Microsoft.ContainerService managedClusters

Template format

To create a Microsoft.ContainerService/managedClusters resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.ContainerService/managedClusters",
  "apiVersion": "2021-05-01",
  "location": "string",
  "tags": {},
  "properties": {
    "kubernetesVersion": "string",
    "dnsPrefix": "string",
    "fqdnSubdomain": "string",
    "agentPoolProfiles": [
      {
        "count": "integer",
        "vmSize": "string",
        "osDiskSizeGB": "integer",
        "osDiskType": "string",
        "kubeletDiskType": "string",
        "vnetSubnetID": "string",
        "podSubnetID": "string",
        "maxPods": "integer",
        "osType": "string",
        "osSKU": "string",
        "maxCount": "integer",
        "minCount": "integer",
        "enableAutoScaling": "boolean",
        "type": "string",
        "mode": "string",
        "orchestratorVersion": "string",
        "upgradeSettings": {
          "maxSurge": "string"
        },
        "availabilityZones": [
          "string"
        ],
        "enableNodePublicIP": "boolean",
        "nodePublicIPPrefixID": "string",
        "scaleSetPriority": "string",
        "scaleSetEvictionPolicy": "string",
        "spotMaxPrice": "number",
        "tags": {},
        "nodeLabels": {},
        "nodeTaints": [
          "string"
        ],
        "proximityPlacementGroupID": "string",
        "kubeletConfig": {
          "cpuManagerPolicy": "string",
          "cpuCfsQuota": "boolean",
          "cpuCfsQuotaPeriod": "string",
          "imageGcHighThreshold": "integer",
          "imageGcLowThreshold": "integer",
          "topologyManagerPolicy": "string",
          "allowedUnsafeSysctls": [
            "string"
          ],
          "failSwapOn": "boolean",
          "containerLogMaxSizeMB": "integer",
          "containerLogMaxFiles": "integer",
          "podMaxPids": "integer"
        },
        "linuxOSConfig": {
          "sysctls": {
            "netCoreSomaxconn": "integer",
            "netCoreNetdevMaxBacklog": "integer",
            "netCoreRmemDefault": "integer",
            "netCoreRmemMax": "integer",
            "netCoreWmemDefault": "integer",
            "netCoreWmemMax": "integer",
            "netCoreOptmemMax": "integer",
            "netIpv4TcpMaxSynBacklog": "integer",
            "netIpv4TcpMaxTwBuckets": "integer",
            "netIpv4TcpFinTimeout": "integer",
            "netIpv4TcpKeepaliveTime": "integer",
            "netIpv4TcpKeepaliveProbes": "integer",
            "netIpv4TcpkeepaliveIntvl": "integer",
            "netIpv4TcpTwReuse": "boolean",
            "netIpv4IpLocalPortRange": "string",
            "netIpv4NeighDefaultGcThresh1": "integer",
            "netIpv4NeighDefaultGcThresh2": "integer",
            "netIpv4NeighDefaultGcThresh3": "integer",
            "netNetfilterNfConntrackMax": "integer",
            "netNetfilterNfConntrackBuckets": "integer",
            "fsInotifyMaxUserWatches": "integer",
            "fsFileMax": "integer",
            "fsAioMaxNr": "integer",
            "fsNrOpen": "integer",
            "kernelThreadsMax": "integer",
            "vmMaxMapCount": "integer",
            "vmSwappiness": "integer",
            "vmVfsCachePressure": "integer"
          },
          "transparentHugePageEnabled": "string",
          "transparentHugePageDefrag": "string",
          "swapFileSizeMB": "integer"
        },
        "enableEncryptionAtHost": "boolean",
        "enableUltraSSD": "boolean",
        "enableFIPS": "boolean",
        "gpuInstanceProfile": "string",
        "name": "string"
      }
    ],
    "linuxProfile": {
      "adminUsername": "string",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "string"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "string",
      "adminPassword": "string",
      "licenseType": "string",
