Share via

Microsoft.ContainerService managedClusters/agentPools

Bicep resource definition

The managedClusters/agentPools resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.ContainerService/managedClusters/agentPools resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.ContainerService/managedClusters/agentPools@2025-05-01' = {
  parent: resourceSymbolicName
  name: 'string'
  properties: {
    availabilityZones: [
      'string'
    ]
    capacityReservationGroupID: 'string'
    count: int
    creationData: {
      sourceResourceId: 'string'
    }
    enableAutoScaling: bool
    enableEncryptionAtHost: bool
    enableFIPS: bool
    enableNodePublicIP: bool
    enableUltraSSD: bool
    gatewayProfile: {
      publicIPPrefixSize: int
    }
    gpuInstanceProfile: 'string'
    gpuProfile: {
      driver: 'string'
    }
    hostGroupID: 'string'
    kubeletConfig: {
      allowedUnsafeSysctls: [
        'string'
      ]
      containerLogMaxFiles: int
      containerLogMaxSizeMB: int
      cpuCfsQuota: bool
      cpuCfsQuotaPeriod: 'string'
      cpuManagerPolicy: 'string'
      failSwapOn: bool
      imageGcHighThreshold: int
      imageGcLowThreshold: int
      podMaxPids: int
      topologyManagerPolicy: 'string'
    }
    kubeletDiskType: 'string'
    linuxOSConfig: {
      swapFileSizeMB: int
      sysctls: {
        fsAioMaxNr: int
        fsFileMax: int
        fsInotifyMaxUserWatches: int
        fsNrOpen: int
        kernelThreadsMax: int
        netCoreNetdevMaxBacklog: int
        netCoreOptmemMax: int
        netCoreRmemDefault: int
        netCoreRmemMax: int
        netCoreSomaxconn: int
        netCoreWmemDefault: int
        netCoreWmemMax: int
        netIpv4IpLocalPortRange: 'string'
        netIpv4NeighDefaultGcThresh1: int
        netIpv4NeighDefaultGcThresh2: int
        netIpv4NeighDefaultGcThresh3: int
        netIpv4TcpFinTimeout: int
        netIpv4TcpkeepaliveIntvl: int
        netIpv4TcpKeepaliveProbes: int
        netIpv4TcpKeepaliveTime: int
        netIpv4TcpMaxSynBacklog: int
        netIpv4TcpMaxTwBuckets: int
        netIpv4TcpTwReuse: bool
        netNetfilterNfConntrackBuckets: int
        netNetfilterNfConntrackMax: int
        vmMaxMapCount: int
        vmSwappiness: int
        vmVfsCachePressure: int
      }
      transparentHugePageDefrag: 'string'
      transparentHugePageEnabled: 'string'
    }
    maxCount: int
    maxPods: int
    messageOfTheDay: 'string'
    minCount: int
    mode: 'string'
    networkProfile: {
      allowedHostPorts: [
        {
          portEnd: int
          portStart: int
          protocol: 'string'
        }
      ]
      applicationSecurityGroups: [
        'string'
      ]
      nodePublicIPTags: [
        {
          ipTagType: 'string'
          tag: 'string'
        }
      ]
    }
    nodeLabels: {
      {customized property}: 'string'
    }
    nodePublicIPPrefixID: 'string'
    nodeTaints: [
      'string'
    ]
    orchestratorVersion: 'string'
    osDiskSizeGB: int
    osDiskType: 'string'
    osSKU: 'string'
    osType: 'string'
    podIPAllocationMode: 'string'
    podSubnetID: 'string'
    powerState: {
      code: 'string'
    }
    proximityPlacementGroupID: 'string'
    scaleDownMode: 'string'
    scaleSetEvictionPolicy: 'string'
    scaleSetPriority: 'string'
    securityProfile: {
      enableSecureBoot: bool
      enableVTPM: bool
    }
    spotMaxPrice: int
    status: {}
    tags: {
      {customized property}: 'string'
    }
    type: 'string'
    upgradeSettings: {
      drainTimeoutInMinutes: int
      maxSurge: 'string'
      maxUnavailable: 'string'
      nodeSoakDurationInMinutes: int
      undrainableNodeBehavior: 'string'
    }
    virtualMachineNodesStatus: [
      {
        count: int
        size: 'string'
      }
    ]
    virtualMachinesProfile: {
      scale: {
        manual: [
          {
            count: int
            size: 'string'
          }
        ]
      }
    }
    vmSize: 'string'
    vnetSubnetID: 'string'
    windowsProfile: {
      disableOutboundNat: bool
    }
    workloadRuntime: 'string'
  }
}

Property Values

Microsoft.ContainerService/managedClusters/agentPools

Name Description Value
name The resource name string

Constraints:
Min length = 1
Max length = 12
Pattern = ^[a-z][a-z0-9]{0,11}$ (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.		 Symbolic name for resource of type: managedClusters
properties Properties of an agent pool. ManagedClusterAgentPoolProfileProperties

AgentPoolGatewayProfile

Name Description Value
publicIPPrefixSize The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. int

Constraints:
Min value = 28
Max value = 31

AgentPoolNetworkProfile

Name Description Value
allowedHostPorts The port ranges that are allowed to access. The specified ranges are allowed to overlap. PortRange[]
applicationSecurityGroups The IDs of the application security groups which agent pool will associate when created. string[]
nodePublicIPTags IPTags of instance-level public IPs. IPTag[]

AgentPoolSecurityProfile

Name Description Value
enableSecureBoot Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. bool
enableVTPM vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. bool

AgentPoolStatus

Name Description Value

AgentPoolUpgradeSettings

Name Description Value
drainTimeoutInMinutes The drain timeout for a node. The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not specified, the default is 30 minutes. int

Constraints:
Min value = 1
Max value = 1440
maxSurge The maximum number or percentage of nodes that are surged during upgrade. This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 10%. For more information, including best practices, see: /azure/aks/upgrade-cluster string
maxUnavailable The maximum number or percentage of nodes that can be simultaneously unavailable during upgrade. This can either be set to an integer (e.g. '1') or a percentage (e.g. '5%'). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 0. For more information, including best practices, see: /azure/aks/upgrade-cluster string
nodeSoakDurationInMinutes The soak duration for a node. The amount of time (in minutes) to wait after draining a node and before reimaging it and moving on to next node. If not specified, the default is 0 minutes. int

Constraints:
Min value = 0
Max value = 30
undrainableNodeBehavior Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. 'Cordon'
'Schedule'

AgentPoolWindowsProfile

Name Description Value
disableOutboundNat Whether to disable OutboundNAT in windows nodes. The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT Gateway and the Windows agent pool does not have node public IP enabled. bool

