Microsoft.ContainerService managedClusters template reference

Template format

To create a Microsoft.ContainerService/managedClusters resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.ContainerService/managedClusters",
  "apiVersion": "2019-02-01",
  "location": "string",
  "tags": {},
  "properties": {
    "kubernetesVersion": "string",
    "dnsPrefix": "string",
    "agentPoolProfiles": [
      {
        "count": "integer",
        "vmSize": "string",
        "osDiskSizeGB": "integer",
        "vnetSubnetID": "string",
        "maxPods": "integer",
        "osType": "string",
        "maxCount": "integer",
        "minCount": "integer",
        "enableAutoScaling": boolean,
        "type": "string",
        "orchestratorVersion": "string",
        "availabilityZones": [
          "string"
        ],
        "name": "string"
      }
    ],
    "linuxProfile": {
      "adminUsername": "string",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "string"
          }
        ]
      }
    },
    "servicePrincipalProfile": {
      "clientId": "string",
      "secret": "string"
    },
    "addonProfiles": {},
    "enableRBAC": boolean,
    "enablePodSecurityPolicy": boolean,
    "networkProfile": {
      "networkPlugin": "string",
      "networkPolicy": "string",
      "podCidr": "string",
      "serviceCidr": "string",
      "dnsServiceIP": "string",
      "dockerBridgeCidr": "string"
    },
    "aadProfile": {
      "clientAppID": "string",
      "serverAppID": "string",
      "serverAppSecret": "string",
      "tenantID": "string"
    },
    "apiServerAuthorizedIPRanges": [
      "string"
    ]
  }
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.ContainerService/managedClusters object

Name Type Required Value
name string Yes
type enum Yes Microsoft.ContainerService/managedClusters
apiVersion enum Yes 2019-02-01
location string Yes Resource location
tags object No Resource tags
properties object Yes Properties of a managed cluster. - ManagedClusterProperties object

ManagedClusterProperties object

Name Type Required Value
kubernetesVersion string No Version of Kubernetes specified when creating the managed cluster.
dnsPrefix string No DNS prefix specified when creating the managed cluster.
agentPoolProfiles array No Properties of the agent pool. - ManagedClusterAgentPoolProfile object
linuxProfile object No Profile for Linux VMs in the container service cluster. - ContainerServiceLinuxProfile object
servicePrincipalProfile object No Information about a service principal identity for the cluster to use for manipulating Azure APIs. - ManagedClusterServicePrincipalProfile object
addonProfiles object No Profile of managed cluster add-on. - ManagedClusterAddonProfile object
enableRBAC boolean No Whether to enable Kubernetes Role-Based Access Control.
enablePodSecurityPolicy boolean No (PREVIEW) Whether to enable Kubernetes Pod security policy.
networkProfile object No Profile of network configuration. - ContainerServiceNetworkProfile object
aadProfile object No Profile of Azure Active Directory configuration. - ManagedClusterAADProfile object
apiServerAuthorizedIPRanges array No (PREVIEW) Authorized IP Ranges to kubernetes API server. - string