      "enableCSIProxy": "boolean"
    },
    "servicePrincipalProfile": {
      "clientId": "string",
      "secret": "string"
    },
    "addonProfiles": {
      "config": {},
      "enabled": "boolean"
    },
    "podIdentityProfile": {
      "enabled": "boolean",
      "allowNetworkPluginKubenet": "boolean",
      "userAssignedIdentities": [
        {
          "name": "string",
          "namespace": "string",
          "bindingSelector": "string",
          "identity": {
            "resourceId": "string",
            "clientId": "string",
            "objectId": "string"
          }
        }
      ],
      "userAssignedIdentityExceptions": [
        {
          "name": "string",
          "namespace": "string",
          "podLabels": {}
        }
      ]
    },
    "nodeResourceGroup": "string",
    "enableRBAC": "boolean",
    "enablePodSecurityPolicy": "boolean",
    "networkProfile": {
      "networkPlugin": "string",
      "networkPolicy": "string",
      "networkMode": "string",
      "podCidr": "string",
      "serviceCidr": "string",
      "dnsServiceIP": "string",
      "dockerBridgeCidr": "string",
      "outboundType": "string",
      "loadBalancerSku": "string",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": "integer"
        },
        "outboundIPPrefixes": {
          "publicIPPrefixes": [
            {
              "id": "string"
            }
          ]
        },
        "outboundIPs": {
          "publicIPs": [
            {
              "id": "string"
            }
          ]
        },
        "effectiveOutboundIPs": [
          {
            "id": "string"
          }
        ],
        "allocatedOutboundPorts": "integer",
        "idleTimeoutInMinutes": "integer"
      }
    },
    "aadProfile": {
      "managed": "boolean",
      "enableAzureRBAC": "boolean",
      "adminGroupObjectIDs": [
        "string"
      ],
      "clientAppID": "string",
      "serverAppID": "string",
      "serverAppSecret": "string",
      "tenantID": "string"
    },
    "autoUpgradeProfile": {
      "upgradeChannel": "string"
    },
    "autoScalerProfile": {
      "balance-similar-node-groups": "string",
      "expander": "string",
      "max-empty-bulk-delete": "string",
      "max-graceful-termination-sec": "string",
      "max-node-provision-time": "string",
      "max-total-unready-percentage": "string",
      "new-pod-scale-up-delay": "string",
      "ok-total-unready-count": "string",
      "scan-interval": "string",
      "scale-down-delay-after-add": "string",
      "scale-down-delay-after-delete": "string",
      "scale-down-delay-after-failure": "string",
      "scale-down-unneeded-time": "string",
      "scale-down-unready-time": "string",
      "scale-down-utilization-threshold": "string",
      "skip-nodes-with-local-storage": "string",
      "skip-nodes-with-system-pods": "string"
    },
    "apiServerAccessProfile": {
      "authorizedIPRanges": [
        "string"
      ],
      "enablePrivateCluster": "boolean",
      "privateDNSZone": "string",
      "enablePrivateClusterPublicFQDN": "boolean"
    },
    "diskEncryptionSetID": "string",
    "identityProfile": {},
    "privateLinkResources": [
      {
        "id": "string",
        "name": "string",
        "type": "string",
        "groupId": "string",
        "requiredMembers": [
          "string"
        ]
      }
    ],
    "disableLocalAccounts": "boolean",
    "httpProxyConfig": {
      "httpProxy": "string",
      "httpsProxy": "string",
      "noProxy": [
        "string"
      ],
      "trustedCa": "string"
    }
  },
  "identity": {
    "type": "string",
    "userAssignedIdentities": {}
  },
  "sku": {
    "name": "Basic",
    "tier": "string"
  },
  "extendedLocation": {
    "name": "string",
    "type": "EdgeZone"
  },
  "resources": []
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.ContainerService/managedClusters object