CreationData

Name Description Value
sourceResourceId This is the ARM ID of the source object to be used to create the target object. string

GPUProfile

Name Description Value
driver Whether to install GPU drivers. When it's not specified, default is Install. 'Install'
'None'

IPTag

Name Description Value
ipTagType The IP tag type. Example: RoutingPreference. string
tag The value of the IP tag associated with the public IP. Example: Internet. string

KubeletConfig

Name Description Value
allowedUnsafeSysctls Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in *). string[]
containerLogMaxFiles The maximum number of container log files that can be present for a container. The number must be ≥ 2. int

Constraints:
Min value = 2
containerLogMaxSizeMB The maximum size (e.g. 10Mi) of container log file before it is rotated. int
cpuCfsQuota If CPU CFS quota enforcement is enabled for containers that specify CPU limits. The default is true. bool
cpuCfsQuotaPeriod The CPU CFS quota period value. The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. string
cpuManagerPolicy The CPU Manager policy to use. The default is 'none'. See Kubernetes CPU management policies for more information. Allowed values are 'none' and 'static'. string
failSwapOn If set to true it will make the Kubelet fail to start if swap is enabled on the node. bool
imageGcHighThreshold The percent of disk usage after which image garbage collection is always run. To disable image garbage collection, set to 100. The default is 85% int
imageGcLowThreshold The percent of disk usage before which image garbage collection is never run. This cannot be set higher than imageGcHighThreshold. The default is 80% int
podMaxPids The maximum number of processes per pod. int
topologyManagerPolicy The Topology Manager policy to use. For more information see Kubernetes Topology Manager. The default is 'none'. Allowed values are 'none', 'best-effort', 'restricted', and 'single-numa-node'. string

LinuxOSConfig

Name Description Value
swapFileSizeMB The size in MB of a swap file that will be created on each node. int
sysctls Sysctl settings for Linux agent nodes. SysctlConfig
transparentHugePageDefrag Whether the kernel should make aggressive use of memory compaction to make more hugepages available. Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is 'madvise'. For more information see Transparent Hugepages. string
transparentHugePageEnabled Whether transparent hugepages are enabled. Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more information see Transparent Hugepages. string

ManagedClusterAgentPoolProfileProperties

Name Description Value
availabilityZones The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is 'VirtualMachineScaleSets'. string[]
capacityReservationGroupID AKS will associate the specified agent pool with the Capacity Reservation Group. string
count Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. int
creationData CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot. CreationData
enableAutoScaling Whether to enable auto-scaler bool
enableEncryptionAtHost Whether to enable host based OS and data drive encryption. This is only supported on certain VM sizes and in certain Azure regions. For more information, see: /azure/aks/enable-host-encryption bool
enableFIPS Whether to use a FIPS-enabled OS. See Add a FIPS-enabled node pool for more details. bool
enableNodePublicIP Whether each node is allocated its own public IP. Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false. bool
enableUltraSSD Whether to enable UltraSSD bool
gatewayProfile Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is not Gateway. AgentPoolGatewayProfile
gpuInstanceProfile GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. 'MIG1g'
'MIG2g'
'MIG3g'
'MIG4g'
'MIG7g'
gpuProfile GPU settings for the Agent Pool. GPUProfile
hostGroupID The fully qualified resource ID of the Dedicated Host Group to provision virtual machines from, used only in creation scenario and not allowed to changed once set. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. For more information see Azure dedicated hosts. string
kubeletConfig The Kubelet configuration on the agent pool nodes. KubeletConfig
kubeletDiskType Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. 'OS'
'Temporary'
linuxOSConfig The OS configuration of Linux agent nodes. LinuxOSConfig
maxCount The maximum number of nodes for auto-scaling int
maxPods The maximum number of pods that can run on a node. int
messageOfTheDay Message of the day for Linux nodes, base64-encoded. A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., will be printed raw and not be executed as a script). string
minCount The minimum number of nodes for auto-scaling int
mode The mode of an agent pool. A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: /azure/aks/use-system-pools 'Gateway'
'System'
'User'
networkProfile Network-related settings of an agent pool. AgentPoolNetworkProfile
nodeLabels The node labels to be persisted across all nodes in agent pool. ManagedClusterAgentPoolProfilePropertiesNodeLabels
nodePublicIPPrefixID The public IP prefix ID which VM nodes should use IPs from. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} string
nodeTaints The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. string[]
orchestratorVersion The version of Kubernetes specified by the user. Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool. string
osDiskSizeGB OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified. int

Constraints:
Min value = 0
Max value = 2048
osDiskType The OS disk type to be used for machines in the agent pool. The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see Ephemeral OS. 'Ephemeral'
'Managed'
osSKU Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. 'AzureLinux'
'CBLMariner'
'Ubuntu'
'Ubuntu2204'
'Windows2019'
'Windows2022'
osType The operating system type. The default is Linux. 'Linux'
'Windows'
podIPAllocationMode Pod IP Allocation Mode. The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is 'DynamicIndividual'. 'DynamicIndividual'
'StaticBlock'
podSubnetID The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} string
powerState Whether the Agent Pool is running or stopped. When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded PowerState
proximityPlacementGroupID The ID for Proximity Placement Group. string
scaleDownMode The scale down mode to use when scaling the Agent Pool. This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete. 'Deallocate'
'Delete'
scaleSetEvictionPolicy The Virtual Machine Scale Set eviction policy to use. This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is 'Delete'. 'Deallocate'
'Delete'
scaleSetPriority The Virtual Machine Scale Set priority. If not specified, the default is 'Regular'. 'Regular'
'Spot'
securityProfile The security settings of an agent pool. AgentPoolSecurityProfile
spotMaxPrice The max price (in US Dollars) you are willing to pay for spot instances. Possible values are any decimal value greater than zero or -1 which indicates default price to be up-to on-demand. Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing int
status Contains read-only information about the Agent Pool. AgentPoolStatus
tags The tags to be persisted on the agent pool virtual machine scale set. ManagedClusterAgentPoolProfilePropertiesTags
type The type of Agent Pool. 'AvailabilitySet'
'VirtualMachines'
'VirtualMachineScaleSets'
upgradeSettings Settings for upgrading the agentpool AgentPoolUpgradeSettings
virtualMachineNodesStatus The status of nodes in a VirtualMachines agent pool. VirtualMachineNodes[]
virtualMachinesProfile Specifications on VirtualMachines agent pool. VirtualMachinesProfile
vmSize The size of the agent pool VMs. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: /azure/aks/quotas-skus-regions string
vnetSubnetID The ID of the subnet which agent pool nodes and optionally pods will join on startup. If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} string
windowsProfile The Windows agent pool's specific profile. AgentPoolWindowsProfile
workloadRuntime Determines the type of workload a node can run. 'OCIContainer'
'WasmWasi'