ManagedClusterAgentPoolProfile object

Name Type Required Value
count integer Yes Number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 1.
vmSize enum Yes Size of agent VMs. - Standard_A1, Standard_A10, Standard_A11, Standard_A1_v2, Standard_A2, Standard_A2_v2, Standard_A2m_v2, Standard_A3, Standard_A4, Standard_A4_v2, Standard_A4m_v2, Standard_A5, Standard_A6, Standard_A7, Standard_A8, Standard_A8_v2, Standard_A8m_v2, Standard_A9, Standard_B2ms, Standard_B2s, Standard_B4ms, Standard_B8ms, Standard_D1, Standard_D11, Standard_D11_v2, Standard_D11_v2_Promo, Standard_D12, Standard_D12_v2, Standard_D12_v2_Promo, Standard_D13, Standard_D13_v2, Standard_D13_v2_Promo, Standard_D14, Standard_D14_v2, Standard_D14_v2_Promo, Standard_D15_v2, Standard_D16_v3, Standard_D16s_v3, Standard_D1_v2, Standard_D2, Standard_D2_v2, Standard_D2_v2_Promo, Standard_D2_v3, Standard_D2s_v3, Standard_D3, Standard_D32_v3, Standard_D32s_v3, Standard_D3_v2, Standard_D3_v2_Promo, Standard_D4, Standard_D4_v2, Standard_D4_v2_Promo, Standard_D4_v3, Standard_D4s_v3, Standard_D5_v2, Standard_D5_v2_Promo, Standard_D64_v3, Standard_D64s_v3, Standard_D8_v3, Standard_D8s_v3, Standard_DS1, Standard_DS11, Standard_DS11_v2, Standard_DS11_v2_Promo, Standard_DS12, Standard_DS12_v2, Standard_DS12_v2_Promo, Standard_DS13, Standard_DS13-2_v2, Standard_DS13-4_v2, Standard_DS13_v2, Standard_DS13_v2_Promo, Standard_DS14, Standard_DS14-4_v2, Standard_DS14-8_v2, Standard_DS14_v2, Standard_DS14_v2_Promo, Standard_DS15_v2, Standard_DS1_v2, Standard_DS2, Standard_DS2_v2, Standard_DS2_v2_Promo, Standard_DS3, Standard_DS3_v2, Standard_DS3_v2_Promo, Standard_DS4, Standard_DS4_v2, Standard_DS4_v2_Promo, Standard_DS5_v2, Standard_DS5_v2_Promo, Standard_E16_v3, Standard_E16s_v3, Standard_E2_v3, Standard_E2s_v3, Standard_E32-16s_v3, Standard_E32-8s_v3, Standard_E32_v3, Standard_E32s_v3, Standard_E4_v3, Standard_E4s_v3, Standard_E64-16s_v3, Standard_E64-32s_v3, Standard_E64_v3, Standard_E64s_v3, Standard_E8_v3, Standard_E8s_v3, Standard_F1, Standard_F16, Standard_F16s, Standard_F16s_v2, Standard_F1s, Standard_F2, Standard_F2s, Standard_F2s_v2, Standard_F32s_v2, Standard_F4, Standard_F4s, Standard_F4s_v2, Standard_F64s_v2, Standard_F72s_v2, Standard_F8, Standard_F8s, Standard_F8s_v2, Standard_G1, Standard_G2, Standard_G3, Standard_G4, Standard_G5, Standard_GS1, Standard_GS2, Standard_GS3, Standard_GS4, Standard_GS4-4, Standard_GS4-8, Standard_GS5, Standard_GS5-16, Standard_GS5-8, Standard_H16, Standard_H16m, Standard_H16mr, Standard_H16r, Standard_H8, Standard_H8m, Standard_L16s, Standard_L32s, Standard_L4s, Standard_L8s, Standard_M128-32ms, Standard_M128-64ms, Standard_M128ms, Standard_M128s, Standard_M64-16ms, Standard_M64-32ms, Standard_M64ms, Standard_M64s, Standard_NC12, Standard_NC12s_v2, Standard_NC12s_v3, Standard_NC24, Standard_NC24r, Standard_NC24rs_v2, Standard_NC24rs_v3, Standard_NC24s_v2, Standard_NC24s_v3, Standard_NC6, Standard_NC6s_v2, Standard_NC6s_v3, Standard_ND12s, Standard_ND24rs, Standard_ND24s, Standard_ND6s, Standard_NV12, Standard_NV24, Standard_NV6
osDiskSizeGB integer No OS Disk Size in GB to be used to specify the disk size for every machine in this master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified.
vnetSubnetID string No VNet SubnetID specifies the VNet's subnet identifier.
maxPods integer No Maximum number of pods that can run on a node.
osType enum No OsType to be used to specify os type. Choose from Linux and Windows. Default to Linux. - Linux or Windows
maxCount integer No Maximum number of nodes for auto-scaling
minCount integer No Minimum number of nodes for auto-scaling
enableAutoScaling boolean No Whether to enable auto-scaler
type enum No AgentPoolType represents types of an agent pool. - VirtualMachineScaleSets or AvailabilitySet
orchestratorVersion string No Version of orchestrator specified when creating the managed cluster.
availabilityZones array No (PREVIEW) Availability zones for nodes. Must use VirtualMachineScaleSets AgentPoolType. - string
name string Yes Unique name of the agent pool profile in the context of the subscription and resource group.

ContainerServiceLinuxProfile object

Name Type Required Value
adminUsername string Yes The administrator username to use for Linux VMs.
ssh object Yes SSH configuration for Linux-based VMs running on Azure. - ContainerServiceSshConfiguration object

ManagedClusterServicePrincipalProfile object

Name Type Required Value
clientId string Yes The ID for the service principal.
secret string No The secret password associated with the service principal in plain text.