Note

In Bicep, type and apiVersion are specified in the first line of the resource declaration. Use the format <type>@<apiVersion>. Don't set those properties in the resource body.

Name Type Required Value
name string Yes The name of the managed cluster resource.
type enum Yes For JSON - Microsoft.ContainerService/managedClusters
apiVersion enum Yes For JSON - 2021-05-01
location string Yes Resource location
tags object No Resource tags
properties object Yes Properties of a managed cluster. - ManagedClusterProperties object
identity object No The identity of the managed cluster, if configured. - ManagedClusterIdentity object
sku object No The managed cluster SKU. - ManagedClusterSKU object
extendedLocation object No The extended location of the Virtual Machine. - ExtendedLocation object
resources array No privateEndpointConnections agentPools maintenanceConfigurations

ManagedClusterProperties object

Name Type Required Value
kubernetesVersion string No Version of Kubernetes specified when creating the managed cluster.
dnsPrefix string No DNS prefix specified when creating the managed cluster.
fqdnSubdomain string No FQDN subdomain specified when creating private cluster with custom private dns zone.
agentPoolProfiles array No Properties of the agent pool. - ManagedClusterAgentPoolProfile object
linuxProfile object No Profile for Linux VMs in the container service cluster. - ContainerServiceLinuxProfile object
windowsProfile object No Profile for Windows VMs in the container service cluster. - ManagedClusterWindowsProfile object
servicePrincipalProfile object No Information about a service principal identity for the cluster to use for manipulating Azure APIs. - ManagedClusterServicePrincipalProfile object
addonProfiles object No Profile of managed cluster add-on. - ManagedClusterAddonProfile object
podIdentityProfile object No Profile of managed cluster pod identity. - ManagedClusterPodIdentityProfile object
nodeResourceGroup string No Name of the resource group containing agent pool nodes.
enableRBAC boolean No Whether to enable Kubernetes Role-Based Access Control.
enablePodSecurityPolicy boolean No (DEPRECATING) Whether to enable Kubernetes pod security policy (preview). This feature is set for removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy.
networkProfile object No Profile of network configuration. - ContainerServiceNetworkProfile object
aadProfile object No Profile of Azure Active Directory configuration. - ManagedClusterAADProfile object
autoUpgradeProfile object No Profile of auto upgrade configuration. - ManagedClusterAutoUpgradeProfile object
autoScalerProfile object No Parameters to be applied to the cluster-autoscaler when enabled - ManagedClusterPropertiesAutoScalerProfile object
apiServerAccessProfile object No Access profile for managed cluster API server. - ManagedClusterAPIServerAccessProfile object
diskEncryptionSetID string No ResourceId of the disk encryption set to use for enabling encryption at rest.
identityProfile object No Identities associated with the cluster.
privateLinkResources array No Private link resources associated with the cluster. - PrivateLinkResource object
disableLocalAccounts boolean No If set to true, getting static credential will be disabled for this cluster. Expected to only be used for AAD clusters.
httpProxyConfig object No Configurations for provisioning the cluster with HTTP proxy servers. - ManagedClusterHTTPProxyConfig object

ManagedClusterIdentity object

Name Type Required Value
type enum No The type of identity used for the managed cluster. Type 'SystemAssigned' will use an implicitly created identity in master components and an auto-created user assigned identity in MC_ resource group in agent nodes. Type 'None' will not use MSI for the managed cluster, service principal will be used instead. - SystemAssigned, UserAssigned, None
userAssignedIdentities object No The user identity associated with the managed cluster. This identity will be used in control plane and only one user assigned identity is allowed. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

ManagedClusterSKU object

Name Type Required Value
name enum No Name of a managed cluster SKU. - Basic
tier enum No Tier of a managed cluster SKU. - Paid or Free

ExtendedLocation object

Name Type Required Value
name string No The name of the extended location.
type enum No The type of the extended location. - EdgeZone

