Microsoft.KubernetesConfiguration extensions

Bicep resource definition

The extensions resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.KubernetesConfiguration/extensions resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.KubernetesConfiguration/extensions@2025-03-01' = {
  scope: resourceSymbolicName or scope
  identity: {
    type: 'SystemAssigned'
  }
  managedBy: 'string'
  name: 'string'
  plan: {
    name: 'string'
    product: 'string'
    promotionCode: 'string'
    publisher: 'string'
    version: 'string'
  }
  properties: {
    additionalDetails: {
      docs: 'string'
      releaseNotes: 'string'
      troubleshootingGuide: 'string'
    }
    aksAssignedIdentity: {
      clientId: 'string'
      objectId: 'string'
      resourceId: 'string'
      type: 'string'
    }
    autoUpgradeMinorVersion: bool
    autoUpgradeMode: 'string'
    configurationProtectedSettings: {
      {customized property}: 'string'
    }
    configurationSettings: {
      {customized property}: 'string'
    }
    extensionType: 'string'
    managementDetails: {
      accessDetails: [
        {
          allowedActions: [
            'string'
          ]
          description: 'string'
          entity: 'string'
        }
      ]
      category: 'string'
    }
    releaseTrain: 'string'
    scope: {
      cluster: {
        releaseNamespace: 'string'
      }
      namespace: {
        targetNamespace: 'string'
      }
    }
    statuses: [
      {
        code: 'string'
        displayStatus: 'string'
        level: 'string'
        message: 'string'
        time: 'string'
      }
    ]
    version: 'string'
  }
}

Property Values

Microsoft.KubernetesConfiguration/extensions

Name	Description	Value
identity	Identity of the Extension resource	Identity
managedBy	The fully qualified resource ID of the resource that manages this resource. Indicates if this resource is managed by another Azure resource. If this is present, complete mode deployment will not delete the resource if it is removed from the template since it is managed by another resource.	string
name	The resource name	string (required)
plan	Details of the resource plan.	Plan
properties	Properties of an Extension resource	ExtensionProperties
scope	Use when creating a resource at a scope that is different than the deployment scope.	Set this property to the symbolic name of a resource to apply the extension resource.

AccessDetail

Name	Description	Value
allowedActions	The list of allowed actions for the entity	string[]
description	The description of the entity	string
entity	The entity to which the access details apply	string

AdditionalDetails

Name	Description	Value
docs	Documentation for the extension.	string
releaseNotes	Release Notes of the extension.	string
troubleshootingGuide	Troubleshooting guide for the extension.	string

ExtensionProperties

Name	Description	Value
additionalDetails	Additional details provided by the publisher of the extension.	AdditionalDetails
aksAssignedIdentity	Identity of the Extension resource in an AKS cluster	ExtensionPropertiesAksAssignedIdentity
autoUpgradeMinorVersion	Flag to note if this extension participates in auto upgrade of minor version, or not.	bool
autoUpgradeMode	The upgrade mode for auto upgrade. The default is "compatible".	'compatible' 'none' 'patch'
configurationProtectedSettings	Configuration settings that are sensitive, as name-value pairs for configuring this extension.	ExtensionPropertiesConfigurationProtectedSettings
configurationSettings	Configuration settings, as name-value pairs for configuring this extension.	ExtensionPropertiesConfigurationSettings
extensionType	Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types registered with Microsoft.KubernetesConfiguration by the Extension publisher.	string
managementDetails	Management details of the extension	ManagementDetails
releaseTrain	ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if autoUpgradeMinorVersion is 'true'.	string
scope	Scope at which the extension is installed.	Scope
statuses	Status from this extension.	ExtensionStatus[]
version	User-specified version of the extension for this extension to 'pin'. To use 'version', autoUpgradeMinorVersion must be 'false'.	string

ExtensionPropertiesAksAssignedIdentity

Name	Description	Value
clientId	The client ID of resource identity.	string
objectId	The object ID of resource identity.	string
resourceId	The ID of the resource identity.	string
type	The identity type.	'SystemAssigned' 'UserAssigned' 'Workload'