ManagedClusterAgentPoolProfilePropertiesNodeLabels

Name Description Value

ManagedClusterAgentPoolProfilePropertiesTags

Name Description Value

ManualScaleProfile

Name Description Value
count Number of nodes. int
size VM size that AKS will use when creating and scaling e.g. 'Standard_E4s_v3', 'Standard_E16s_v3' or 'Standard_D16s_v5'. string

PortRange

Name Description Value
portEnd The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or equal to portStart. int

Constraints:
Min value = 1
Max value = 65535
portStart The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or equal to portEnd. int

Constraints:
Min value = 1
Max value = 65535
protocol The network protocol of the port. 'TCP'
'UDP'

PowerState

Name Description Value
code Tells whether the cluster is Running or Stopped 'Running'
'Stopped'

ScaleProfile

Name Description Value
manual Specifications on how to scale the VirtualMachines agent pool to a fixed size. ManualScaleProfile[]

SysctlConfig

Name Description Value
fsAioMaxNr Sysctl setting fs.aio-max-nr. int
fsFileMax Sysctl setting fs.file-max. int
fsInotifyMaxUserWatches Sysctl setting fs.inotify.max_user_watches. int
fsNrOpen Sysctl setting fs.nr_open. int
kernelThreadsMax Sysctl setting kernel.threads-max. int
netCoreNetdevMaxBacklog Sysctl setting net.core.netdev_max_backlog. int
netCoreOptmemMax Sysctl setting net.core.optmem_max. int
netCoreRmemDefault Sysctl setting net.core.rmem_default. int
netCoreRmemMax Sysctl setting net.core.rmem_max. int
netCoreSomaxconn Sysctl setting net.core.somaxconn. int
netCoreWmemDefault Sysctl setting net.core.wmem_default. int
netCoreWmemMax Sysctl setting net.core.wmem_max. int
netIpv4IpLocalPortRange Sysctl setting net.ipv4.ip_local_port_range. string
netIpv4NeighDefaultGcThresh1 Sysctl setting net.ipv4.neigh.default.gc_thresh1. int
netIpv4NeighDefaultGcThresh2 Sysctl setting net.ipv4.neigh.default.gc_thresh2. int
netIpv4NeighDefaultGcThresh3 Sysctl setting net.ipv4.neigh.default.gc_thresh3. int
netIpv4TcpFinTimeout Sysctl setting net.ipv4.tcp_fin_timeout. int
netIpv4TcpkeepaliveIntvl Sysctl setting net.ipv4.tcp_keepalive_intvl. int

Constraints:
Min value = 10
Max value = 90
netIpv4TcpKeepaliveProbes Sysctl setting net.ipv4.tcp_keepalive_probes. int
netIpv4TcpKeepaliveTime Sysctl setting net.ipv4.tcp_keepalive_time. int
netIpv4TcpMaxSynBacklog Sysctl setting net.ipv4.tcp_max_syn_backlog. int
netIpv4TcpMaxTwBuckets Sysctl setting net.ipv4.tcp_max_tw_buckets. int
netIpv4TcpTwReuse Sysctl setting net.ipv4.tcp_tw_reuse. bool
netNetfilterNfConntrackBuckets Sysctl setting net.netfilter.nf_conntrack_buckets. int

Constraints:
Min value = 65536
Max value = 524288
netNetfilterNfConntrackMax Sysctl setting net.netfilter.nf_conntrack_max. int

Constraints:
Min value = 131072
Max value = 2097152
vmMaxMapCount Sysctl setting vm.max_map_count. int
vmSwappiness Sysctl setting vm.swappiness. int
vmVfsCachePressure Sysctl setting vm.vfs_cache_pressure. int

VirtualMachineNodes

Name Description Value
count Number of nodes. int
size The VM size of the agents used to host this group of nodes. string

VirtualMachinesProfile

Name Description Value
scale Specifications on how to scale a VirtualMachines agent pool. ScaleProfile

ARM template resource definition

The managedClusters/agentPools resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.ContainerService/managedClusters/agentPools resource, add the following JSON to your template.

