Microsoft.ContainerService managedClusters

Template format

To create a Microsoft.ContainerService/managedClusters resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.ContainerService/managedClusters",
  "apiVersion": "2020-09-01",
  "location": "string",
  "tags": {},
  "properties": {
    "kubernetesVersion": "string",
    "dnsPrefix": "string",
    "agentPoolProfiles": [
      {
        "count": "integer",
        "vmSize": "string",
        "osDiskSizeGB": "integer",
        "osDiskType": "string",
        "vnetSubnetID": "string",
        "maxPods": "integer",
        "osType": "string",
        "maxCount": "integer",
        "minCount": "integer",
        "enableAutoScaling": "boolean",
        "type": "string",
        "mode": "string",
        "orchestratorVersion": "string",
        "upgradeSettings": {
          "maxSurge": "string"
        },
        "availabilityZones": [
          "string"
        ],
        "enableNodePublicIP": "boolean",
        "scaleSetPriority": "string",
        "scaleSetEvictionPolicy": "string",
        "spotMaxPrice": "number",
        "tags": {},
        "nodeLabels": {},
        "nodeTaints": [
          "string"
        ],
        "proximityPlacementGroupID": "string",
        "name": "string"
      }
    ],
    "linuxProfile": {
      "adminUsername": "string",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "string"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "string",
      "adminPassword": "string",
      "licenseType": "string"
    },
    "servicePrincipalProfile": {
      "clientId": "string",
      "secret": "string"
    },
    "addonProfiles": {
      "config": {},
      "enabled": "boolean"
    },
    "nodeResourceGroup": "string",
    "enableRBAC": "boolean",
    "enablePodSecurityPolicy": "boolean",
    "networkProfile": {
      "networkPlugin": "string",
      "networkPolicy": "string",
      "networkMode": "string",
      "podCidr": "string",
      "serviceCidr": "string",
      "dnsServiceIP": "string",
      "dockerBridgeCidr": "string",
      "outboundType": "string",
      "loadBalancerSku": "string",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": "integer"
        },
        "outboundIPPrefixes": {
          "publicIPPrefixes": [
            {
              "id": "string"
            }
          ]
        },
        "outboundIPs": {
          "publicIPs": [
            {
              "id": "string"
            }
          ]
        },
        "effectiveOutboundIPs": [
          {
            "id": "string"
          }
        ],
        "allocatedOutboundPorts": "integer",
        "idleTimeoutInMinutes": "integer"
      }
    },
    "aadProfile": {
      "managed": "boolean",
      "enableAzureRBAC": "boolean",
      "adminGroupObjectIDs": [
        "string"
      ],
      "clientAppID": "string",
      "serverAppID": "string",
      "serverAppSecret": "string",
      "tenantID": "string"
    },
    "autoScalerProfile": {
      "balance-similar-node-groups": "string",
      "expander": "string",
      "max-empty-bulk-delete": "string",
      "max-graceful-termination-sec": "string",
      "max-total-unready-percentage": "string",
      "new-pod-scale-up-delay": "string",
      "ok-total-unready-count": "string",
      "scan-interval": "string",
      "scale-down-delay-after-add": "string",
      "scale-down-delay-after-delete": "string",
      "scale-down-delay-after-failure": "string",
      "scale-down-unneeded-time": "string",
      "scale-down-unready-time": "string",
      "scale-down-utilization-threshold": "string",
      "skip-nodes-with-local-storage": "string",
      "skip-nodes-with-system-pods": "string"
    },
    "apiServerAccessProfile": {
      "authorizedIPRanges": [
        "string"
      ],
      "enablePrivateCluster": "boolean"
    },
    "diskEncryptionSetID": "string",
    "identityProfile": {}
  },
  "identity": {
    "type": "string",
    "userAssignedIdentities": {}
  },
  "sku": {
    "name": "Basic",
    "tier": "string"
  },
  "resources": []
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.ContainerService/managedClusters object

Name Type Required Value
name string Yes The name of the managed cluster resource.
type enum Yes Microsoft.ContainerService/managedClusters
apiVersion enum Yes 2020-09-01
location string Yes Resource location
tags object No Resource tags
properties object Yes Properties of a managed cluster. - ManagedClusterProperties object
identity object No The identity of the managed cluster, if configured. - ManagedClusterIdentity object
sku object No The managed cluster SKU. - ManagedClusterSKU object
resources array No privateEndpointConnections agentPools

ManagedClusterProperties object

Name Type Required Value
kubernetesVersion string No Version of Kubernetes specified when creating the managed cluster.
dnsPrefix string No DNS prefix specified when creating the managed cluster.
agentPoolProfiles array No Properties of the agent pool. - ManagedClusterAgentPoolProfile object
linuxProfile object No Profile for Linux VMs in the container service cluster. - ContainerServiceLinuxProfile object
windowsProfile object No Profile for Windows VMs in the container service cluster. - ManagedClusterWindowsProfile object
servicePrincipalProfile object No Information about a service principal identity for the cluster to use for manipulating Azure APIs. - ManagedClusterServicePrincipalProfile object
addonProfiles object No Profile of managed cluster add-on. - ManagedClusterAddonProfile object
nodeResourceGroup string No Name of the resource group containing agent pool nodes.
enableRBAC boolean No Whether to enable Kubernetes Role-Based Access Control.
enablePodSecurityPolicy boolean No (DEPRECATING) Whether to enable Kubernetes pod security policy (preview). This feature is set for removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy.
networkProfile object No Profile of network configuration. - ContainerServiceNetworkProfile object
aadProfile object No Profile of Azure Active Directory configuration. - ManagedClusterAADProfile object
autoScalerProfile object No Parameters to be applied to the cluster-autoscaler when enabled - ManagedClusterPropertiesAutoScalerProfile object
apiServerAccessProfile object No Access profile for managed cluster API server. - ManagedClusterAPIServerAccessProfile object
diskEncryptionSetID string No ResourceId of the disk encryption set to use for enabling encryption at rest.
identityProfile object No Identities associated with the cluster.

ManagedClusterIdentity object

Name Type Required Value
type enum No The type of identity used for the managed cluster. Type 'SystemAssigned' will use an implicitly created identity in master components and an auto-created user assigned identity in MC_ resource group in agent nodes. Type 'None' will not use MSI for the managed cluster, service principal will be used instead. - SystemAssigned, UserAssigned, None
userAssignedIdentities object No The user identity associated with the managed cluster. This identity will be used in control plane and only one user assigned identity is allowed. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

ManagedClusterSKU object

Name Type Required Value
name enum No Name of a managed cluster SKU. - Basic
tier enum No Tier of a managed cluster SKU. - Paid or Free

ManagedClusterAgentPoolProfile object

Name Type Required Value
count integer No Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 100 (inclusive) for user pools and in the range of 1 to 100 (inclusive) for system pools. The default value is 1.
vmSize enum No Size of agent VMs. - Standard_A1, Standard_A10, Standard_A11, Standard_A1_v2, Standard_A2, Standard_A2_v2, Standard_A2m_v2, Standard_A3, Standard_A4, Standard_A4_v2, Standard_A4m_v2, Standard_A5, Standard_A6, Standard_A7, Standard_A8, Standard_A8_v2, Standard_A8m_v2, Standard_A9, Standard_B2ms, Standard_B2s, Standard_B4ms, Standard_B8ms, Standard_D1, Standard_D11, Standard_D11_v2, Standard_D11_v2_Promo, Standard_D12, Standard_D12_v2, Standard_D12_v2_Promo, Standard_D13, Standard_D13_v2, Standard_D13_v2_Promo, Standard_D14, Standard_D14_v2, Standard_D14_v2_Promo, Standard_D15_v2, Standard_D16_v3, Standard_D16s_v3, Standard_D1_v2, Standard_D2, Standard_D2_v2, Standard_D2_v2_Promo, Standard_D2_v3, Standard_D2s_v3, Standard_D3, Standard_D32_v3, Standard_D32s_v3, Standard_D3_v2, Standard_D3_v2_Promo, Standard_D4, Standard_D4_v2, Standard_D4_v2_Promo, Standard_D4_v3, Standard_D4s_v3, Standard_D5_v2, Standard_D5_v2_Promo, Standard_D64_v3, Standard_D64s_v3, Standard_D8_v3, Standard_D8s_v3, Standard_DS1, Standard_DS11, Standard_DS11_v2, Standard_DS11_v2_Promo, Standard_DS12, Standard_DS12_v2, Standard_DS12_v2_Promo, Standard_DS13, Standard_DS13-2_v2, Standard_DS13-4_v2, Standard_DS13_v2, Standard_DS13_v2_Promo, Standard_DS14, Standard_DS14-4_v2, Standard_DS14-8_v2, Standard_DS14_v2, Standard_DS14_v2_Promo, Standard_DS15_v2, Standard_DS1_v2, Standard_DS2, Standard_DS2_v2, Standard_DS2_v2_Promo, Standard_DS3, Standard_DS3_v2, Standard_DS3_v2_Promo, Standard_DS4, Standard_DS4_v2, Standard_DS4_v2_Promo, Standard_DS5_v2, Standard_DS5_v2_Promo, Standard_E16_v3, Standard_E16s_v3, Standard_E2_v3, Standard_E2s_v3, Standard_E32-16s_v3, Standard_E32-8s_v3, Standard_E32_v3, Standard_E32s_v3, Standard_E4_v3, Standard_E4s_v3, Standard_E64-16s_v3, Standard_E64-32s_v3, Standard_E64_v3, Standard_E64s_v3, Standard_E8_v3, Standard_E8s_v3, Standard_F1, Standard_F16, Standard_F16s, Standard_F16s_v2, Standard_F1s, Standard_F2, Standard_F2s, Standard_F2s_v2, Standard_F32s_v2, Standard_F4, Standard_F4s, Standard_F4s_v2, Standard_F64s_v2, Standard_F72s_v2, Standard_F8, Standard_F8s, Standard_F8s_v2, Standard_G1, Standard_G2, Standard_G3, Standard_G4, Standard_G5, Standard_GS1, Standard_GS2, Standard_GS3, Standard_GS4, Standard_GS4-4, Standard_GS4-8, Standard_GS5, Standard_GS5-16, Standard_GS5-8, Standard_H16, Standard_H16m, Standard_H16mr, Standard_H16r, Standard_H8, Standard_H8m, Standard_L16s, Standard_L32s, Standard_L4s, Standard_L8s, Standard_M128-32ms, Standard_M128-64ms, Standard_M128ms, Standard_M128s, Standard_M64-16ms, Standard_M64-32ms, Standard_M64ms, Standard_M64s, Standard_NC12, Standard_NC12s_v2, Standard_NC12s_v3, Standard_NC24, Standard_NC24r, Standard_NC24rs_v2, Standard_NC24rs_v3, Standard_NC24s_v2, Standard_NC24s_v3, Standard_NC6, Standard_NC6s_v2, Standard_NC6s_v3, Standard_ND12s, Standard_ND24rs, Standard_ND24s, Standard_ND6s, Standard_NV12, Standard_NV24, Standard_NV6
osDiskSizeGB integer No OS Disk Size in GB to be used to specify the disk size for every machine in this master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified.
osDiskType enum No OS disk type to be used for machines in a given agent pool. Allowed values are 'Ephemeral' and 'Managed'. Defaults to 'Managed'. May not be changed after creation. - Managed or Ephemeral
vnetSubnetID string No VNet SubnetID specifies the VNet's subnet identifier.
maxPods integer No Maximum number of pods that can run on a node.
osType enum No OsType to be used to specify os type. Choose from Linux and Windows. Default to Linux. - Linux or Windows
maxCount integer No Maximum number of nodes for auto-scaling
minCount integer No Minimum number of nodes for auto-scaling
enableAutoScaling boolean No Whether to enable auto-scaler
type enum No AgentPoolType represents types of an agent pool. - VirtualMachineScaleSets or AvailabilitySet
mode enum No AgentPoolMode represents mode of an agent pool. - System or User
orchestratorVersion string No Version of orchestrator specified when creating the managed cluster.
upgradeSettings object No Settings for upgrading the agentpool - AgentPoolUpgradeSettings object
availabilityZones array No Availability zones for nodes. Must use VirtualMachineScaleSets AgentPoolType. - string
enableNodePublicIP boolean No Enable public IP for nodes
scaleSetPriority enum No ScaleSetPriority to be used to specify virtual machine scale set priority. Default to regular. - Spot or Regular
scaleSetEvictionPolicy enum No ScaleSetEvictionPolicy to be used to specify eviction policy for Spot virtual machine scale set. Default to Delete. - Delete or Deallocate
spotMaxPrice number No SpotMaxPrice to be used to specify the maximum price you are willing to pay in US Dollars. Possible values are any decimal value greater than zero or -1 which indicates default price to be up-to on-demand.
tags object No Agent pool tags to be persisted on the agent pool virtual machine scale set.
nodeLabels object No Agent pool node labels to be persisted across all nodes in agent pool.
nodeTaints array No Taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. - string
proximityPlacementGroupID string No The ID for Proximity Placement Group.
name string Yes Unique name of the agent pool profile in the context of the subscription and resource group.

ContainerServiceLinuxProfile object

Name Type Required Value
adminUsername string Yes The administrator username to use for Linux VMs.
ssh object Yes SSH configuration for Linux-based VMs running on Azure. - ContainerServiceSshConfiguration object

ManagedClusterWindowsProfile object

Name Type Required Value
adminUsername string Yes The administrator username to use for Windows VMs.
adminPassword string No The administrator password to use for Windows VMs.
licenseType enum No The licenseType to use for Windows VMs. Windows_Server is used to enable Azure Hybrid User Benefits for Windows VMs. - None or Windows_Server

ManagedClusterServicePrincipalProfile object

Name Type Required Value
clientId string Yes The ID for the service principal.
secret string No The secret password associated with the service principal in plain text.

ContainerServiceNetworkProfile object

Name Type Required Value
networkPlugin enum No Network plugin used for building Kubernetes network. - azure or kubenet
networkPolicy enum No Network policy used for building Kubernetes network. - calico or azure
networkMode enum No Network mode used for building Kubernetes network. - transparent or bridge
podCidr string No A CIDR notation IP range from which to assign pod IPs when kubenet is used.
serviceCidr string No A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges.
dnsServiceIP string No An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr.
dockerBridgeCidr string No A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range.
outboundType enum No The outbound (egress) routing method. - loadBalancer or userDefinedRouting
loadBalancerSku enum No The load balancer sku for the managed cluster. - standard or basic
loadBalancerProfile object No Profile of the cluster load balancer. - ManagedClusterLoadBalancerProfile object

ManagedClusterAADProfile object

Name Type Required Value
managed boolean No Whether to enable managed AAD.
enableAzureRBAC boolean No Whether to enable Azure RBAC for Kubernetes authorization.
adminGroupObjectIDs array No AAD group object IDs that will have admin role of the cluster. - string
clientAppID string No The client AAD application ID.
serverAppID string No The server AAD application ID.
serverAppSecret string No The server AAD application secret.
tenantID string No The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment subscription.

ManagedClusterPropertiesAutoScalerProfile object

Name Type Required Value
balance-similar-node-groups string No
expander enum No least-waste, most-pods, random
max-empty-bulk-delete string No
max-graceful-termination-sec string No
max-total-unready-percentage string No
new-pod-scale-up-delay string No
ok-total-unready-count string No
scan-interval string No
scale-down-delay-after-add string No
scale-down-delay-after-delete string No
scale-down-delay-after-failure string No
scale-down-unneeded-time string No
scale-down-unready-time string No
scale-down-utilization-threshold string No
skip-nodes-with-local-storage string No
skip-nodes-with-system-pods string No

ManagedClusterAPIServerAccessProfile object

Name Type Required Value
authorizedIPRanges array No Authorized IP Ranges to kubernetes API server. - string
enablePrivateCluster boolean No Whether to create the cluster as a private cluster or not.

AgentPoolUpgradeSettings object

Name Type Required Value
maxSurge string No Count or percentage of additional nodes to be added during upgrade. If empty uses AKS default

ManagedClusterAddonProfile

Name Type Required Value
config object No Key-value pairs for configuring an add-on.
enabled boolean Yes Whether the add-on is enabled or not.

ContainerServiceSshConfiguration object

Name Type Required Value
publicKeys array Yes The list of SSH public keys used to authenticate with Linux-based VMs. Only expect one key specified. - ContainerServiceSshPublicKey object

ManagedClusterLoadBalancerProfile object

Name Type Required Value
managedOutboundIPs object No Desired managed outbound IPs for the cluster load balancer. - ManagedClusterLoadBalancerProfileManagedOutboundIPs object
outboundIPPrefixes object No Desired outbound IP Prefix resources for the cluster load balancer. - ManagedClusterLoadBalancerProfileOutboundIPPrefixes object
outboundIPs object No Desired outbound IP resources for the cluster load balancer. - ManagedClusterLoadBalancerProfileOutboundIPs object
effectiveOutboundIPs array No The effective outbound IP resources of the cluster load balancer. - ResourceReference object
allocatedOutboundPorts integer No Desired number of allocated SNAT ports per VM. Allowed values must be in the range of 0 to 64000 (inclusive). The default value is 0 which results in Azure dynamically allocating ports.
idleTimeoutInMinutes integer No Desired outbound flow idle timeout in minutes. Allowed values must be in the range of 4 to 120 (inclusive). The default value is 30 minutes.

ContainerServiceSshPublicKey object

Name Type Required Value
keyData string Yes Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or without headers.

ManagedClusterLoadBalancerProfileManagedOutboundIPs object

Name Type Required Value
count integer No Desired number of outbound IP created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 1.

ManagedClusterLoadBalancerProfileOutboundIPPrefixes object

Name Type Required Value
publicIPPrefixes array No A list of public IP prefix resources. - ResourceReference object

ManagedClusterLoadBalancerProfileOutboundIPs object

Name Type Required Value
publicIPs array No A list of public IP resources. - ResourceReference object

ResourceReference object

Name Type Required Value
id string No The fully qualified Azure resource id.

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Azure Container Service (AKS)

Deploy to Azure
Deploy a managed cluster with Azure Container Service (AKS)
Deploy a managed Kubernetes Cluster (AKS).

Deploy to Azure
This ARM template demonstrates the deployment of an AKS instance with advanced networking features into an existing virtual network. Additionally, the chosen Service Principal is assigned the Network Contributor role against the subnet that contains the AKS cluster.
Deploy a managed Kubernetes Cluster (AKS).

Deploy to Azure
This ARM template demonstrates the deployment of an AKS instance with advanced networking features into an existing virtual network and Azure AD Integeration. Additionally, the chosen Service Principal is assigned the Network Contributor role against the subnet that contains the AKS cluster.
Deploy an AKS cluster for Azure ML

Deploy to Azure
This template allows you to deploy an entreprise compliant AKS cluster which can be attached to Azure ML
Zero-downtime Deployment to AKS with Jenkins

Deploy to Azure
This template allows you to do zero-downtime deployment to AKS Kubernetes cluster with Jenkins. It deploys an instance of Jenkins on a Linux Ubuntu 16.04 LTS VM and an Azure Kubernetes Service (AKS). The Jenkins instance will configured with jobs to deploy Tomcat container to the AKS Kubernetes in RollingUpdate or blue/green strategy without downtime.
CI/CD using Jenkins on Azure Container Service (AKS)

Deploy to Azure
Containers make it very easy for you to continuously build and deploy your applications. By orchestrating deployment of those containers using Kubernetes in Azure Container Service, you can achieve replicable, manageable clusters of containers. By setting up a continuous build to produce your container images and orchestration, you can increase the speed and reliability of your deployment.