ExtensionPropertiesConfigurationProtectedSettings

Name	Description	Value

ExtensionPropertiesConfigurationSettings

Name	Description	Value

ExtensionStatus

Name	Description	Value
code	Status code provided by the Extension	string
displayStatus	Short description of status of the extension.	string
level	Level of the status.	'Error' 'Information' 'Warning'
message	Detailed message of the status from the Extension.	string
time	DateLiteral (per ISO8601) noting the time of installation status.	string

Identity

Name	Description	Value
type	The identity type.	'SystemAssigned'

ManagementDetails

Name	Description	Value
accessDetails	The list of access details of the managing entity	AccessDetail[]
category	The category of the managing entity	string

Plan

Name	Description	Value
name	A user defined name of the 3rd Party Artifact that is being procured.	string (required)
product	The 3rd Party artifact that is being procured. E.g. NewRelic. Product maps to the OfferID specified for the artifact at the time of Data Market onboarding.	string (required)
promotionCode	A publisher provided promotion code as provisioned in Data Market for the said product/artifact.	string
publisher	The publisher of the 3rd Party Artifact that is being bought. E.g. NewRelic	string (required)
version	The version of the desired product/artifact.	string

Scope

Name	Description	Value
cluster	Specifies that the scope of the extension is Cluster	ScopeCluster
namespace	Specifies that the scope of the extension is Namespace	ScopeNamespace

ScopeCluster

Name	Description	Value
releaseNamespace	Namespace where the extension Release must be placed, for a Cluster scoped extension. If this namespace does not exist, it will be created	string

ScopeNamespace

Name	Description	Value
targetNamespace	Namespace where the extension will be created for an Namespace scoped extension. If this namespace does not exist, it will be created	string

Usage Examples

Bicep Samples

A basic example of deploying Kubernetes Cluster Extension.

param resourceName string = 'acctest0001'
param location string = 'westeurope'

resource extension 'Microsoft.KubernetesConfiguration/extensions@2022-11-01' = {
  scope: managedCluster
  name: resourceName
  properties: {
    autoUpgradeMinorVersion: true
    extensionType: 'microsoft.flux'
  }
}

resource managedCluster 'Microsoft.ContainerService/managedClusters@2023-04-02-preview' = {
  name: resourceName
  location: location
  properties: {
    agentPoolProfiles: [
      {
        count: 1
        mode: 'System'
        name: 'default'
        vmSize: 'Standard_DS2_v2'
      }
    ]
    dnsPrefix: 'acctest0001'
  }
}

Azure Verified Modules

The following Azure Verified Modules can be used to deploy this resource type.

Module	Description
Kubernetes Configuration Extension	AVM Resource Module for Kubernetes Configuration Extension

ARM template resource definition

The extensions resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.KubernetesConfiguration/extensions resource, add the following JSON to your template.

{
  "type": "Microsoft.KubernetesConfiguration/extensions",
  "apiVersion": "2025-03-01",
  "name": "string",
  "identity": {
    "type": "SystemAssigned"
  },
  "managedBy": "string",
  "plan": {
    "name": "string",
    "product": "string",
    "promotionCode": "string",
    "publisher": "string",
    "version": "string"
  },
  "properties": {
    "additionalDetails": {
      "docs": "string",
      "releaseNotes": "string",
      "troubleshootingGuide": "string"
    },
    "aksAssignedIdentity": {
      "clientId": "string",
      "objectId": "string",
      "resourceId": "string",
      "type": "string"
    },
    "autoUpgradeMinorVersion": "bool",
    "autoUpgradeMode": "string",
    "configurationProtectedSettings": {
      "{customized property}": "string"
    },
    "configurationSettings": {
      "{customized property}": "string"
    },
    "extensionType": "string",
    "managementDetails": {
      "accessDetails": [
        {
          "allowedActions": [ "string" ],
          "description": "string",
          "entity": "string"
        }
      ],
      "category": "string"
    },
    "releaseTrain": "string",
    "scope": {
      "cluster": {
        "releaseNamespace": "string"
      },
      "namespace": {
        "targetNamespace": "string"
      }
    },
    "statuses": [
      {
        "code": "string",
        "displayStatus": "string",
        "level": "string",
        "message": "string",
        "time": "string"
      }
    ],
    "version": "string"
  }
}