ManagedClusterAgentPoolProfile object

Name Type Required Value
count integer No Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1.
vmSize string No Size of agent VMs.
osDiskSizeGB integer No OS Disk Size in GB to be used to specify the disk size for every machine in this master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified.
osDiskType enum No OS disk type to be used for machines in a given agent pool. Allowed values are 'Ephemeral' and 'Managed'. If unspecified, defaults to 'Ephemeral' when the VM supports ephemeral OS and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. - Managed or Ephemeral
kubeletDiskType enum No KubeletDiskType determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. Currently allows one value, OS, resulting in Kubelet using the OS disk for data. - OS or Temporary
vnetSubnetID string No VNet SubnetID specifies the VNet's subnet identifier for nodes and maybe pods
podSubnetID string No Pod SubnetID specifies the VNet's subnet identifier for pods.
maxPods integer No Maximum number of pods that can run on a node.
osType enum No OsType to be used to specify os type. Choose from Linux and Windows. Default to Linux. - Linux or Windows
osSKU enum No OsSKU to be used to specify os sku. Choose from Ubuntu(default) and CBLMariner for Linux OSType. Not applicable to Windows OSType. - Ubuntu or CBLMariner
maxCount integer No Maximum number of nodes for auto-scaling
minCount integer No Minimum number of nodes for auto-scaling
enableAutoScaling boolean No Whether to enable auto-scaler
type enum No AgentPoolType represents types of an agent pool. - VirtualMachineScaleSets or AvailabilitySet
mode enum No AgentPoolMode represents mode of an agent pool. - System or User
orchestratorVersion string No Version of orchestrator specified when creating the managed cluster.
upgradeSettings object No Settings for upgrading the agentpool - AgentPoolUpgradeSettings object
availabilityZones array No Availability zones for nodes. Must use VirtualMachineScaleSets AgentPoolType. - string
enableNodePublicIP boolean No Enable public IP for nodes
nodePublicIPPrefixID string No Public IP Prefix ID. VM nodes use IPs assigned from this Public IP Prefix.
scaleSetPriority enum No ScaleSetPriority to be used to specify virtual machine scale set priority. Default to regular. - Spot or Regular
scaleSetEvictionPolicy enum No ScaleSetEvictionPolicy to be used to specify eviction policy for Spot virtual machine scale set. Default to Delete. - Delete or Deallocate
spotMaxPrice number No SpotMaxPrice to be used to specify the maximum price you are willing to pay in US Dollars. Possible values are any decimal value greater than zero or -1 which indicates default price to be up-to on-demand.
tags object No Agent pool tags to be persisted on the agent pool virtual machine scale set.
nodeLabels object No Agent pool node labels to be persisted across all nodes in agent pool.
nodeTaints array No Taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. - string
proximityPlacementGroupID string No The ID for Proximity Placement Group.
kubeletConfig object No KubeletConfig specifies the configuration of kubelet on agent nodes. - KubeletConfig object
linuxOSConfig object No LinuxOSConfig specifies the OS configuration of linux agent nodes. - LinuxOSConfig object
enableEncryptionAtHost boolean No Whether to enable EncryptionAtHost
enableUltraSSD boolean No Whether to enable UltraSSD
enableFIPS boolean No Whether to use FIPS enabled OS
gpuInstanceProfile enum No GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. Supported values are MIG1g, MIG2g, MIG3g, MIG4g and MIG7g. - MIG1g, MIG2g, MIG3g, MIG4g, MIG7g
name string Yes Unique name of the agent pool profile in the context of the subscription and resource group.

ContainerServiceLinuxProfile object

Name Type Required Value
adminUsername string Yes The administrator username to use for Linux VMs.
ssh object Yes SSH configuration for Linux-based VMs running on Azure. - ContainerServiceSshConfiguration object

ManagedClusterWindowsProfile object

Name Type Required Value
adminUsername string Yes Specifies the name of the administrator account.

restriction: Cannot end in "."

Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5".

Minimum-length: 1 character

Max-length: 20 characters
adminPassword string No Specifies the password of the administrator account.

Minimum-length: 8 characters

Max-length: 123 characters

Complexity requirements: 3 out of 4 conditions below need to be fulfilled
Has lower characters
Has upper characters
Has a digit
Has a special character (Regex match [\W_])

Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!"
licenseType enum No The licenseType to use for Windows VMs. Windows_Server is used to enable Azure Hybrid User Benefits for Windows VMs. - None or Windows_Server
enableCSIProxy boolean No Whether to enable CSI proxy.

ManagedClusterServicePrincipalProfile object

Name Type Required Value
clientId string Yes The ID for the service principal.
secret string No The secret password associated with the service principal in plain text.

ManagedClusterPodIdentityProfile object

Name Type Required Value
enabled boolean No Whether the pod identity addon is enabled.
allowNetworkPluginKubenet boolean No Customer consent for enabling AAD pod identity addon in cluster using Kubenet network plugin.
userAssignedIdentities array No User assigned pod identity settings. - ManagedClusterPodIdentity object
userAssignedIdentityExceptions array No User assigned pod identity exception settings. - ManagedClusterPodIdentityException object

ContainerServiceNetworkProfile object

Name Type Required Value
networkPlugin enum No Network plugin used for building Kubernetes network. - azure or kubenet
networkPolicy enum No Network policy used for building Kubernetes network. - calico or azure
networkMode enum No Network mode used for building Kubernetes network. - transparent or bridge
podCidr string No A CIDR notation IP range from which to assign pod IPs when kubenet is used.
serviceCidr string No A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges.
dnsServiceIP string No An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr.
dockerBridgeCidr string No A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range.
outboundType enum No The outbound (egress) routing method. - loadBalancer or userDefinedRouting
loadBalancerSku enum No The load balancer sku for the managed cluster. - standard or basic
loadBalancerProfile object No Profile of the cluster load balancer. - ManagedClusterLoadBalancerProfile object

ManagedClusterAADProfile object

Name Type Required Value
managed boolean No Whether to enable managed AAD.
enableAzureRBAC boolean No Whether to enable Azure RBAC for Kubernetes authorization.
adminGroupObjectIDs array No AAD group object IDs that will have admin role of the cluster. - string
clientAppID string No The client AAD application ID.
serverAppID string No The server AAD application ID.
serverAppSecret string No The server AAD application secret.
tenantID string No The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment subscription.

ManagedClusterAutoUpgradeProfile object

Name Type Required Value
upgradeChannel enum No upgrade channel for auto upgrade. - rapid, stable, patch, node-image, none

ManagedClusterPropertiesAutoScalerProfile object

Name Type Required Value
balance-similar-node-groups string No
expander enum No least-waste, most-pods, priority, random
max-empty-bulk-delete string No
max-graceful-termination-sec string No
max-node-provision-time string No
max-total-unready-percentage string No
new-pod-scale-up-delay string No
ok-total-unready-count string No
scan-interval string No
scale-down-delay-after-add string No
scale-down-delay-after-delete string No
scale-down-delay-after-failure string No
scale-down-unneeded-time string No
scale-down-unready-time string No
scale-down-utilization-threshold string No
skip-nodes-with-local-storage string No
skip-nodes-with-system-pods string No

ManagedClusterAPIServerAccessProfile object

Name Type Required Value
authorizedIPRanges array No Authorized IP Ranges to kubernetes API server. - string
enablePrivateCluster boolean No Whether to create the cluster as a private cluster or not.
privateDNSZone string No Private dns zone mode for private cluster.
enablePrivateClusterPublicFQDN boolean No Whether to create additional public FQDN for private cluster or not.

PrivateLinkResource object

Name Type Required Value
id string No The ID of the private link resource.
name string No The name of the private link resource.
type string No The resource type.
groupId string No The group ID of the resource.
requiredMembers array No RequiredMembers of the resource - string

ManagedClusterHTTPProxyConfig object

Name Type Required Value
httpProxy string No HTTP proxy server endpoint to use.
httpsProxy string No HTTPS proxy server endpoint to use.
noProxy array No Endpoints that should not go through proxy. - string
trustedCa string No Alternative CA cert to use for connecting to proxy servers.

AgentPoolUpgradeSettings object

Name Type Required Value
maxSurge string No Count or percentage of additional nodes to be added during upgrade. If empty uses AKS default

KubeletConfig object

Name Type Required Value
cpuManagerPolicy string No CPU Manager policy to use.
cpuCfsQuota boolean No Enable CPU CFS quota enforcement for containers that specify CPU limits.
cpuCfsQuotaPeriod string No Sets CPU CFS quota period value.
imageGcHighThreshold integer No The percent of disk usage after which image garbage collection is always run.
imageGcLowThreshold integer No The percent of disk usage before which image garbage collection is never run.
topologyManagerPolicy string No Topology Manager policy to use.
allowedUnsafeSysctls array No Allowlist of unsafe sysctls or unsafe sysctl patterns (ending in *). - string
failSwapOn boolean No If set to true it will make the Kubelet fail to start if swap is enabled on the node.
containerLogMaxSizeMB integer No The maximum size (e.g. 10Mi) of container log file before it is rotated.
containerLogMaxFiles integer No The maximum number of container log files that can be present for a container. The number must be ≥ 2.
podMaxPids integer No The maximum number of processes per pod.