{
  "type": "Microsoft.ContainerService/managedClusters/agentPools",
  "apiVersion": "2025-05-01",
  "name": "string",
  "properties": {
    "availabilityZones": [ "string" ],
    "capacityReservationGroupID": "string",
    "count": "int",
    "creationData": {
      "sourceResourceId": "string"
    },
    "enableAutoScaling": "bool",
    "enableEncryptionAtHost": "bool",
    "enableFIPS": "bool",
    "enableNodePublicIP": "bool",
    "enableUltraSSD": "bool",
    "gatewayProfile": {
      "publicIPPrefixSize": "int"
    },
    "gpuInstanceProfile": "string",
    "gpuProfile": {
      "driver": "string"
    },
    "hostGroupID": "string",
    "kubeletConfig": {
      "allowedUnsafeSysctls": [ "string" ],
      "containerLogMaxFiles": "int",
      "containerLogMaxSizeMB": "int",
      "cpuCfsQuota": "bool",
      "cpuCfsQuotaPeriod": "string",
      "cpuManagerPolicy": "string",
      "failSwapOn": "bool",
      "imageGcHighThreshold": "int",
      "imageGcLowThreshold": "int",
      "podMaxPids": "int",
      "topologyManagerPolicy": "string"
    },
    "kubeletDiskType": "string",
    "linuxOSConfig": {
      "swapFileSizeMB": "int",
      "sysctls": {
        "fsAioMaxNr": "int",
        "fsFileMax": "int",
        "fsInotifyMaxUserWatches": "int",
        "fsNrOpen": "int",
        "kernelThreadsMax": "int",
        "netCoreNetdevMaxBacklog": "int",
        "netCoreOptmemMax": "int",
        "netCoreRmemDefault": "int",
        "netCoreRmemMax": "int",
        "netCoreSomaxconn": "int",
        "netCoreWmemDefault": "int",
        "netCoreWmemMax": "int",
        "netIpv4IpLocalPortRange": "string",
        "netIpv4NeighDefaultGcThresh1": "int",
        "netIpv4NeighDefaultGcThresh2": "int",
        "netIpv4NeighDefaultGcThresh3": "int",
        "netIpv4TcpFinTimeout": "int",
        "netIpv4TcpkeepaliveIntvl": "int",
        "netIpv4TcpKeepaliveProbes": "int",
        "netIpv4TcpKeepaliveTime": "int",
        "netIpv4TcpMaxSynBacklog": "int",
        "netIpv4TcpMaxTwBuckets": "int",
        "netIpv4TcpTwReuse": "bool",
        "netNetfilterNfConntrackBuckets": "int",
        "netNetfilterNfConntrackMax": "int",
        "vmMaxMapCount": "int",
        "vmSwappiness": "int",
        "vmVfsCachePressure": "int"
      },
      "transparentHugePageDefrag": "string",
      "transparentHugePageEnabled": "string"
    },
    "maxCount": "int",
    "maxPods": "int",
    "messageOfTheDay": "string",
    "minCount": "int",
    "mode": "string",
    "networkProfile": {
      "allowedHostPorts": [
        {
          "portEnd": "int",
          "portStart": "int",
          "protocol": "string"
        }
      ],
      "applicationSecurityGroups": [ "string" ],
      "nodePublicIPTags": [
        {
          "ipTagType": "string",
          "tag": "string"
        }
      ]
    },
    "nodeLabels": {
      "{customized property}": "string"
    },
    "nodePublicIPPrefixID": "string",
    "nodeTaints": [ "string" ],
    "orchestratorVersion": "string",
    "osDiskSizeGB": "int",
    "osDiskType": "string",
    "osSKU": "string",
    "osType": "string",
    "podIPAllocationMode": "string",
    "podSubnetID": "string",
    "powerState": {
      "code": "string"
    },
    "proximityPlacementGroupID": "string",
    "scaleDownMode": "string",
    "scaleSetEvictionPolicy": "string",
    "scaleSetPriority": "string",
    "securityProfile": {
      "enableSecureBoot": "bool",
      "enableVTPM": "bool"
    },
    "spotMaxPrice": "int",
    "status": {
    },
    "tags": {
      "{customized property}": "string"
    },
    "type": "string",
    "upgradeSettings": {
      "drainTimeoutInMinutes": "int",
      "maxSurge": "string",
      "maxUnavailable": "string",
      "nodeSoakDurationInMinutes": "int",
      "undrainableNodeBehavior": "string"
    },
    "virtualMachineNodesStatus": [
      {
        "count": "int",
        "size": "string"
      }
    ],
    "virtualMachinesProfile": {
      "scale": {
        "manual": [
          {
            "count": "int",
            "size": "string"
          }
        ]
      }
    },
    "vmSize": "string",
    "vnetSubnetID": "string",
    "windowsProfile": {
      "disableOutboundNat": "bool"
    },
    "workloadRuntime": "string"
  }
}

Property Values

Microsoft.ContainerService/managedClusters/agentPools

Name Description Value
apiVersion The api version '2025-05-01'
name The resource name string

Constraints:
Min length = 1
Max length = 12
Pattern = ^[a-z][a-z0-9]{0,11}$ (required)
properties Properties of an agent pool. ManagedClusterAgentPoolProfileProperties
type The resource type 'Microsoft.ContainerService/managedClusters/agentPools'

AgentPoolGatewayProfile

Name Description Value
publicIPPrefixSize The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. int

Constraints:
Min value = 28
Max value = 31

AgentPoolNetworkProfile

Name Description Value
allowedHostPorts The port ranges that are allowed to access. The specified ranges are allowed to overlap. PortRange[]
applicationSecurityGroups The IDs of the application security groups which agent pool will associate when created. string[]
nodePublicIPTags IPTags of instance-level public IPs. IPTag[]

AgentPoolSecurityProfile

Name Description Value
enableSecureBoot Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. bool
enableVTPM vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. bool

AgentPoolStatus

Name Description Value

AgentPoolUpgradeSettings

Name Description Value
drainTimeoutInMinutes The drain timeout for a node. The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not specified, the default is 30 minutes. int

Constraints:
Min value = 1
Max value = 1440
maxSurge The maximum number or percentage of nodes that are surged during upgrade. This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 10%. For more information, including best practices, see: /azure/aks/upgrade-cluster string
maxUnavailable The maximum number or percentage of nodes that can be simultaneously unavailable during upgrade. This can either be set to an integer (e.g. '1') or a percentage (e.g. '5%'). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 0. For more information, including best practices, see: /azure/aks/upgrade-cluster string
nodeSoakDurationInMinutes The soak duration for a node. The amount of time (in minutes) to wait after draining a node and before reimaging it and moving on to next node. If not specified, the default is 0 minutes. int

Constraints:
Min value = 0
Max value = 30
undrainableNodeBehavior Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. 'Cordon'
'Schedule'

AgentPoolWindowsProfile

Name Description Value
disableOutboundNat Whether to disable OutboundNAT in windows nodes. The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT Gateway and the Windows agent pool does not have node public IP enabled. bool

CreationData

Name Description Value
sourceResourceId This is the ARM ID of the source object to be used to create the target object. string

GPUProfile

Name Description Value
driver Whether to install GPU drivers. When it's not specified, default is Install. 'Install'
'None'

IPTag

Name Description Value
ipTagType The IP tag type. Example: RoutingPreference. string
tag The value of the IP tag associated with the public IP. Example: Internet. string

KubeletConfig

Name Description Value
allowedUnsafeSysctls Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in *). string[]
containerLogMaxFiles The maximum number of container log files that can be present for a container. The number must be ≥ 2. int

Constraints:
Min value = 2
containerLogMaxSizeMB The maximum size (e.g. 10Mi) of container log file before it is rotated. int
cpuCfsQuota If CPU CFS quota enforcement is enabled for containers that specify CPU limits. The default is true. bool
cpuCfsQuotaPeriod The CPU CFS quota period value. The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. string
cpuManagerPolicy The CPU Manager policy to use. The default is 'none'. See Kubernetes CPU management policies for more information. Allowed values are 'none' and 'static'. string
failSwapOn If set to true it will make the Kubelet fail to start if swap is enabled on the node. bool
imageGcHighThreshold The percent of disk usage after which image garbage collection is always run. To disable image garbage collection, set to 100. The default is 85% int
imageGcLowThreshold The percent of disk usage before which image garbage collection is never run. This cannot be set higher than imageGcHighThreshold. The default is 80% int
podMaxPids The maximum number of processes per pod. int
topologyManagerPolicy The Topology Manager policy to use. For more information see Kubernetes Topology Manager. The default is 'none'. Allowed values are 'none', 'best-effort', 'restricted', and 'single-numa-node'. string

LinuxOSConfig

Name Description Value
swapFileSizeMB The size in MB of a swap file that will be created on each node. int
sysctls Sysctl settings for Linux agent nodes. SysctlConfig
transparentHugePageDefrag Whether the kernel should make aggressive use of memory compaction to make more hugepages available. Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is 'madvise'. For more information see Transparent Hugepages. string
transparentHugePageEnabled Whether transparent hugepages are enabled. Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more information see Transparent Hugepages. string

ManagedClusterAgentPoolProfileProperties

Name Description Value
availabilityZones The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is 'VirtualMachineScaleSets'. string[]
capacityReservationGroupID AKS will associate the specified agent pool with the Capacity Reservation Group. string
count Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. int
creationData CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot. CreationData
enableAutoScaling Whether to enable auto-scaler bool
enableEncryptionAtHost Whether to enable host based OS and data drive encryption. This is only supported on certain VM sizes and in certain Azure regions. For more information, see: /azure/aks/enable-host-encryption bool
enableFIPS Whether to use a FIPS-enabled OS. See Add a FIPS-enabled node pool for more details. bool
enableNodePublicIP Whether each node is allocated its own public IP. Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false. bool
enableUltraSSD Whether to enable UltraSSD bool
gatewayProfile Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is not Gateway. AgentPoolGatewayProfile
gpuInstanceProfile GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. 'MIG1g'
'MIG2g'
'MIG3g'
'MIG4g'
'MIG7g'
gpuProfile GPU settings for the Agent Pool. GPUProfile
hostGroupID The fully qualified resource ID of the Dedicated Host Group to provision virtual machines from, used only in creation scenario and not allowed to changed once set. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. For more information see Azure dedicated hosts. string
kubeletConfig The Kubelet configuration on the agent pool nodes. KubeletConfig
kubeletDiskType Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. 'OS'
'Temporary'
linuxOSConfig The OS configuration of Linux agent nodes. LinuxOSConfig
maxCount The maximum number of nodes for auto-scaling int
maxPods The maximum number of pods that can run on a node. int
messageOfTheDay Message of the day for Linux nodes, base64-encoded. A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., will be printed raw and not be executed as a script). string
minCount The minimum number of nodes for auto-scaling int
mode The mode of an agent pool. A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: /azure/aks/use-system-pools 'Gateway'
'System'
'User'
networkProfile Network-related settings of an agent pool. AgentPoolNetworkProfile
nodeLabels The node labels to be persisted across all nodes in agent pool. ManagedClusterAgentPoolProfilePropertiesNodeLabels
nodePublicIPPrefixID The public IP prefix ID which VM nodes should use IPs from. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} string
nodeTaints The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. string[]
orchestratorVersion The version of Kubernetes specified by the user. Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool. string
osDiskSizeGB OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified. int

Constraints:
Min value = 0
Max value = 2048
osDiskType The OS disk type to be used for machines in the agent pool. The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see Ephemeral OS. 'Ephemeral'
'Managed'
osSKU Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. 'AzureLinux'
'CBLMariner'
'Ubuntu'
'Ubuntu2204'
'Windows2019'
'Windows2022'
osType The operating system type. The default is Linux. 'Linux'
'Windows'
podIPAllocationMode Pod IP Allocation Mode. The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is 'DynamicIndividual'. 'DynamicIndividual'
'StaticBlock'
podSubnetID The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} string
powerState Whether the Agent Pool is running or stopped. When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded PowerState
proximityPlacementGroupID The ID for Proximity Placement Group. string
scaleDownMode The scale down mode to use when scaling the Agent Pool. This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete. 'Deallocate'
'Delete'
scaleSetEvictionPolicy The Virtual Machine Scale Set eviction policy to use. This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is 'Delete'. 'Deallocate'
'Delete'
scaleSetPriority The Virtual Machine Scale Set priority. If not specified, the default is 'Regular'. 'Regular'
'Spot'
securityProfile The security settings of an agent pool. AgentPoolSecurityProfile
spotMaxPrice The max price (in US Dollars) you are willing to pay for spot instances. Possible values are any decimal value greater than zero or -1 which indicates default price to be up-to on-demand. Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing int
status Contains read-only information about the Agent Pool. AgentPoolStatus
tags The tags to be persisted on the agent pool virtual machine scale set. ManagedClusterAgentPoolProfilePropertiesTags
type The type of Agent Pool. 'AvailabilitySet'
'VirtualMachines'
'VirtualMachineScaleSets'
upgradeSettings Settings for upgrading the agentpool AgentPoolUpgradeSettings
virtualMachineNodesStatus The status of nodes in a VirtualMachines agent pool. VirtualMachineNodes[]
virtualMachinesProfile Specifications on VirtualMachines agent pool. VirtualMachinesProfile
vmSize The size of the agent pool VMs. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: /azure/aks/quotas-skus-regions string
vnetSubnetID The ID of the subnet which agent pool nodes and optionally pods will join on startup. If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} string
windowsProfile The Windows agent pool's specific profile. AgentPoolWindowsProfile
workloadRuntime Determines the type of workload a node can run. 'OCIContainer'
'WasmWasi'

ManagedClusterAgentPoolProfilePropertiesNodeLabels

Name Description Value

ManagedClusterAgentPoolProfilePropertiesTags

Name Description Value

ManualScaleProfile

Name Description Value
count Number of nodes. int
size VM size that AKS will use when creating and scaling e.g. 'Standard_E4s_v3', 'Standard_E16s_v3' or 'Standard_D16s_v5'. string

PortRange

Name Description Value
portEnd The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or equal to portStart. int

Constraints:
Min value = 1
Max value = 65535
portStart The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or equal to portEnd. int

Constraints:
Min value = 1
Max value = 65535
protocol The network protocol of the port. 'TCP'
'UDP'

PowerState

Name Description Value
code Tells whether the cluster is Running or Stopped 'Running'
'Stopped'

ScaleProfile

Name Description Value
manual Specifications on how to scale the VirtualMachines agent pool to a fixed size. ManualScaleProfile[]

SysctlConfig

Name Description Value
fsAioMaxNr Sysctl setting fs.aio-max-nr. int
fsFileMax Sysctl setting fs.file-max. int
fsInotifyMaxUserWatches Sysctl setting fs.inotify.max_user_watches. int
fsNrOpen Sysctl setting fs.nr_open. int
kernelThreadsMax Sysctl setting kernel.threads-max. int
netCoreNetdevMaxBacklog Sysctl setting net.core.netdev_max_backlog. int
netCoreOptmemMax Sysctl setting net.core.optmem_max. int
netCoreRmemDefault Sysctl setting net.core.rmem_default. int
netCoreRmemMax Sysctl setting net.core.rmem_max. int
netCoreSomaxconn Sysctl setting net.core.somaxconn. int
netCoreWmemDefault Sysctl setting net.core.wmem_default. int
netCoreWmemMax Sysctl setting net.core.wmem_max. int
netIpv4IpLocalPortRange Sysctl setting net.ipv4.ip_local_port_range. string
netIpv4NeighDefaultGcThresh1 Sysctl setting net.ipv4.neigh.default.gc_thresh1. int
netIpv4NeighDefaultGcThresh2 Sysctl setting net.ipv4.neigh.default.gc_thresh2. int
netIpv4NeighDefaultGcThresh3 Sysctl setting net.ipv4.neigh.default.gc_thresh3. int
netIpv4TcpFinTimeout Sysctl setting net.ipv4.tcp_fin_timeout. int
netIpv4TcpkeepaliveIntvl Sysctl setting net.ipv4.tcp_keepalive_intvl. int

Constraints:
Min value = 10
Max value = 90
netIpv4TcpKeepaliveProbes Sysctl setting net.ipv4.tcp_keepalive_probes. int
netIpv4TcpKeepaliveTime Sysctl setting net.ipv4.tcp_keepalive_time. int
netIpv4TcpMaxSynBacklog Sysctl setting net.ipv4.tcp_max_syn_backlog. int
netIpv4TcpMaxTwBuckets Sysctl setting net.ipv4.tcp_max_tw_buckets. int
netIpv4TcpTwReuse Sysctl setting net.ipv4.tcp_tw_reuse. bool
netNetfilterNfConntrackBuckets Sysctl setting net.netfilter.nf_conntrack_buckets. int

Constraints:
Min value = 65536
Max value = 524288
netNetfilterNfConntrackMax Sysctl setting net.netfilter.nf_conntrack_max. int

Constraints:
Min value = 131072
Max value = 2097152
vmMaxMapCount Sysctl setting vm.max_map_count. int
vmSwappiness Sysctl setting vm.swappiness. int
vmVfsCachePressure Sysctl setting vm.vfs_cache_pressure. int

VirtualMachineNodes

Name Description Value
count Number of nodes. int
size The VM size of the agents used to host this group of nodes. string

VirtualMachinesProfile

Name Description Value
scale Specifications on how to scale a VirtualMachines agent pool. ScaleProfile

Usage Examples

Azure Quickstart Templates

The following Azure Quickstart templates deploy this resource type.

Template Description
Deploy an AKS cluster for Azure ML

Deploy to Azure		 This template allows you to deploy an entreprise compliant AKS cluster which can be attached to Azure ML

Terraform (AzAPI provider) resource definition

The managedClusters/agentPools resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.ContainerService/managedClusters/agentPools resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.ContainerService/managedClusters/agentPools@2025-05-01"
  name = "string"
  parent_id = "string"
  body = {
    properties = {
      availabilityZones = [
        "string"
      ]
      capacityReservationGroupID = "string"
      count = int
      creationData = {
        sourceResourceId = "string"
      }
      enableAutoScaling = bool
      enableEncryptionAtHost = bool
      enableFIPS = bool
      enableNodePublicIP = bool
      enableUltraSSD = bool
      gatewayProfile = {
        publicIPPrefixSize = int
      }
      gpuInstanceProfile = "string"
      gpuProfile = {
        driver = "string"
      }
      hostGroupID = "string"
      kubeletConfig = {
        allowedUnsafeSysctls = [
          "string"
        ]
        containerLogMaxFiles = int
        containerLogMaxSizeMB = int
        cpuCfsQuota = bool
        cpuCfsQuotaPeriod = "string"
        cpuManagerPolicy = "string"
        failSwapOn = bool
        imageGcHighThreshold = int
        imageGcLowThreshold = int
        podMaxPids = int
        topologyManagerPolicy = "string"
      }
      kubeletDiskType = "string"
      linuxOSConfig = {
        swapFileSizeMB = int
        sysctls = {
          fsAioMaxNr = int
          fsFileMax = int
          fsInotifyMaxUserWatches = int
          fsNrOpen = int
          kernelThreadsMax = int
          netCoreNetdevMaxBacklog = int
          netCoreOptmemMax = int
          netCoreRmemDefault = int
          netCoreRmemMax = int
          netCoreSomaxconn = int
          netCoreWmemDefault = int
          netCoreWmemMax = int
          netIpv4IpLocalPortRange = "string"
          netIpv4NeighDefaultGcThresh1 = int
          netIpv4NeighDefaultGcThresh2 = int
          netIpv4NeighDefaultGcThresh3 = int
          netIpv4TcpFinTimeout = int
          netIpv4TcpkeepaliveIntvl = int
          netIpv4TcpKeepaliveProbes = int
          netIpv4TcpKeepaliveTime = int
          netIpv4TcpMaxSynBacklog = int
          netIpv4TcpMaxTwBuckets = int
          netIpv4TcpTwReuse = bool
          netNetfilterNfConntrackBuckets = int
          netNetfilterNfConntrackMax = int
          vmMaxMapCount = int
          vmSwappiness = int
          vmVfsCachePressure = int
        }
        transparentHugePageDefrag = "string"
        transparentHugePageEnabled = "string"
      }
      maxCount = int
      maxPods = int
      messageOfTheDay = "string"
      minCount = int
      mode = "string"
      networkProfile = {
        allowedHostPorts = [
          {
            portEnd = int
            portStart = int
            protocol = "string"
          }
        ]
        applicationSecurityGroups = [
          "string"
        ]
        nodePublicIPTags = [
          {
            ipTagType = "string"
            tag = "string"
          }
        ]
      }
      nodeLabels = {
        {customized property} = "string"
      }
      nodePublicIPPrefixID = "string"
      nodeTaints = [
        "string"
      ]
      orchestratorVersion = "string"
      osDiskSizeGB = int
      osDiskType = "string"
      osSKU = "string"
      osType = "string"
      podIPAllocationMode = "string"
      podSubnetID = "string"
      powerState = {
        code = "string"
      }
      proximityPlacementGroupID = "string"
      scaleDownMode = "string"
      scaleSetEvictionPolicy = "string"
      scaleSetPriority = "string"
      securityProfile = {
        enableSecureBoot = bool
        enableVTPM = bool
      }
      spotMaxPrice = int
      status = {
      }
      tags = {
        {customized property} = "string"
      }
      type = "string"
      upgradeSettings = {
        drainTimeoutInMinutes = int
        maxSurge = "string"
        maxUnavailable = "string"
        nodeSoakDurationInMinutes = int
        undrainableNodeBehavior = "string"
      }
      virtualMachineNodesStatus = [
        {
          count = int
          size = "string"
        }
      ]
      virtualMachinesProfile = {
        scale = {
          manual = [
            {
              count = int
              size = "string"
            }
          ]
        }
      }
      vmSize = "string"
      vnetSubnetID = "string"
      windowsProfile = {
        disableOutboundNat = bool
      }
      workloadRuntime = "string"
    }
  }
}

Property Values

Microsoft.ContainerService/managedClusters/agentPools

Name Description Value
name The resource name string

Constraints:
Min length = 1
Max length = 12
Pattern = ^[a-z][a-z0-9]{0,11}$ (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: managedClusters
properties Properties of an agent pool. ManagedClusterAgentPoolProfileProperties
type The resource type "Microsoft.ContainerService/managedClusters/agentPools@2025-05-01"

AgentPoolGatewayProfile

Name Description Value
publicIPPrefixSize The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. int

Constraints:
Min value = 28
Max value = 31

AgentPoolNetworkProfile

Name Description Value
allowedHostPorts The port ranges that are allowed to access. The specified ranges are allowed to overlap. PortRange[]
applicationSecurityGroups The IDs of the application security groups which agent pool will associate when created. string[]
nodePublicIPTags IPTags of instance-level public IPs. IPTag[]

AgentPoolSecurityProfile

Name Description Value
enableSecureBoot Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. bool
enableVTPM vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. bool

AgentPoolStatus

Name Description Value

AgentPoolUpgradeSettings

Name Description Value
drainTimeoutInMinutes The drain timeout for a node. The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not specified, the default is 30 minutes. int

Constraints:
Min value = 1
Max value = 1440
maxSurge The maximum number or percentage of nodes that are surged during upgrade. This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 10%. For more information, including best practices, see: /azure/aks/upgrade-cluster string
maxUnavailable The maximum number or percentage of nodes that can be simultaneously unavailable during upgrade. This can either be set to an integer (e.g. '1') or a percentage (e.g. '5%'). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 0. For more information, including best practices, see: /azure/aks/upgrade-cluster string
nodeSoakDurationInMinutes The soak duration for a node. The amount of time (in minutes) to wait after draining a node and before reimaging it and moving on to next node. If not specified, the default is 0 minutes. int

Constraints:
Min value = 0
Max value = 30
undrainableNodeBehavior Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. 'Cordon'
'Schedule'

AgentPoolWindowsProfile

Name Description Value
disableOutboundNat Whether to disable OutboundNAT in windows nodes. The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT Gateway and the Windows agent pool does not have node public IP enabled. bool

CreationData

Name Description Value
sourceResourceId This is the ARM ID of the source object to be used to create the target object. string

GPUProfile

Name Description Value
driver Whether to install GPU drivers. When it's not specified, default is Install. 'Install'
'None'

IPTag

Name Description Value
ipTagType The IP tag type. Example: RoutingPreference. string
tag The value of the IP tag associated with the public IP. Example: Internet. string

KubeletConfig

Name Description Value
allowedUnsafeSysctls Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in *). string[]
containerLogMaxFiles The maximum number of container log files that can be present for a container. The number must be ≥ 2. int

Constraints:
Min value = 2
containerLogMaxSizeMB The maximum size (e.g. 10Mi) of container log file before it is rotated. int
cpuCfsQuota If CPU CFS quota enforcement is enabled for containers that specify CPU limits. The default is true. bool
cpuCfsQuotaPeriod The CPU CFS quota period value. The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. string
cpuManagerPolicy The CPU Manager policy to use. The default is 'none'. See Kubernetes CPU management policies for more information. Allowed values are 'none' and 'static'. string
failSwapOn If set to true it will make the Kubelet fail to start if swap is enabled on the node. bool
imageGcHighThreshold The percent of disk usage after which image garbage collection is always run. To disable image garbage collection, set to 100. The default is 85% int
imageGcLowThreshold The percent of disk usage before which image garbage collection is never run. This cannot be set higher than imageGcHighThreshold. The default is 80% int
podMaxPids The maximum number of processes per pod. int
topologyManagerPolicy The Topology Manager policy to use. For more information see Kubernetes Topology Manager. The default is 'none'. Allowed values are 'none', 'best-effort', 'restricted', and 'single-numa-node'. string

LinuxOSConfig

Name Description Value
swapFileSizeMB The size in MB of a swap file that will be created on each node. int
sysctls Sysctl settings for Linux agent nodes. SysctlConfig
transparentHugePageDefrag Whether the kernel should make aggressive use of memory compaction to make more hugepages available. Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is 'madvise'. For more information see Transparent Hugepages. string
transparentHugePageEnabled Whether transparent hugepages are enabled. Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more information see Transparent Hugepages. string

ManagedClusterAgentPoolProfileProperties

Name Description Value
availabilityZones The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is 'VirtualMachineScaleSets'. string[]
capacityReservationGroupID AKS will associate the specified agent pool with the Capacity Reservation Group. string
count Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. int
creationData CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot. CreationData
enableAutoScaling Whether to enable auto-scaler bool
enableEncryptionAtHost Whether to enable host based OS and data drive encryption. This is only supported on certain VM sizes and in certain Azure regions. For more information, see: /azure/aks/enable-host-encryption bool
enableFIPS Whether to use a FIPS-enabled OS. See Add a FIPS-enabled node pool for more details. bool
enableNodePublicIP Whether each node is allocated its own public IP. Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false. bool
enableUltraSSD Whether to enable UltraSSD bool
gatewayProfile Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is not Gateway. AgentPoolGatewayProfile
gpuInstanceProfile GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. 'MIG1g'
'MIG2g'
'MIG3g'
'MIG4g'
'MIG7g'
gpuProfile GPU settings for the Agent Pool. GPUProfile
hostGroupID The fully qualified resource ID of the Dedicated Host Group to provision virtual machines from, used only in creation scenario and not allowed to changed once set. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. For more information see Azure dedicated hosts. string
kubeletConfig The Kubelet configuration on the agent pool nodes. KubeletConfig
kubeletDiskType Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. 'OS'
'Temporary'
linuxOSConfig The OS configuration of Linux agent nodes. LinuxOSConfig
maxCount The maximum number of nodes for auto-scaling int
maxPods The maximum number of pods that can run on a node. int
messageOfTheDay Message of the day for Linux nodes, base64-encoded. A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., will be printed raw and not be executed as a script). string
minCount The minimum number of nodes for auto-scaling int
mode The mode of an agent pool. A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: /azure/aks/use-system-pools 'Gateway'
'System'
'User'
networkProfile Network-related settings of an agent pool. AgentPoolNetworkProfile
nodeLabels The node labels to be persisted across all nodes in agent pool. ManagedClusterAgentPoolProfilePropertiesNodeLabels
nodePublicIPPrefixID The public IP prefix ID which VM nodes should use IPs from. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} string
nodeTaints The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. string[]
orchestratorVersion The version of Kubernetes specified by the user. Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool. string
osDiskSizeGB OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified. int

Constraints:
Min value = 0
Max value = 2048
osDiskType The OS disk type to be used for machines in the agent pool. The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see Ephemeral OS. 'Ephemeral'
'Managed'
osSKU Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. 'AzureLinux'
'CBLMariner'
'Ubuntu'
'Ubuntu2204'
'Windows2019'
'Windows2022'
osType The operating system type. The default is Linux. 'Linux'
'Windows'
podIPAllocationMode Pod IP Allocation Mode. The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is 'DynamicIndividual'. 'DynamicIndividual'
'StaticBlock'
podSubnetID The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} string
powerState Whether the Agent Pool is running or stopped. When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded PowerState
proximityPlacementGroupID The ID for Proximity Placement Group. string
scaleDownMode The scale down mode to use when scaling the Agent Pool. This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete. 'Deallocate'
'Delete'
scaleSetEvictionPolicy The Virtual Machine Scale Set eviction policy to use. This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is 'Delete'. 'Deallocate'
'Delete'
scaleSetPriority The Virtual Machine Scale Set priority. If not specified, the default is 'Regular'. 'Regular'
'Spot'
securityProfile The security settings of an agent pool. AgentPoolSecurityProfile
spotMaxPrice The max price (in US Dollars) you are willing to pay for spot instances. Possible values are any decimal value greater than zero or -1 which indicates default price to be up-to on-demand. Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing int
status Contains read-only information about the Agent Pool. AgentPoolStatus
tags The tags to be persisted on the agent pool virtual machine scale set. ManagedClusterAgentPoolProfilePropertiesTags
type The type of Agent Pool. 'AvailabilitySet'
'VirtualMachines'
'VirtualMachineScaleSets'
upgradeSettings Settings for upgrading the agentpool AgentPoolUpgradeSettings
virtualMachineNodesStatus The status of nodes in a VirtualMachines agent pool. VirtualMachineNodes[]
virtualMachinesProfile Specifications on VirtualMachines agent pool. VirtualMachinesProfile
vmSize The size of the agent pool VMs. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: /azure/aks/quotas-skus-regions string
vnetSubnetID The ID of the subnet which agent pool nodes and optionally pods will join on startup. If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} string
windowsProfile The Windows agent pool's specific profile. AgentPoolWindowsProfile
workloadRuntime Determines the type of workload a node can run. 'OCIContainer'
'WasmWasi'

ManagedClusterAgentPoolProfilePropertiesNodeLabels

Name Description Value

ManagedClusterAgentPoolProfilePropertiesTags

Name Description Value

ManualScaleProfile

Name Description Value
count Number of nodes. int
size VM size that AKS will use when creating and scaling e.g. 'Standard_E4s_v3', 'Standard_E16s_v3' or 'Standard_D16s_v5'. string

PortRange

Name Description Value
portEnd The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or equal to portStart. int

Constraints:
Min value = 1
Max value = 65535
portStart The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or equal to portEnd. int

Constraints:
Min value = 1
Max value = 65535
protocol The network protocol of the port. 'TCP'
'UDP'

PowerState

Name Description Value
code Tells whether the cluster is Running or Stopped 'Running'
'Stopped'

ScaleProfile

Name Description Value
manual Specifications on how to scale the VirtualMachines agent pool to a fixed size. ManualScaleProfile[]

SysctlConfig

Name Description Value
fsAioMaxNr Sysctl setting fs.aio-max-nr. int
fsFileMax Sysctl setting fs.file-max. int
fsInotifyMaxUserWatches Sysctl setting fs.inotify.max_user_watches. int
fsNrOpen Sysctl setting fs.nr_open. int
kernelThreadsMax Sysctl setting kernel.threads-max. int
netCoreNetdevMaxBacklog Sysctl setting net.core.netdev_max_backlog. int
netCoreOptmemMax Sysctl setting net.core.optmem_max. int
netCoreRmemDefault Sysctl setting net.core.rmem_default. int
netCoreRmemMax Sysctl setting net.core.rmem_max. int
netCoreSomaxconn Sysctl setting net.core.somaxconn. int
netCoreWmemDefault Sysctl setting net.core.wmem_default. int
netCoreWmemMax Sysctl setting net.core.wmem_max. int
netIpv4IpLocalPortRange Sysctl setting net.ipv4.ip_local_port_range. string
netIpv4NeighDefaultGcThresh1 Sysctl setting net.ipv4.neigh.default.gc_thresh1. int
netIpv4NeighDefaultGcThresh2 Sysctl setting net.ipv4.neigh.default.gc_thresh2. int
netIpv4NeighDefaultGcThresh3 Sysctl setting net.ipv4.neigh.default.gc_thresh3. int
netIpv4TcpFinTimeout Sysctl setting net.ipv4.tcp_fin_timeout. int
netIpv4TcpkeepaliveIntvl Sysctl setting net.ipv4.tcp_keepalive_intvl. int

Constraints:
Min value = 10
Max value = 90
netIpv4TcpKeepaliveProbes Sysctl setting net.ipv4.tcp_keepalive_probes. int
netIpv4TcpKeepaliveTime Sysctl setting net.ipv4.tcp_keepalive_time. int
netIpv4TcpMaxSynBacklog Sysctl setting net.ipv4.tcp_max_syn_backlog. int
netIpv4TcpMaxTwBuckets Sysctl setting net.ipv4.tcp_max_tw_buckets. int
netIpv4TcpTwReuse Sysctl setting net.ipv4.tcp_tw_reuse. bool
netNetfilterNfConntrackBuckets Sysctl setting net.netfilter.nf_conntrack_buckets. int

Constraints:
Min value = 65536
Max value = 524288
netNetfilterNfConntrackMax Sysctl setting net.netfilter.nf_conntrack_max. int

Constraints:
Min value = 131072
Max value = 2097152
vmMaxMapCount Sysctl setting vm.max_map_count. int
vmSwappiness Sysctl setting vm.swappiness. int
vmVfsCachePressure Sysctl setting vm.vfs_cache_pressure. int

VirtualMachineNodes

Name Description Value
count Number of nodes. int
size The VM size of the agents used to host this group of nodes. string

VirtualMachinesProfile

Name Description Value
scale Specifications on how to scale a VirtualMachines agent pool. ScaleProfile