Property Values

Microsoft.KubernetesConfiguration/extensions

Name	Description	Value
apiVersion	The api version	'2025-03-01'
identity	Identity of the Extension resource	Identity
managedBy	The fully qualified resource ID of the resource that manages this resource. Indicates if this resource is managed by another Azure resource. If this is present, complete mode deployment will not delete the resource if it is removed from the template since it is managed by another resource.	string
name	The resource name	string (required)
plan	Details of the resource plan.	Plan
properties	Properties of an Extension resource	ExtensionProperties
type	The resource type	'Microsoft.KubernetesConfiguration/extensions'

AccessDetail

Name	Description	Value
allowedActions	The list of allowed actions for the entity	string[]
description	The description of the entity	string
entity	The entity to which the access details apply	string

AdditionalDetails

Name	Description	Value
docs	Documentation for the extension.	string
releaseNotes	Release Notes of the extension.	string
troubleshootingGuide	Troubleshooting guide for the extension.	string

ExtensionProperties

Name	Description	Value
additionalDetails	Additional details provided by the publisher of the extension.	AdditionalDetails
aksAssignedIdentity	Identity of the Extension resource in an AKS cluster	ExtensionPropertiesAksAssignedIdentity
autoUpgradeMinorVersion	Flag to note if this extension participates in auto upgrade of minor version, or not.	bool
autoUpgradeMode	The upgrade mode for auto upgrade. The default is "compatible".	'compatible' 'none' 'patch'
configurationProtectedSettings	Configuration settings that are sensitive, as name-value pairs for configuring this extension.	ExtensionPropertiesConfigurationProtectedSettings
configurationSettings	Configuration settings, as name-value pairs for configuring this extension.	ExtensionPropertiesConfigurationSettings
extensionType	Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types registered with Microsoft.KubernetesConfiguration by the Extension publisher.	string
managementDetails	Management details of the extension	ManagementDetails
releaseTrain	ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if autoUpgradeMinorVersion is 'true'.	string
scope	Scope at which the extension is installed.	Scope
statuses	Status from this extension.	ExtensionStatus[]
version	User-specified version of the extension for this extension to 'pin'. To use 'version', autoUpgradeMinorVersion must be 'false'.	string

ExtensionPropertiesAksAssignedIdentity

Name	Description	Value
clientId	The client ID of resource identity.	string
objectId	The object ID of resource identity.	string
resourceId	The ID of the resource identity.	string
type	The identity type.	'SystemAssigned' 'UserAssigned' 'Workload'

ExtensionPropertiesConfigurationProtectedSettings

Name	Description	Value

ExtensionPropertiesConfigurationSettings

Name	Description	Value

ExtensionStatus

Name	Description	Value
code	Status code provided by the Extension	string
displayStatus	Short description of status of the extension.	string
level	Level of the status.	'Error' 'Information' 'Warning'
message	Detailed message of the status from the Extension.	string
time	DateLiteral (per ISO8601) noting the time of installation status.	string

Identity

Name	Description	Value
type	The identity type.	'SystemAssigned'

ManagementDetails

Name	Description	Value
accessDetails	The list of access details of the managing entity	AccessDetail[]
category	The category of the managing entity	string

Plan

Name	Description	Value
name	A user defined name of the 3rd Party Artifact that is being procured.	string (required)
product	The 3rd Party artifact that is being procured. E.g. NewRelic. Product maps to the OfferID specified for the artifact at the time of Data Market onboarding.	string (required)
promotionCode	A publisher provided promotion code as provisioned in Data Market for the said product/artifact.	string
publisher	The publisher of the 3rd Party Artifact that is being bought. E.g. NewRelic	string (required)
version	The version of the desired product/artifact.	string

Scope

Name	Description	Value
cluster	Specifies that the scope of the extension is Cluster	ScopeCluster
namespace	Specifies that the scope of the extension is Namespace	ScopeNamespace

ScopeCluster

Name	Description	Value
releaseNamespace	Namespace where the extension Release must be placed, for a Cluster scoped extension. If this namespace does not exist, it will be created	string

ScopeNamespace

Name	Description	Value
targetNamespace	Namespace where the extension will be created for an Namespace scoped extension. If this namespace does not exist, it will be created	string