ContainerServiceNetworkProfile object

Name Type Required Value
networkPlugin enum No Network plugin used for building Kubernetes network. - azure or kubenet
networkPolicy enum No Network policy used for building Kubernetes network. - calico or azure
podCidr string No A CIDR notation IP range from which to assign pod IPs when kubenet is used.
serviceCidr string No A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges.
dnsServiceIP string No An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr.
dockerBridgeCidr string No A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range.

ManagedClusterAADProfile object

Name Type Required Value
clientAppID string Yes The client AAD application ID.
serverAppID string Yes The server AAD application ID.
serverAppSecret string No The server AAD application secret.
tenantID string No The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment subscription.

ManagedClusterAddonProfile

Name Type Required Value
config object No Key-value pairs for configuring an add-on.
enabled boolean Yes Whether the add-on is enabled or not.

ContainerServiceSshConfiguration object

Name Type Required Value
publicKeys array Yes The list of SSH public keys used to authenticate with Linux-based VMs. Only expect one key specified. - ContainerServiceSshPublicKey object

ContainerServiceSshPublicKey object

Name Type Required Value
keyData string Yes Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or without headers.

Resource example

The following example shows how to define a Microsoft.ContainerService/managedClusters resource in your template.

{
  "type": "Microsoft.ContainerService/managedClusters",
  "apiVersion": "2019-02-01",
  "name": "clustername1",
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "properties": {
    "dnsPrefix": "dnsprefix1",
    "enableRBAC": true,
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "kubernetesVersion": "",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "osType": "Linux"
      }
    ],
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "enablePodSecurityPolicy": true,
    "addonProfiles": {}
  }
}

Quickstart templates

All templates

See all Microsoft.Containerservice templates in Azure Quickstart templates.

Example template

The following example template from Azure Quickstart templates shows how to deploy the resource. The API version in the template is different than the API version in this article.

