Microsoft.ContainerService managedClusters 2017-08-31

Template format

To create a Microsoft.ContainerService/managedClusters resource, add the following JSON to the resources section of your template.

  "name": "string",
  "type": "Microsoft.ContainerService/managedClusters",
  "apiVersion": "2017-08-31",
  "location": "string",
  "tags": {},
  "properties": {
    "dnsPrefix": "string",
    "kubernetesVersion": "string",
    "agentPoolProfiles": [
        "name": "string",
        "count": "integer",
        "vmSize": "string",
        "osDiskSizeGB": "integer",
        "dnsPrefix": "string",
        "ports": [
        "storageProfile": "string",
        "vnetSubnetID": "string",
        "osType": "string"
    "linuxProfile": {
      "adminUsername": "string",
      "ssh": {
        "publicKeys": [
            "keyData": "string"
    "servicePrincipalProfile": {
      "clientId": "string",
      "secret": "string",
      "keyVaultSecretRef": {
        "vaultID": "string",
        "secretName": "string",
        "version": "string"

Property values

The following tables describe the values you need to set in the schema.

Microsoft.ContainerService/managedClusters object


In Bicep, type and apiVersion are specified in the first line of the resource declaration. Use the format <type>@<apiVersion>. Don't set those properties in the resource body.

Name Type Required Value
name string Yes The name of the managed cluster resource.
type enum Yes For JSON - Microsoft.ContainerService/managedClusters
apiVersion enum Yes For JSON - 2017-08-31
location string Yes Resource location
tags object No Resource tags
properties object Yes Properties of a managed cluster. - ManagedClusterProperties object

ManagedClusterProperties object

Name Type Required Value
dnsPrefix string No DNS prefix specified when creating the managed cluster.
kubernetesVersion string No Version of Kubernetes specified when creating the managed cluster.
agentPoolProfiles array No Properties of the agent pool. - ContainerServiceAgentPoolProfile object
linuxProfile object No Profile for Linux VMs in the container service cluster. - ContainerServiceLinuxProfile object
servicePrincipalProfile object No Information about a service principal identity for the cluster to use for manipulating Azure APIs. Either secret or keyVaultSecretRef must be specified. - ContainerServiceServicePrincipalProfile object

ContainerServiceAgentPoolProfile object

Name Type Required Value
name string Yes Unique name of the agent pool profile in the context of the subscription and resource group.
count integer No Number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 1.
vmSize enum Yes Size of agent VMs. - Standard_A1, Standard_A10, Standard_A11, Standard_A1_v2, Standard_A2, Standard_A2_v2, Standard_A2m_v2, Standard_A3, Standard_A4, Standard_A4_v2, Standard_A4m_v2, Standard_A5, Standard_A6, Standard_A7, Standard_A8, Standard_A8_v2, Standard_A8m_v2, Standard_A9, Standard_B2ms, Standard_B2s, Standard_B4ms, Standard_B8ms, Standard_D1, Standard_D11, Standard_D11_v2, Standard_D11_v2_Promo, Standard_D12, Standard_D12_v2, Standard_D12_v2_Promo, Standard_D13, Standard_D13_v2, Standard_D13_v2_Promo, Standard_D14, Standard_D14_v2, Standard_D14_v2_Promo, Standard_D15_v2, Standard_D16_v3, Standard_D16s_v3, Standard_D1_v2, Standard_D2, Standard_D2_v2, Standard_D2_v2_Promo, Standard_D2_v3, Standard_D2s_v3, Standard_D3, Standard_D32_v3, Standard_D32s_v3, Standard_D3_v2, Standard_D3_v2_Promo, Standard_D4, Standard_D4_v2, Standard_D4_v2_Promo, Standard_D4_v3, Standard_D4s_v3, Standard_D5_v2, Standard_D5_v2_Promo, Standard_D64_v3, Standard_D64s_v3, Standard_D8_v3, Standard_D8s_v3, Standard_DS1, Standard_DS11, Standard_DS11_v2, Standard_DS11_v2_Promo, Standard_DS12, Standard_DS12_v2, Standard_DS12_v2_Promo, Standard_DS13, Standard_DS13-2_v2, Standard_DS13-4_v2, Standard_DS13_v2, Standard_DS13_v2_Promo, Standard_DS14, Standard_DS14-4_v2, Standard_DS14-8_v2, Standard_DS14_v2, Standard_DS14_v2_Promo, Standard_DS15_v2, Standard_DS1_v2, Standard_DS2, Standard_DS2_v2, Standard_DS2_v2_Promo, Standard_DS3, Standard_DS3_v2, Standard_DS3_v2_Promo, Standard_DS4, Standard_DS4_v2, Standard_DS4_v2_Promo, Standard_DS5_v2, Standard_DS5_v2_Promo, Standard_E16_v3, Standard_E16s_v3, Standard_E2_v3, Standard_E2s_v3, Standard_E32-16s_v3, Standard_E32-8s_v3, Standard_E32_v3, Standard_E32s_v3, Standard_E4_v3, Standard_E4s_v3, Standard_E64-16s_v3, Standard_E64-32s_v3, Standard_E64_v3, Standard_E64s_v3, Standard_E8_v3, Standard_E8s_v3, Standard_F1, Standard_F16, Standard_F16s, Standard_F16s_v2, Standard_F1s, Standard_F2, Standard_F2s, Standard_F2s_v2, Standard_F32s_v2, Standard_F4, Standard_F4s, Standard_F4s_v2, Standard_F64s_v2, Standard_F72s_v2, Standard_F8, Standard_F8s, Standard_F8s_v2, Standard_G1, Standard_G2, Standard_G3, Standard_G4, Standard_G5, Standard_GS1, Standard_GS2, Standard_GS3, Standard_GS4, Standard_GS4-4, Standard_GS4-8, Standard_GS5, Standard_GS5-16, Standard_GS5-8, Standard_H16, Standard_H16m, Standard_H16mr, Standard_H16r, Standard_H8, Standard_H8m, Standard_L16s, Standard_L32s, Standard_L4s, Standard_L8s, Standard_M128-32ms, Standard_M128-64ms, Standard_M128ms, Standard_M128s, Standard_M64-16ms, Standard_M64-32ms, Standard_M64ms, Standard_M64s, Standard_NC12, Standard_NC12s_v2, Standard_NC12s_v3, Standard_NC24, Standard_NC24r, Standard_NC24rs_v2, Standard_NC24rs_v3, Standard_NC24s_v2, Standard_NC24s_v3, Standard_NC6, Standard_NC6s_v2, Standard_NC6s_v3, Standard_ND12s, Standard_ND24rs, Standard_ND24s, Standard_ND6s, Standard_NV12, Standard_NV24, Standard_NV6
osDiskSizeGB integer No OS Disk Size in GB to be used to specify the disk size for every machine in this master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified.
dnsPrefix string No DNS prefix to be used to create the FQDN for the agent pool.
ports array No Ports number array used to expose on this agent pool. The default opened ports are different based on your choice of orchestrator. - integer
storageProfile enum No Storage profile specifies what kind of storage used. Choose from StorageAccount and ManagedDisks. Leave it empty, we will choose for you based on the orchestrator choice. - StorageAccount or ManagedDisks
vnetSubnetID string No VNet SubnetID specifies the VNet's subnet identifier.
osType enum No OsType to be used to specify os type. Choose from Linux and Windows. Default to Linux. - Linux or Windows