LinuxOSConfig object

Name Type Required Value
sysctls object No Sysctl settings for Linux agent nodes. - SysctlConfig object
transparentHugePageEnabled string No Transparent Huge Page enabled configuration.
transparentHugePageDefrag string No Transparent Huge Page defrag configuration.
swapFileSizeMB integer No SwapFileSizeMB specifies size in MB of a swap file will be created on each node.

ManagedClusterAddonProfile

Name Type Required Value
config object No Key-value pairs for configuring an add-on.
enabled boolean Yes Whether the add-on is enabled or not.

ContainerServiceSshConfiguration object

Name Type Required Value
publicKeys array Yes The list of SSH public keys used to authenticate with Linux-based VMs. Only expect one key specified. - ContainerServiceSshPublicKey object

ManagedClusterPodIdentity object

Name Type Required Value
name string Yes Name of the pod identity.
namespace string Yes Namespace of the pod identity.
bindingSelector string No Binding selector to use for the AzureIdentityBinding resource.
identity object Yes Information of the user assigned identity. - UserAssignedIdentity object

ManagedClusterPodIdentityException object

Name Type Required Value
name string Yes Name of the pod identity exception.
namespace string Yes Namespace of the pod identity exception.
podLabels object Yes Pod labels to match.

ManagedClusterLoadBalancerProfile object

Name Type Required Value
managedOutboundIPs object No Desired managed outbound IPs for the cluster load balancer. - ManagedClusterLoadBalancerProfileManagedOutboundIPs object
outboundIPPrefixes object No Desired outbound IP Prefix resources for the cluster load balancer. - ManagedClusterLoadBalancerProfileOutboundIPPrefixes object
outboundIPs object No Desired outbound IP resources for the cluster load balancer. - ManagedClusterLoadBalancerProfileOutboundIPs object
effectiveOutboundIPs array No The effective outbound IP resources of the cluster load balancer. - ResourceReference object
allocatedOutboundPorts integer No Desired number of allocated SNAT ports per VM. Allowed values must be in the range of 0 to 64000 (inclusive). The default value is 0 which results in Azure dynamically allocating ports.
idleTimeoutInMinutes integer No Desired outbound flow idle timeout in minutes. Allowed values must be in the range of 4 to 120 (inclusive). The default value is 30 minutes.

SysctlConfig object

Name Type Required Value
netCoreSomaxconn integer No Sysctl setting net.core.somaxconn.
netCoreNetdevMaxBacklog integer No Sysctl setting net.core.netdev_max_backlog.
netCoreRmemDefault integer No Sysctl setting net.core.rmem_default.
netCoreRmemMax integer No Sysctl setting net.core.rmem_max.
netCoreWmemDefault integer No Sysctl setting net.core.wmem_default.
netCoreWmemMax integer No Sysctl setting net.core.wmem_max.
netCoreOptmemMax integer No Sysctl setting net.core.optmem_max.
netIpv4TcpMaxSynBacklog integer No Sysctl setting net.ipv4.tcp_max_syn_backlog.
netIpv4TcpMaxTwBuckets integer No Sysctl setting net.ipv4.tcp_max_tw_buckets.
netIpv4TcpFinTimeout integer No Sysctl setting net.ipv4.tcp_fin_timeout.
netIpv4TcpKeepaliveTime integer No Sysctl setting net.ipv4.tcp_keepalive_time.
netIpv4TcpKeepaliveProbes integer No Sysctl setting net.ipv4.tcp_keepalive_probes.
netIpv4TcpkeepaliveIntvl integer No Sysctl setting net.ipv4.tcp_keepalive_intvl.
netIpv4TcpTwReuse boolean No Sysctl setting net.ipv4.tcp_tw_reuse.
netIpv4IpLocalPortRange string No Sysctl setting net.ipv4.ip_local_port_range.
netIpv4NeighDefaultGcThresh1 integer No Sysctl setting net.ipv4.neigh.default.gc_thresh1.
netIpv4NeighDefaultGcThresh2 integer No Sysctl setting net.ipv4.neigh.default.gc_thresh2.
netIpv4NeighDefaultGcThresh3 integer No Sysctl setting net.ipv4.neigh.default.gc_thresh3.
netNetfilterNfConntrackMax integer No Sysctl setting net.netfilter.nf_conntrack_max.
netNetfilterNfConntrackBuckets integer No Sysctl setting net.netfilter.nf_conntrack_buckets.
fsInotifyMaxUserWatches integer No Sysctl setting fs.inotify.max_user_watches.
fsFileMax integer No Sysctl setting fs.file-max.
fsAioMaxNr integer No Sysctl setting fs.aio-max-nr.
fsNrOpen integer No Sysctl setting fs.nr_open.
kernelThreadsMax integer No Sysctl setting kernel.threads-max.
vmMaxMapCount integer No Sysctl setting vm.max_map_count.
vmSwappiness integer No Sysctl setting vm.swappiness.
vmVfsCachePressure integer No Sysctl setting vm.vfs_cache_pressure.