Usage Examples

Terraform (AzAPI provider) resource definition

The extensions resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.KubernetesConfiguration/extensions resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.KubernetesConfiguration/extensions@2025-03-01"
  name = "string"
  parent_id = "string"
  identity {
    type = "string"
    identity_ids = [
      "string"
    ]
  }
  body = {
    managedBy = "string"
    plan = {
      name = "string"
      product = "string"
      promotionCode = "string"
      publisher = "string"
      version = "string"
    }
    properties = {
      additionalDetails = {
        docs = "string"
        releaseNotes = "string"
        troubleshootingGuide = "string"
      }
      aksAssignedIdentity = {
        clientId = "string"
        objectId = "string"
        resourceId = "string"
        type = "string"
      }
      autoUpgradeMinorVersion = bool
      autoUpgradeMode = "string"
      configurationProtectedSettings = {
        {customized property} = "string"
      }
      configurationSettings = {
        {customized property} = "string"
      }
      extensionType = "string"
      managementDetails = {
        accessDetails = [
          {
            allowedActions = [
              "string"
            ]
            description = "string"
            entity = "string"
          }
        ]
        category = "string"
      }
      releaseTrain = "string"
      scope = {
        cluster = {
          releaseNamespace = "string"
        }
        namespace = {
          targetNamespace = "string"
        }
      }
      statuses = [
        {
          code = "string"
          displayStatus = "string"
          level = "string"
          message = "string"
          time = "string"
        }
      ]
      version = "string"
    }
  }
}

Property Values

Microsoft.KubernetesConfiguration/extensions

Name	Description	Value
identity	Identity of the Extension resource	Identity
managedBy	The fully qualified resource ID of the resource that manages this resource. Indicates if this resource is managed by another Azure resource. If this is present, complete mode deployment will not delete the resource if it is removed from the template since it is managed by another resource.	string
name	The resource name	string (required)
parent_id	The ID of the resource to apply this extension resource to.	string (required)
plan	Details of the resource plan.	Plan
properties	Properties of an Extension resource	ExtensionProperties
type	The resource type	"Microsoft.KubernetesConfiguration/extensions@2025-03-01"

AccessDetail

Name	Description	Value
allowedActions	The list of allowed actions for the entity	string[]
description	The description of the entity	string
entity	The entity to which the access details apply	string

AdditionalDetails

Name	Description	Value
docs	Documentation for the extension.	string
releaseNotes	Release Notes of the extension.	string
troubleshootingGuide	Troubleshooting guide for the extension.	string

ExtensionProperties

Name	Description	Value
additionalDetails	Additional details provided by the publisher of the extension.	AdditionalDetails
aksAssignedIdentity	Identity of the Extension resource in an AKS cluster	ExtensionPropertiesAksAssignedIdentity
autoUpgradeMinorVersion	Flag to note if this extension participates in auto upgrade of minor version, or not.	bool
autoUpgradeMode	The upgrade mode for auto upgrade. The default is "compatible".	'compatible' 'none' 'patch'
configurationProtectedSettings	Configuration settings that are sensitive, as name-value pairs for configuring this extension.	ExtensionPropertiesConfigurationProtectedSettings
configurationSettings	Configuration settings, as name-value pairs for configuring this extension.	ExtensionPropertiesConfigurationSettings
extensionType	Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types registered with Microsoft.KubernetesConfiguration by the Extension publisher.	string
managementDetails	Management details of the extension	ManagementDetails
releaseTrain	ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if autoUpgradeMinorVersion is 'true'.	string
scope	Scope at which the extension is installed.	Scope
statuses	Status from this extension.	ExtensionStatus[]
version	User-specified version of the extension for this extension to 'pin'. To use 'version', autoUpgradeMinorVersion must be 'false'.	string

ExtensionPropertiesAksAssignedIdentity

Name	Description	Value
clientId	The client ID of resource identity.	string
objectId	The object ID of resource identity.	string
resourceId	The ID of the resource identity.	string
type	The identity type.	'SystemAssigned' 'UserAssigned' 'Workload'

ExtensionPropertiesConfigurationProtectedSettings

Name	Description	Value

ExtensionPropertiesConfigurationSettings

Name	Description	Value

ExtensionStatus

Name	Description	Value
code	Status code provided by the Extension	string
displayStatus	Short description of status of the extension.	string
level	Level of the status.	'Error' 'Information' 'Warning'
message	Detailed message of the status from the Extension.	string
time	DateLiteral (per ISO8601) noting the time of installation status.	string

Identity

Name	Description	Value
type	The identity type.	'SystemAssigned'

ManagementDetails

Name	Description	Value
accessDetails	The list of access details of the managing entity	AccessDetail[]
category	The category of the managing entity	string

Plan

Name	Description	Value
name	A user defined name of the 3rd Party Artifact that is being procured.	string (required)
product	The 3rd Party artifact that is being procured. E.g. NewRelic. Product maps to the OfferID specified for the artifact at the time of Data Market onboarding.	string (required)
promotionCode	A publisher provided promotion code as provisioned in Data Market for the said product/artifact.	string
publisher	The publisher of the 3rd Party Artifact that is being bought. E.g. NewRelic	string (required)
version	The version of the desired product/artifact.	string

Scope

Name	Description	Value
cluster	Specifies that the scope of the extension is Cluster	ScopeCluster
namespace	Specifies that the scope of the extension is Namespace	ScopeNamespace

ScopeCluster

Name	Description	Value
releaseNamespace	Namespace where the extension Release must be placed, for a Cluster scoped extension. If this namespace does not exist, it will be created	string

ScopeNamespace

Name	Description	Value
targetNamespace	Namespace where the extension will be created for an Namespace scoped extension. If this namespace does not exist, it will be created	string

Usage Examples

Terraform Samples

A basic example of deploying Kubernetes Cluster Extension.

terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}

provider "azapi" {
  skip_provider_registration = false
}

variable "resource_name" {
  type    = string
  default = "acctest0001"
}

variable "location" {
  type    = string
  default = "westeurope"
}

resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  location = var.location
}

resource "azapi_resource" "managedCluster" {
  type      = "Microsoft.ContainerService/managedClusters@2023-04-02-preview"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  identity {
    type         = "SystemAssigned"
    identity_ids = []
  }
  body = {
    properties = {
      agentPoolProfiles = [
        {
          count  = 1
          mode   = "System"
          name   = "default"
          vmSize = "Standard_DS2_v2"
        },
      ]
      dnsPrefix = var.resource_name
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

resource "azapi_resource" "extension" {
  type      = "Microsoft.KubernetesConfiguration/extensions@2022-11-01"
  parent_id = azapi_resource.managedCluster.id
  name      = var.resource_name
  body = {
    properties = {
      autoUpgradeMinorVersion = true
      extensionType           = "microsoft.flux"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

Feedback

Was this page helpful?

Last updated on 2026-04-06

Microsoft.KubernetesConfiguration extensions

Bicep resource definition

Resource format

Property Values

Microsoft.KubernetesConfiguration/extensions

AccessDetail

AdditionalDetails

ExtensionProperties

ExtensionPropertiesAksAssignedIdentity

ExtensionPropertiesConfigurationProtectedSettings

ExtensionPropertiesConfigurationSettings

ExtensionStatus

Identity

ManagementDetails

Plan

Scope

ScopeCluster

ScopeNamespace

Usage Examples

Bicep Samples

Azure Verified Modules

ARM template resource definition

Resource format

Property Values

Microsoft.KubernetesConfiguration/extensions

AccessDetail

AdditionalDetails

ExtensionProperties

ExtensionPropertiesAksAssignedIdentity

ExtensionPropertiesConfigurationProtectedSettings

ExtensionPropertiesConfigurationSettings

ExtensionStatus

Identity

ManagementDetails

Plan

Scope

ScopeCluster

ScopeNamespace

Usage Examples

Terraform (AzAPI provider) resource definition

Resource format

Property Values

Microsoft.KubernetesConfiguration/extensions

AccessDetail

AdditionalDetails

ExtensionProperties

ExtensionPropertiesAksAssignedIdentity

ExtensionPropertiesConfigurationProtectedSettings

ExtensionPropertiesConfigurationSettings

ExtensionStatus

Identity

ManagementDetails

Plan

Scope

ScopeCluster

ScopeNamespace

Usage Examples

Terraform Samples

Feedback

Additional resources