ContainerServiceLinuxProfile object

Name Type Required Value
adminUsername string Yes The administrator username to use for Linux VMs.
ssh object Yes SSH configuration for Linux-based VMs running on Azure. - ContainerServiceSshConfiguration object

ContainerServiceServicePrincipalProfile object

Name Type Required Value
clientId string Yes The ID for the service principal.
secret string No The secret password associated with the service principal in plain text.
keyVaultSecretRef object No Reference to a secret stored in Azure Key Vault. - KeyVaultSecretRef object

ContainerServiceSshConfiguration object

Name Type Required Value
publicKeys array Yes The list of SSH public keys used to authenticate with Linux-based VMs. Only expect one key specified. - ContainerServiceSshPublicKey object

KeyVaultSecretRef object

Name Type Required Value
vaultID string Yes Key vault identifier.
secretName string Yes The secret name.
version string No The secret version.

ContainerServiceSshPublicKey object

Name Type Required Value
keyData string Yes Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or without headers.

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
CI/CD using Jenkins on Azure Container Service (AKS)

Deploy to Azure
Containers make it very easy for you to continuously build and deploy your applications. By orchestrating deployment of those containers using Kubernetes in Azure Container Service, you can achieve replicable, manageable clusters of containers. By setting up a continuous build to produce your container images and orchestration, you can increase the speed and reliability of your deployment. Azure Gateway

Deploy to Azure
Fully private Azure Gateway deployment to provide an S3 compliant storage API backed by blob storage
Create a Private AKS Cluster

Deploy to Azure
This sample shows how to create a private AKS cluster in a virtual network along with a jumpbox virtual machine.
Create a Private AKS Cluster with a Public DNS Zone

Deploy to Azure
This sample shows how to a deploy a private AKS cluster with a Public DNS Zone.
Deploy a managed Kubernetes Cluster (AKS).

Deploy to Azure
This ARM template demonstrates the deployment of an AKS instance with advanced networking features into an existing virtual network. Additionally, the chosen Service Principal is assigned the Network Contributor role against the subnet that contains the AKS cluster.
Deploy a managed Kubernetes Cluster (AKS).

Deploy to Azure
This ARM template demonstrates the deployment of an AKS instance with advanced networking features into an existing virtual network and Azure AD Integeration. Additionally, the chosen Service Principal is assigned the Network Contributor role against the subnet that contains the AKS cluster.
Deploy an AKS cluster for Azure ML

Deploy to Azure
This template allows you to deploy an entreprise compliant AKS cluster which can be attached to Azure ML
Azure Container Service (AKS)

Deploy to Azure
Deploy a managed cluster with Azure Container Service (AKS)
Azure Kubernetes Service (AKS)

Deploy to Azure
Deploys a managed Kubernetes cluster via Azure Kubernetes Service (AKS)
AKS cluster with the Application Gateway Ingress Controller

Deploy to Azure
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault