximum size (e.g. 10Mi) of container log file before it is rotated. | int |
| cpuCfsQuota | Enable CPU CFS quota enforcement for containers that specify CPU limits. | bool |
| cpuCfsQuotaPeriod | Sets CPU CFS quota period value. | string |
| cpuManagerPolicy | CPU Manager policy to use. | string |
| failSwapOn | If set to true it will make the Kubelet fail to start if swap is enabled on the node. | bool |
| imageGcHighThreshold | The percent of disk usage after which image garbage collection is always run. | int |
| imageGcLowThreshold | The percent of disk usage before which image garbage collection is never run. | int |
| podMaxPids | The maximum number of processes per pod. | int |
| topologyManagerPolicy | Topology Manager policy to use. | string |
LinuxOSConfig
| Name | Description | Value |
|---|---|---|
| swapFileSizeMB | SwapFileSizeMB specifies size in MB of a swap file will be created on each node. | int |
| sysctls | Sysctl settings for Linux agent nodes. | SysctlConfig |
| transparentHugePageDefrag | Transparent Huge Page defrag configuration. | string |
| transparentHugePageEnabled | Transparent Huge Page enabled configuration. | string |
SysctlConfig
| Name | Description | Value |
|---|---|---|
| fsAioMaxNr | Sysctl setting fs.aio-max-nr. | int |
| fsFileMax | Sysctl setting fs.file-max. | int |
| fsInotifyMaxUserWatches | Sysctl setting fs.inotify.max_user_watches. | int |
| fsNrOpen | Sysctl setting fs.nr_open. | int |
| kernelThreadsMax | Sysctl setting kernel.threads-max. | int |
| netCoreNetdevMaxBacklog | Sysctl setting net.core.netdev_max_backlog. | int |
| netCoreOptmemMax | Sysctl setting net.core.optmem_max. | int |
| netCoreRmemDefault | Sysctl setting net.core.rmem_default. | int |
| netCoreRmemMax | Sysctl setting net.core.rmem_max. | int |
| netCoreSomaxconn | Sysctl setting net.core.somaxconn. | int |
| netCoreWmemDefault | Sysctl setting net.core.wmem_default. | int |
| netCoreWmemMax | Sysctl setting net.core.wmem_max. | int |
| netIpv4IpLocalPortRange | Sysctl setting net.ipv4.ip_local_port_range. | string |
| netIpv4NeighDefaultGcThresh1 | Sysctl setting net.ipv4.neigh.default.gc_thresh1. | int |
| netIpv4NeighDefaultGcThresh2 | Sysctl setting net.ipv4.neigh.default.gc_thresh2. | int |
| netIpv4NeighDefaultGcThresh3 | Sysctl setting net.ipv4.neigh.default.gc_thresh3. | int |
| netIpv4TcpFinTimeout | Sysctl setting net.ipv4.tcp_fin_timeout. | int |
| netIpv4TcpkeepaliveIntvl | Sysctl setting net.ipv4.tcp_keepalive_intvl. | int |
| netIpv4TcpKeepaliveProbes | Sysctl setting net.ipv4.tcp_keepalive_probes. | int |
| netIpv4TcpKeepaliveTime | Sysctl setting net.ipv4.tcp_keepalive_time. | int |
| netIpv4TcpMaxSynBacklog | Sysctl setting net.ipv4.tcp_max_syn_backlog. | int |
| netIpv4TcpMaxTwBuckets | Sysctl setting net.ipv4.tcp_max_tw_buckets. | int |
| netIpv4TcpTwReuse | Sysctl setting net.ipv4.tcp_tw_reuse. | bool |
| netNetfilterNfConntrackBuckets | Sysctl setting net.netfilter.nf_conntrack_buckets. | int |
| netNetfilterNfConntrackMax | Sysctl setting net.netfilter.nf_conntrack_max. | int |
| vmMaxMapCount | Sysctl setting vm.max_map_count. | int |
| vmSwappiness | Sysctl setting vm.swappiness. | int |
| vmVfsCachePressure | Sysctl setting vm.vfs_cache_pressure. | int |
ManagedClusterAgentPoolProfilePropertiesNodeLabels
| Name | Description | Value |
|---|---|---|
| {customized property} | string |
AgentPoolUpgradeSettings
| Name | Description | Value |
|---|---|---|
| maxSurge | Count or percentage of additional nodes to be added during upgrade. If empty uses AKS default | string |
ManagedClusterAPIServerAccessProfile
| Name | Description | Value |
|---|---|---|
| authorizedIPRanges | Authorized IP Ranges to kubernetes API server. | string[] |
| enablePrivateCluster | Whether to create the cluster as a private cluster or not. | bool |
| privateDNSZone | Private dns zone mode for private cluster. | string |
ManagedClusterPropertiesAutoScalerProfile
| Name | Description | Value |
|---|---|---|
| balance-similar-node-groups | string | |
| expander | "least-waste" "most-pods" "priority" "random" |
|
| max-empty-bulk-delete | string | |
| max-graceful-termination-sec | string | |
| max-node-provision-time | string | |
| max-total-unready-percentage | string | |
| new-pod-scale-up-delay | string | |
| ok-total-unready-count | string | |
| scale-down-delay-after-add | string | |
| scale-down-delay-after-delete | string | |
| scale-down-delay-after-failure | string | |
| scale-down-unneeded-time | string | |
| scale-down-unready-time | string | |
| scale-down-utilization-threshold | string | |
| scan-interval | string | |
| skip-nodes-with-local-storage | string | |
| skip-nodes-with-system-pods | string |
ManagedClusterAutoUpgradeProfile
| Name | Description | Value |
|---|---|---|
| upgradeChannel | upgrade channel for auto upgrade. | "none" "patch" "rapid" "stable" |
ManagedClusterPropertiesIdentityProfile
| Name | Description | Value |
|---|---|---|
| {customized property} | ComponentsQit0EtSchemasManagedclusterpropertiesPrope... |
ComponentsQit0EtSchemasManagedclusterpropertiesPrope...
| Name | Description | Value |
|---|---|---|
| clientId | The client id of the user assigned identity. | string |
| objectId | The object id of the user assigned identity. | string |
| resourceId | The resource id of the user assigned identity. | string |
ContainerServiceLinuxProfile
| Name | Description | Value |
|---|---|---|
| adminUsername | The administrator username to use for Linux VMs. | string (required) Constraints: Pattern = ^[A-Za-z][-A-Za-z0-9_]*$ |
| ssh | SSH configuration for Linux-based VMs running on Azure. | ContainerServiceSshConfiguration (required) |
ContainerServiceSshConfiguration
| Name | Description | Value |
|---|---|---|
| publicKeys | The list of SSH public keys used to authenticate with Linux-based VMs. Only expect one key specified. | ContainerServiceSshPublicKey[] (required) |
ContainerServiceSshPublicKey
| Name | Description | Value |
|---|---|---|
| keyData | Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or without headers. | string (required) |
ContainerServiceNetworkProfile
| Name | Description | Value |
|---|---|---|
| dnsServiceIP | An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. | string Constraints: Pattern = ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ |
| dockerBridgeCidr | A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range. | string Constraints: Pattern = ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ |
| loadBalancerProfile | Profile of the cluster load balancer. | ManagedClusterLoadBalancerProfile |
| loadBalancerSku | The load balancer sku for the managed cluster. | "basic" "standard" |
| networkMode | Network mode used for building Kubernetes network. | "bridge" "transparent" |
| networkPlugin | Network plugin used for building Kubernetes network. | "azure" "kubenet" |
| networkPolicy | Network policy used for building Kubernetes network. | "azure" "calico" |
| outboundType | The outbound (egress) routing method. | "loadBalancer" "userDefinedRouting" |
| podCidr | A CIDR notation IP range from which to assign pod IPs when kubenet is used. | string Constraints: Pattern = ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ |
| serviceCidr | A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. | string Constraints: Pattern = ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ |
ManagedClusterLoadBalancerProfile
| Name | Description | Value |
|---|---|---|
| allocatedOutboundPorts | Desired number of allocated SNAT ports per VM. Allowed values must be in the range of 0 to 64000 (inclusive). The default value is 0 which results in Azure dynamically allocating ports. | int Constraints: Min value = 0 Max value = 64000 |
| effectiveOutboundIPs | The effective outbound IP resources of the cluster load balancer. | ResourceReference[] |
| idleTimeoutInMinutes | Desired outbound flow idle timeout in minutes. Allowed values must be in the range of 4 to 120 (inclusive). The default value is 30 minutes. | int Constraints: Min value = 4 Max value = 120 |
| managedOutboundIPs | Desired managed outbound IPs for the cluster load balancer. | ManagedClusterLoadBalancerProfileManagedOutboundIPs |
| outboundIPPrefixes | Desired outbound IP Prefix resources for the cluster load balancer. | ManagedClusterLoadBalancerProfileOutboundIPPrefixes |
| outboundIPs | Desired outbound IP resources for the cluster load balancer. | ManagedClusterLoadBalancerProfileOutboundIPs |
ResourceReference
| Name | Description | Value |
|---|---|---|
| id | The fully qualified Azure resource id. | string |
ManagedClusterLoadBalancerProfileManagedOutboundIPs
| Name | Description | Value |
|---|---|---|
| count | Desired number of outbound IP created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 1. | int Constraints: Min value = 1 Max value = 100 |
ManagedClusterLoadBalancerProfileOutboundIPPrefixes
| Name | Description | Value |
|---|---|---|
| publicIPPrefixes | A list of public IP prefix resources. | ResourceReference[] |
ManagedClusterLoadBalancerProfileOutboundIPs
| Name | Description | Value |
|---|---|---|
| publicIPs | A list of public IP resources. | ResourceReference[] |
ManagedClusterPodIdentityProfile
| Name | Description | Value |
|---|---|---|
| allowNetworkPluginKubenet | Customer consent for enabling AAD pod identity addon in cluster using Kubenet network plugin. | bool |
| enabled | Whether the pod identity addon is enabled. | bool |
| userAssignedIdentities | User assigned pod identity settings. | ManagedClusterPodIdentity[] |
| userAssignedIdentityExceptions | User assigned pod identity exception settings. | ManagedClusterPodIdentityException[] |
ManagedClusterPodIdentity
| Name | Description | Value |
|---|---|---|
| identity | Information of the user assigned identity. | UserAssignedIdentity (required) |
| name | Name of the pod identity. | string (required) |
| namespace | Namespace of the pod identity. | string (required) |
UserAssignedIdentity
| Name | Description | Value |
|---|---|---|
| clientId | The client id of the user assigned identity. | string |
| objectId | The object id of the user assigned identity. | string |
| resourceId | The resource id of the user assigned identity. | string |
ManagedClusterPodIdentityException
| Name | Description | Value |
|---|---|---|
| name | Name of the pod identity exception. | string (required) |
| namespace | Namespace of the pod identity exception. | string (required) |
| podLabels | Pod labels to match. | ManagedClusterPodIdentityExceptionPodLabels (required) |
ManagedClusterPodIdentityExceptionPodLabels
| Name | Description | Value |
|---|---|---|
| {customized property} | string |
ManagedClusterServicePrincipalProfile
| Name | Description | Value |
|---|---|---|
| clientId | The ID for the service principal. | string (required) |
| secret | The secret password associated with the service principal in plain text. | string |
ManagedClusterWindowsProfile
| Name | Description | Value |
|---|---|---|
| adminPassword | Specifies the password of the administrator account. Minimum-length: 8 characters Max-length: 123 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!" |
string |
| adminUsername | Specifies the name of the administrator account. restriction: Cannot end in "." Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". Minimum-length: 1 character Max-length: 20 characters |
string (required) |
| licenseType | The licenseType to use for Windows VMs. Windows_Server is used to enable Azure Hybrid User Benefits for Windows VMs. | "None" "Windows_Server" |
ManagedClusterSKU
| Name | Description | Value |
|---|---|---|
| name | Name of a managed cluster SKU. | "Basic" |
| tier | Tier of a managed cluster SKU. | "Free" "Paid" |