{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "resourceName": {
            "type": "string",
            "metadata": {
                "description": "The name of the Managed Cluster resource."
            }
        },
        "location": {
            "type": "string",
            "defaultValue": "[resourceGroup().location]",
            "metadata": {
                "description": "The Azure location of the AKS resource."
            }
        },
        "dnsPrefix": {
            "type": "string",
            "metadata": {
                "description": "Optional DNS prefix to use with hosted Kubernetes API server FQDN."
            }
        },
        "osDiskSizeGB": {
            "defaultValue": 0,
            "minValue": 0,
            "maxValue": 1023,
            "type": "int",
            "metadata": {
                "description": "Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 will apply the default disk size for that agentVMSize."
            }
        },
        "agentCount": {
            "defaultValue": 3,
            "minValue": 1,
            "maxValue": 50,
            "type": "int",
            "metadata": {
                "description": "The number of agent nodes for the cluster. Production workloads have a recommended minimum of 3."
            }
        },
        "agentVMSize": {
            "defaultValue": "Standard_D2_v2",
            "type": "string",
            "metadata": {
                "description": "The size of the Virtual Machine."
            }
        },
        "existingServicePrincipalObjectId": {
            "type": "securestring",
            "metadata": {
                "description": "Oject ID against which the Network Contributor roles will be assigned on the subnet"
            }
        },
        "existingServicePrincipalClientId": {
            "type": "securestring",
            "metadata": {
                "description": "Client ID (used by cloudprovider)"
            }
        },
        "existingServicePrincipalClientSecret": {
            "type": "securestring",
            "metadata": {
                "description": "The Service Principal Client Secret."
            }
        },
        "osType": {
            "defaultValue": "Linux",
            "allowedValues": [
                "Linux"
            ],
            "type": "string",
            "metadata": {
                "description": "The type of operating system."
            }
        },
        "kubernetesVersion": {
            "defaultValue": "1.11.5",
            "type": "string",
            "metadata": {
                "description": "The version of Kubernetes."
            }
        },
        "enableHttpApplicationRouting": {
            "defaultValue": false,
            "type": "bool",
            "metadata": {
                "description": "boolean flag to turn on and off of http application routing"
            }
        },
        "networkPlugin": {
            "allowedValues": [
                "azure",
                "kubenet"
            ],
            "defaultValue": "azure",
            "type": "string",
            "metadata": {
                "description": "Network plugin used for building Kubernetes network."
            }
        },
        "maxPods": {
            "defaultValue": 30,
            "type": "int",
            "metadata": {
                "description": "Maximum number of pods that can run on a node."
            }
        },
        "enableRBAC": {
            "defaultValue": true,
            "type": "bool",
            "metadata": {
                "description": "boolean flag to turn on and off of RBAC"
            }
        },
        "existingVirtualNetworkName": {
            "type": "string",
            "metadata": {
              "description": "Name of an existing VNET that will contain this AKS deployment."
            }
        },
        "existingVirtualNetworkResourceGroup": {
            "type": "string",
            "metadata": {
              "description": "Name of the existing VNET resource group"
            }
        },
        "existingSubnetName": {
            "type": "string",
            "metadata": {
                "description": "Subnet name that will contain the App Service Environment"
            }
        },
        "serviceCidr": {
            "type": "string",
            "defaultValue": "10.0.0.0/16",
            "metadata": {
                "description": "A CIDR notation IP range from which to assign service cluster IPs."
            }
        },
        "dnsServiceIP": {
            "type": "string",
            "defaultValue": "10.0.0.10",
            "metadata": {
                "description": "Containers DNS server IP address."
            }
        },
        "dockerBridgeCidr": {
            "type": "string",
            "defaultValue": "172.17.0.1/16",
            "metadata": {
                "description": "A CIDR notation IP for Docker bridge."
            }
        }
    },
    "variables": {
        "vnetSubnetId": "[resourceId(parameters('existingVirtualNetworkResourceGroup'),'Microsoft.Network/virtualNetworks/subnets',parameters('existingVirtualNetworkName'),parameters('existingSubnetName'))]"
    },
    "resources": [
        {
            "type": "Microsoft.ContainerService/managedClusters",
            "name": "[parameters('resourceName')]",
            "apiVersion": "2018-03-31",
            "location": "[parameters('location')]",
            "tags": {},
            "dependsOn": [
                "[concat('Microsoft.Resources/deployments/', 'ClusterSubnetRoleAssignmentDeployment')]"
            ],
            "properties": {
                "kubernetesVersion": "[parameters('kubernetesVersion')]",
                "enableRBAC": "[parameters('enableRBAC')]",
                "dnsPrefix": "[parameters('dnsPrefix')]",
                "addonProfiles": {
                    "httpApplicationRouting": {
                        "enabled": "[parameters('enableHttpApplicationRouting')]"
                    }
                },
                "agentPoolProfiles": [
                    {
                        "name": "agentpool",
                        "osDiskSizeGB": "[parameters('osDiskSizeGB')]",
                        "count": "[parameters('agentCount')]",
                        "vmSize": "[parameters('agentVMSize')]",
                        "osType": "[parameters('osType')]",
                        "storageProfile": "ManagedDisks",
                        "vnetSubnetID": "[variables('vnetSubnetID')]",
                        "maxPods": "[parameters('maxPods')]"
                    }
                ],
                "servicePrincipalProfile": {
                    "clientId": "[parameters('existingServicePrincipalClientId')]",
                    "secret": "[parameters('existingServicePrincipalClientSecret')]"
                },
                "networkProfile": {
                    "networkPlugin": "[parameters('networkPlugin')]",
                    "serviceCidr": "[parameters('serviceCidr')]",
                    "dnsServiceIP": "[parameters('dnsServiceIP')]",
                    "dockerBridgeCidr": "[parameters('dockerBridgeCidr')]"
                }
            }
        },
        {
            "type": "Microsoft.Resources/deployments",
            "name": "ClusterSubnetRoleAssignmentDeployment",
            "apiVersion": "2017-05-10",
            "subscriptionId": "[subscription().subscriptionId]",
            "resourceGroup": "[parameters('existingVirtualNetworkResourceGroup')]",
            "properties": {
                "mode": "Incremental",
                "template": {
                    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                    "contentVersion": "1.0.0.0",
                    "parameters": {},
                    "variables": {},
                    "resources": [
                        {
                            "type": "Microsoft.Network/virtualNetworks/subnets/providers/roleAssignments",
                            "apiVersion": "2017-05-01",
                            "name": "[concat(parameters('existingVirtualNetworkName'), '/', parameters('existingSubnetName'), '/Microsoft.Authorization/', guid(resourceGroup().id, deployment().name))]",
                            "properties": {
                                "roleDefinitionId": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Authorization/roleDefinitions/', '4d97b98b-1d4f-4787-a291-c67834d212e7')]",
                                "principalId": "[parameters('existingServicePrincipalObjectId')]",
                                "scope": "[variables('vnetSubnetId')]"
                            }
                        }
                    ]
                }
            }
        }
    ],
    "outputs": {
        "controlPlaneFQDN": {
            "type": "string",
            "value": "[reference(concat('Microsoft.ContainerService/managedClusters/', parameters('resourceName'))).fqdn]"
        }
    }
}