ContainerServiceSshPublicKey object

Name Type Required Value
keyData string Yes Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or without headers.

UserAssignedIdentity object

Name Type Required Value
resourceId string No The resource id of the user assigned identity.
clientId string No The client id of the user assigned identity.
objectId string No The object id of the user assigned identity.

ManagedClusterLoadBalancerProfileManagedOutboundIPs object

Name Type Required Value
count integer No Desired number of outbound IP created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 1.

ManagedClusterLoadBalancerProfileOutboundIPPrefixes object

Name Type Required Value
publicIPPrefixes array No A list of public IP prefix resources. - ResourceReference object

ManagedClusterLoadBalancerProfileOutboundIPs object

Name Type Required Value
publicIPs array No A list of public IP resources. - ResourceReference object

ResourceReference object

Name Type Required Value
id string No The fully qualified Azure resource id.

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
CI/CD using Jenkins on Azure Container Service (AKS)

Deploy to Azure
Containers make it very easy for you to continuously build and deploy your applications. By orchestrating deployment of those containers using Kubernetes in Azure Container Service, you can achieve replicable, manageable clusters of containers. By setting up a continuous build to produce your container images and orchestration, you can increase the speed and reliability of your deployment.
min.io Azure Gateway

Deploy to Azure
Fully private min.io Azure Gateway deployment to provide an S3 compliant storage API backed by blob storage
Create a Private AKS Cluster

Deploy to Azure
This sample shows how to create a private AKS cluster in a virtual network along with a jumpbox virtual machine.
Create a Private AKS Cluster with a Public DNS Zone

Deploy to Azure
This sample shows how to a deploy a private AKS cluster with a Public DNS Zone.
Deploy a managed Kubernetes Cluster (AKS).

Deploy to Azure
This ARM template demonstrates the deployment of an AKS instance with advanced networking features into an existing virtual network. Additionally, the chosen Service Principal is assigned the Network Contributor role against the subnet that contains the AKS cluster.
Deploy a managed Kubernetes Cluster (AKS).

Deploy to Azure
This ARM template demonstrates the deployment of an AKS instance with advanced networking features into an existing virtual network and Azure AD Integeration. Additionally, the chosen Service Principal is assigned the Network Contributor role against the subnet that contains the AKS cluster.
Deploy an AKS cluster for Azure ML

Deploy to Azure
This template allows you to deploy an entreprise compliant AKS cluster which can be attached to Azure ML
Azure Container Service (AKS)

Deploy to Azure
Deploy a managed cluster with Azure Container Service (AKS)
Azure Kubernetes Service (AKS)

Deploy to Azure
Deploys a managed Kubernetes cluster via Azure Kubernetes Service (AKS)
AKS cluster with the Application Gateway Ingress Controller

Deploy to Azure
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault