您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Microsoft.ContainerService managedClusters 2019-06-01

The managedClusters resource type can be deployed to: Resource groups.

To learn about resource group deployments, see Bicep or ARM template.

Template format

To create a Microsoft.ContainerService/managedClusters resource, add the following Bicep or JSON to your template.

resource symbolicname 'Microsoft.ContainerService/managedClusters@2019-06-01' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  }
  identity: {
    type: 'string'
  }
  properties: {
    aadProfile: {
      clientAppID: 'string'
      serverAppID: 'string'
      serverAppSecret: 'string'
      tenantID: 'string'
    }
    addonProfiles: {}
    agentPoolProfiles: [
      {
        availabilityZones: [ 'string' ]
        count: int
        enableAutoScaling: bool
        enableNodePublicIP: bool
        maxCount: int
        maxPods: int
        minCount: int
        name: 'string'
        nodeTaints: [ 'string' ]
        orchestratorVersion: 'string'
        osDiskSizeGB: int
        osType: 'string'
        scaleSetEvictionPolicy: 'string'
        scaleSetPriority: 'string'
        type: 'string'
        vmSize: 'string'
        vnetSubnetID: 'string'
      }
    ]
    apiServerAuthorizedIPRanges: [ 'string' ]
    dnsPrefix: 'string'
    enablePodSecurityPolicy: bool
    enableRBAC: bool
    kubernetesVersion: 'string'
    linuxProfile: {
      adminUsername: 'string'
      ssh: {
        publicKeys: [
          {
            keyData: 'string'
          }
        ]
      }
    }
    networkProfile: {
      dnsServiceIP: 'string'
      dockerBridgeCidr: 'string'
      loadBalancerSku: 'string'
      networkPlugin: 'string'
      networkPolicy: 'string'
      podCidr: 'string'
      serviceCidr: 'string'
    }
    nodeResourceGroup: 'string'
    servicePrincipalProfile: {
      clientId: 'string'
      secret: 'string'
    }
    windowsProfile: {
      adminPassword: 'string'
      adminUsername: 'string'
    }
  }
}

Property values

managedClusters

Name Description Value
type The resource type

For Bicep, set this value in the resource declaration.
'Microsoft.ContainerService/managedClusters'
apiVersion The resource api version

For Bicep, set this value in the resource declaration.
'2019-06-01'
name The resource name string (required)
location Resource location string (required)
tags Resource tags Dictionary of tag names and values. See Tags in templates
identity Identity for the managed cluster. ManagedClusterIdentity
properties Properties of the managed cluster. ManagedClusterProperties

ManagedClusterIdentity

Name Description Value
type The type of identity used for the managed cluster. Type 'SystemAssigned' will use an implicitly created identity in master components and an auto-created user assigned identity in MC_ resource group in agent nodes. Type 'None' will not use MSI for the managed cluster, service principal will be used instead. 'None'
'SystemAssigned'

ManagedClusterProperties

Name Description Value
aadProfile AADProfile specifies attributes for Azure Active Directory integration. ManagedClusterAADProfile
addonProfiles Profile of managed cluster add-on. object
agentPoolProfiles Properties of the agent pool. ManagedClusterAgentPoolProfile[]
apiServerAuthorizedIPRanges (PREVIEW) Authorized IP Ranges to kubernetes API server. string[]
dnsPrefix DNS prefix specified when creating the managed cluster. string
enablePodSecurityPolicy (DEPRECATING) Whether to enable Kubernetes pod security policy (preview). This feature is set for removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy. bool
enableRBAC Whether to enable Kubernetes Role-Based Access Control. bool
kubernetesVersion Version of Kubernetes specified when creating the managed cluster. string
linuxProfile Profile for Linux VMs in the container service cluster. ContainerServiceLinuxProfile
networkProfile Profile of network configuration. ContainerServiceNetworkProfile
nodeResourceGroup Name of the resource group containing agent pool nodes. string
servicePrincipalProfile Information about a service principal identity for the cluster to use for manipulating Azure APIs. ManagedClusterServicePrincipalProfile
windowsProfile Profile for Windows VMs in the container service cluster. ManagedClusterWindowsProfile

ManagedClusterAADProfile

Name Description Value
clientAppID The client AAD application ID. string (required)
serverAppID The server AAD application ID. string (required)
serverAppSecret The server AAD application secret. string
tenantID The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment subscription. string

ManagedClusterAgentPoolProfile

Name Description Value
availabilityZones (PREVIEW) Availability zones for nodes. Must use VirtualMachineScaleSets AgentPoolType. string[]
count Number of agents (VMs) to host docker containers. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 1. int
enableAutoScaling Whether to enable auto-scaler bool
enableNodePublicIP Enable public IP for nodes bool
maxCount Maximum number of nodes for auto-scaling int
maxPods Maximum number of pods that can run on a node. int
minCount Minimum number of nodes for auto-scaling int
name Unique name of the agent pool profile in the context of the subscription and resource group. string (required)
nodeTaints Taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. string[]
orchestratorVersion Version of orchestrator specified when creating the managed cluster. string
osDiskSizeGB OS Disk Size in GB to be used to specify the disk size for every machine in this master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified. int
osType OsType to be used to specify os type. Choose from Linux and Windows. Default to Linux. 'Linux'
'Windows'
scaleSetEvictionPolicy ScaleSetEvictionPolicy to be used to specify eviction policy for low priority virtual machine scale set. Default to Delete. 'Deallocate'
'Delete'
scaleSetPriority ScaleSetPriority to be used to specify virtual machine scale set priority. Default to regular. 'Low'
'Regular'
type AgentPoolType represents types of an agent pool. VirtualMachineScaleSets type is still in PREVIEW. 'AvailabilitySet'
'VirtualMachineScaleSets'
vmSize Size of agent VMs. 'Standard_A1'
'Standard_A10'
'Standard_A11'
'Standard_A1_v2'
'Standard_A2'
'Standard_A2_v2'
'Standard_A2m_v2'
'Standard_A3'
'Standard_A4'
'Standard_A4_v2'
'Standard_A4m_v2'
'Standard_A5'
'Standard_A6'
'Standard_A7'
'Standard_A8'
'Standard_A8_v2'
'Standard_A8m_v2'
'Standard_A9'
'Standard_B2ms'
'Standard_B2s'
'Standard_B4ms'
'Standard_B8ms'
'Standard_D1'
'Standard_D11'
'Standard_D11_v2'
'Standard_D11_v2_Promo'
'Standard_D12'
'Standard_D12_v2'
'Standard_D12_v2_Promo'
'Standard_D13'
'Standard_D13_v2'
'Standard_D13_v2_Promo'
'Standard_D14'
'Standard_D14_v2'
'Standard_D14_v2_Promo'
'Standard_D15_v2'
'Standard_D16_v3'
'Standard_D16s_v3'
'Standard_D1_v2'
'Standard_D2'
'Standard_D2_v2'
'Standard_D2_v2_Promo'
'Standard_D2_v3'
'Standard_D2s_v3'
'Standard_D3'
'Standard_D32_v3'
'Standard_D32s_v3'
'Standard_D3_v2'
'Standard_D3_v2_Promo'
'Standard_D4'
'Standard_D4_v2'
'Standard_D4_v2_Promo'
'Standard_D4_v3'
'Standard_D4s_v3'
'Standard_D5_v2'
'Standard_D5_v2_Promo'
'Standard_D64_v3'
'Standard_D64s_v3'
'Standard_D8_v3'
'Standard_D8s_v3'
'Standard_DS1'
'Standard_DS11'
'Standard_DS11_v2'
'Standard_DS11_v2_Promo'
'Standard_DS12'
'Standard_DS12_v2'
'Standard_DS12_v2_Promo'
'Standard_DS13'
'Standard_DS13-2_v2'
'Standard_DS13-4_v2'
'Standard_DS13_v2'
'Standard_DS13_v2_Promo'
'Standard_DS14'
'Standard_DS14-4_v2'
'Standard_DS14-8_v2'
'Standard_DS14_v2'
'Standard_DS14_v2_Promo'
'Standard_DS15_v2'
'Standard_DS1_v2'
'Standard_DS2'
'Standard_DS2_v2'
'Standard_DS2_v2_Promo'
'Standard_DS3'
'Standard_DS3_v2'
'Standard_DS3_v2_Promo'
'Standard_DS4'
'Standard_DS4_v2'
'Standard_DS4_v2_Promo'
'Standard_DS5_v2'
'Standard_DS5_v2_Promo'
'Standard_E16_v3'
'Standard_E16s_v3'
'Standard_E2_v3'
'Standard_E2s_v3'
'Standard_E32-16s_v3'
'Standard_E32-8s_v3'
'Standard_E32_v3'
'Standard_E32s_v3'
'Standard_E4_v3'
'Standard_E4s_v3'
'Standard_E64-16s_v3'
'Standard_E64-32s_v3'
'Standard_E64_v3'
'Standard_E64s_v3'
'Standard_E8_v3'
'Standard_E8s_v3'
'Standard_F1'
'Standard_F16'
'Standard_F16s'
'Standard_F16s_v2'
'Standard_F1s'
'Standard_F2'
'Standard_F2s'
'Standard_F2s_v2'
'Standard_F32s_v2'
'Standard_F4'
'Standard_F4s'
'Standard_F4s_v2'
'Standard_F64s_v2'
'Standard_F72s_v2'
'Standard_F8'
'Standard_F8s'
'Standard_F8s_v2'
'Standard_G1'
'Standard_G2'
'Standard_G3'
'Standard_G4'
'Standard_G5'
'Standard_GS1'
'Standard_GS2'
'Standard_GS3'
'Standard_GS4'
'Standard_GS4-4'
'Standard_GS4-8'
'Standard_GS5'
'Standard_GS5-16'
'Standard_GS5-8'
'Standard_H16'
'Standard_H16m'
'Standard_H16mr'
'Standard_H16r'
'Standard_H8'
'Standard_H8m'
'Standard_L16s'
'Standard_L32s'
'Standard_L4s'
'Standard_L8s'
'Standard_M128-32ms'
'Standard_M128-64ms'
'Standard_M128ms'
'Standard_M128s'
'Standard_M64-16ms'
'Standard_M64-32ms'
'Standard_M64ms'
'Standard_M64s'
'Standard_NC12'
'Standard_NC12s_v2'
'Standard_NC12s_v3'
'Standard_NC24'
'Standard_NC24r'
'Standard_NC24rs_v2'
'Standard_NC24rs_v3'
'Standard_NC24s_v2'
'Standard_NC24s_v3'
'Standard_NC6'
'Standard_NC6s_v2'
'Standard_NC6s_v3'
'Standard_ND12s'
'Standard_ND24rs'
'Standard_ND24s'
'Standard_ND6s'
'Standard_NV12'
'Standard_NV24'
'Standard_NV6'
vnetSubnetID VNet SubnetID specifies the VNet's subnet identifier. string

ContainerServiceLinuxProfile

Name Description Value
adminUsername The administrator username to use for Linux VMs. string (required)
ssh SSH configuration for Linux-based VMs running on Azure. ContainerServiceSshConfiguration (required)

ContainerServiceSshConfiguration

Name Description Value
publicKeys The list of SSH public keys used to authenticate with Linux-based VMs. Only expect one key specified. ContainerServiceSshPublicKey[] (required)

ContainerServiceSshPublicKey

Name Description Value
keyData Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or without headers. string (required)

ContainerServiceNetworkProfile

Name Description Value
dnsServiceIP An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. string
dockerBridgeCidr A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range. string
loadBalancerSku The load balancer sku for the managed cluster. 'basic'
'standard'
networkPlugin Network plugin used for building Kubernetes network. 'azure'
'kubenet'
networkPolicy Network policy used for building Kubernetes network. 'azure'
'calico'
podCidr A CIDR notation IP range from which to assign pod IPs when kubenet is used. string
serviceCidr A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. string

ManagedClusterServicePrincipalProfile

Name Description Value
clientId The ID for the service principal. string (required)
secret The secret password associated with the service principal in plain text. string

ManagedClusterWindowsProfile

Name Description Value
adminPassword Specifies the password of the administrator account.

Minimum-length: 8 characters

Max-length: 123 characters

Complexity requirements: 3 out of 4 conditions below need to be fulfilled
Has lower characters
Has upper characters
Has a digit
Has a special character (Regex match [\W_])

Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!"
string
adminUsername Specifies the name of the administrator account.

restriction: Cannot end in "."

Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5".

Minimum-length: 1 character

Max-length: 20 characters
string (required)

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
CI/CD using Jenkins on Azure Container Service (AKS)

Deploy to Azure
Containers make it very easy for you to continuously build and deploy your applications. By orchestrating deployment of those containers using Kubernetes in Azure Container Service, you can achieve replicable, manageable clusters of containers. By setting up a continuous build to produce your container images and orchestration, you can increase the speed and reliability of your deployment.
min.io Azure Gateway

Deploy to Azure
Fully private min.io Azure Gateway deployment to provide an S3 compliant storage API backed by blob storage
Create a Private AKS Cluster

Deploy to Azure
This sample shows how to create a private AKS cluster in a virtual network along with a jumpbox virtual machine.
Create a Private AKS Cluster with a Public DNS Zone

Deploy to Azure
This sample shows how to a deploy a private AKS cluster with a Public DNS Zone.
Deploy a managed Kubernetes Cluster (AKS).

Deploy to Azure
This ARM template demonstrates the deployment of an AKS instance with advanced networking features into an existing virtual network. Additionally, the chosen Service Principal is assigned the Network Contributor role against the subnet that contains the AKS cluster.
Deploy a managed Kubernetes Cluster (AKS).

Deploy to Azure
This ARM template demonstrates the deployment of an AKS instance with advanced networking features into an existing virtual network and Azure AD Integeration. Additionally, the chosen Service Principal is assigned the Network Contributor role against the subnet that contains the AKS cluster.
Deploy an AKS cluster for Azure ML

Deploy to Azure
This template allows you to deploy an entreprise compliant AKS cluster which can be attached to Azure ML
Azure Container Service (AKS)

Deploy to Azure
Deploy a managed cluster with Azure Container Service (AKS)
Azure Kubernetes Service (AKS)

Deploy to Azure
Deploys a managed Kubernetes cluster via Azure Kubernetes Service (AKS)
AKS cluster with the Application Gateway Ingress Controller

Deploy to Azure
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault