Share via

Machines - Create Or Update

Service:
AKS
API Version:
2026-01-02-preview

Creates or updates a machine in the specified agent pool.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}/machines/{machineName}?api-version=2026-01-02-preview

URI Parameters

Name In Required Type Description
agentPoolName
 path True

string

minLength: 1
maxLength: 12
pattern: ^[a-z][a-z0-9]{0,11}$

The name of the agent pool.
machineName
 path True

string

pattern: ^[a-z][a-z0-9]{0,11}$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,39}$

Host name of the machine.
resourceGroupName
 path True

string

minLength: 1
maxLength: 90

The name of the resource group. The name is case insensitive.
resourceName
 path True

string

minLength: 1
maxLength: 63
pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$

The name of the managed cluster resource.
subscriptionId
 path True

string (uuid)

The ID of the target subscription. The value must be an UUID.
api-version
 query True

string

minLength: 1

The API version to use for this operation.

Request Header

Name Required Type Description
if-match

string

The request should only proceed if an entity matches this string.
if-none-match

string

The request should only proceed if no entity matches this string.

Request Body

Name Type Description
properties

MachineProperties

The properties of the machine

Responses

Name Type Description
200 OK

Machine

Resource 'Machine' update operation succeeded
201 Created

Machine

Resource 'Machine' create operation succeeded

Headers

  • Azure-AsyncOperation: string
  • Retry-After: integer
Other Status Codes

ErrorResponse

An unexpected error response.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

Create/Update Machine

Sample request

PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1/agentPools/agentpool1/machines/machine1?api-version=2026-01-02-preview

{
  "properties": {
    "hardware": {
      "vmSize": "Standard_DS1_v2"
    },
    "kubernetes": {
      "kubeletDiskType": "OS",
      "maxPods": 110,
      "nodeLabels": {
        "key1": "val1"
      },
      "nodeTaints": [
        "Key1=Value1:NoSchedule"
      ],
      "orchestratorVersion": "1.30"
    },
    "mode": "User",
    "operatingSystem": {
      "enableFIPS": false,
      "osSKU": "Ubuntu",
      "osType": "Linux"
    },
    "priority": "Spot",
    "tags": {
      "name1": "val1"
    }
  }
}

Sample response

Status code:
200 
{
  "name": "machine1",
  "type": "Microsoft.ContainerService/managedClusters/agentPools/machines",
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1/agentPools/agentpool1/machines/machine1",
  "properties": {
    "hardware": {
      "vmSize": "Standard_DS1_v2"
    },
    "kubernetes": {
      "currentOrchestratorVersion": "1.30.6",
      "kubeletDiskType": "OS",
      "maxPods": 110,
      "nodeLabels": {
        "key1": "val1"
      },
      "nodeName": "aks-nodepool1-machine1-25481572-vm0",
      "nodeTaints": [
        "Key1=Value1:NoSchedule"
      ],
      "orchestratorVersion": "1.30"
    },
    "mode": "User",
    "nodeImageVersion": "AKSUbuntu:1604:2023.03.11",
    "operatingSystem": {
      "enableFIPS": false,
      "osSKU": "Ubuntu",
      "osType": "Linux"
    },
    "priority": "Spot",
    "provisioningState": "Succeeded",
    "status": {
      "creationTimestamp": "2025-04-02T12:00:00Z",
      "driftAction": "Synced",
      "vmState": "Running"
    },
    "tags": {
      "name1": "val1"
    }
  },
  "zones": [
    "1"
  ]
}
Status code:
201 
{
  "name": "machine1",
  "type": "Microsoft.ContainerService/managedClusters/agentPools/machines",
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1/agentPools/agentpool1/machines/machine1",
  "properties": {
    "hardware": {
      "vmSize": "Standard_DS1_v2"
    },
    "kubernetes": {
      "currentOrchestratorVersion": "1.30.6",
      "kubeletDiskType": "OS",
      "maxPods": 110,
      "nodeLabels": {
        "key1": "val1"
      },
      "nodeName": "aks-nodepool1-machine1-25481572-vm0",
      "nodeTaints": [
        "Key1=Value1:NoSchedule"
      ],
      "orchestratorVersion": "1.30"
    },
    "mode": "User",
    "nodeImageVersion": "AKSUbuntu:1604:2023.03.11",
    "operatingSystem": {
      "enableFIPS": false,
      "osSKU": "Ubuntu",
      "osType": "Linux"
    },
    "priority": "Spot",
    "provisioningState": "Creating",
    "status": {
      "creationTimestamp": "2025-04-02T12:00:00Z",
      "driftAction": "Synced",
      "vmState": "Running"
    },
    "tags": {
      "name1": "val1"
    }
  },
  "zones": [
    "1"
  ]
}

Definitions

Name Description
AgentPoolArtifactStreamingProfile

Artifact streaming profile for the agent pool.
AgentPoolMode

The mode of an agent pool. A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools
AgentPoolSSHAccess

SSH access method of an agent pool.
AgentPoolWindowsProfile

The Windows agent pool's specific profile.
createdByType

The type of identity that created the resource.
DriftAction

The drift action of the machine. Indicates whether a machine has deviated from its expected state due to changes in managed cluster properties, requiring corrective action.
DriverType

Specify the type of GPU driver to install when creating Windows agent pools. If not provided, AKS selects the driver based on system compatibility. This cannot be changed once the AgentPool has been created. This cannot be set on Linux AgentPools. For Linux AgentPools, the driver is selected based on system compatibility.
ErrorAdditionalInfo

The resource management error additional info.
ErrorDetail

The error detail.
ErrorResponse

Error response
GPUDriver

Whether to install GPU drivers. When it's not specified, default is Install.
GPUInstanceProfile

GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.
GPUProfile

GPU settings for the Agent Pool.
IPFamily

To determine if address belongs IPv4 or IPv6 family
IPTag

Contains the IPTag associated with the object.
KubeletConfig

Kubelet configurations of agent nodes. See AKS custom node configuration for more details.
KubeletDiskType

Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.
LinuxOSConfig

OS configurations of Linux agent nodes. See AKS custom node configuration for more details.
LocalDNSForwardDestination

Destination server for DNS queries to be forwarded from localDNS.
LocalDNSForwardPolicy

Forward policy for selecting upstream DNS server. See forward plugin for more information.
LocalDNSMode

Mode of enablement for localDNS.
LocalDNSOverride

Overrides for localDNS profile.
LocalDNSProfile

Configures the per-node local DNS, with VnetDNS and KubeDNS overrides. LocalDNS helps improve performance and reliability of DNS resolution in an AKS cluster. For more details see aka.ms/aks/localdns.
LocalDNSProtocol

Enforce TCP or prefer UDP protocol for connections from localDNS to upstream DNS server.
LocalDNSQueryLogging

Log level for DNS queries in localDNS.
LocalDNSServeStale

Policy for serving stale data. See cache plugin for more information.
LocalDNSState

System-generated state of localDNS.
Machine

A machine. Contains details about the underlying virtual machine. A machine may be visible here but not in kubectl get nodes; if so it may be because the machine has not been registered with the Kubernetes API Server yet.
MachineBillingProfile

The properties having to do with machine billing.
MachineHardwareProfile

The hardware and GPU settings of the machine.
MachineIpAddress

The machine IP address details.
MachineKubernetesProfile

The Kubernetes configurations used by the machine.
MachineNetworkProperties

network properties of the machine
MachineOSProfile

The operating system and disk used by the machine.
MachineOSProfileLinuxProfile

The Linux machine's specific profile.
MachineProperties

The properties of the machine
MachineSecurityProfile

The security settings of the machine.
MachineStatus

Contains read-only information about the machine.
ManagementMode

The Managed GPU experience installs additional components, such as the Data Center GPU Manager (DCGM) metrics for monitoring, on top of the GPU driver for you. For more details of what is installed, check out aka.ms/aks/managed-gpu.
MigStrategy

Sets the MIG (Multi-Instance GPU) strategy that will be used for managed MIG support. For more information about the different strategies, visit aka.ms/aks/managed-gpu. When not specified, the default is None.
NvidiaGPUProfile

NVIDIA-specific GPU settings
OSDiskType

The OS disk type to be used for machines in the agent pool. The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see Ephemeral OS.
OSSKU

Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows.
OSType

The operating system type. The default is Linux.
ScaleSetEvictionPolicy

The Virtual Machine Scale Set eviction policy. The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs
ScaleSetPriority

The Virtual Machine Scale Set priority.
SeccompDefault

Specifies the default seccomp profile applied to all workloads. If not specified, 'Unconfined' will be used by default.
SysctlConfig

Sysctl settings for Linux agent nodes.
systemData

Metadata pertaining to creation and last modification of the resource.
VmState

Virtual machine state. Indicates the current state of the underlying virtual machine.
WorkloadRuntime

Determines the type of workload a node can run.

AgentPoolArtifactStreamingProfile

Object

Artifact streaming profile for the agent pool.

Name Type Description
enabled

boolean

Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false.

AgentPoolMode

Enumeration

The mode of an agent pool. A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools

Value Description
System

System agent pools are primarily for hosting critical system pods such as CoreDNS and metrics-server. System agent pools osType must be Linux. System agent pools VM SKU must have at least 2vCPUs and 4GB of memory.
User

User agent pools are primarily for hosting your application pods.
Gateway

Gateway agent pools are dedicated to providing static egress IPs to pods. For more details, see https://aka.ms/aks/static-egress-gateway.
ManagedSystem

ManagedSystem is a system pool managed by AKS. The pool scales dynamically according to cluster usage, and has additional automated monitoring and healing capabilities. There can only be one ManagedSystem pool, and it is recommended to delete all other system pools for the best experience.
Machines

Machines agent pools are dedicated to hosting machines. Only limited operations, such as creation and deletion, are allowed at the pool level. Please use the machine APIs to manage the full machine lifecycle.

AgentPoolSSHAccess

Enumeration

SSH access method of an agent pool.

Value Description
LocalUser

Can SSH onto the node as a local user using private key.
Disabled

SSH service will be turned off on the node.
EntraId

SSH to node with EntraId integration. More information can be found under https://aka.ms/aks/ssh/aad

AgentPoolWindowsProfile

Object

The Windows agent pool's specific profile.

Name Type Description
disableOutboundNat

boolean

Whether to disable OutboundNAT in windows nodes. The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT Gateway and the Windows agent pool does not have node public IP enabled.

createdByType

Enumeration

The type of identity that created the resource.

Value Description
User
Application
ManagedIdentity
Key

DriftAction

Enumeration

The drift action of the machine. Indicates whether a machine has deviated from its expected state due to changes in managed cluster properties, requiring corrective action.

Value Description
Synced

The machine is up to date.
Recreate

The machine has drifted and needs to be deleted and recreated.

DriverType

Enumeration

Specify the type of GPU driver to install when creating Windows agent pools. If not provided, AKS selects the driver based on system compatibility. This cannot be changed once the AgentPool has been created. This cannot be set on Linux AgentPools. For Linux AgentPools, the driver is selected based on system compatibility.

Value Description
GRID

Install the GRID driver for the GPU, suitable for applications requiring virtualization support.
CUDA

Install the CUDA driver for the GPU, optimized for computational tasks in scientific computing and data-intensive applications.

ErrorAdditionalInfo

Object

The resource management error additional info.

Name Type Description
info

object

The additional info.
type

string

The additional info type.

ErrorDetail

Object

The error detail.

Name Type Description
additionalInfo

ErrorAdditionalInfo[]

The error additional info.
code

string

The error code.
details

ErrorDetail[]

The error details.
message

string

The error message.
target

string

The error target.

ErrorResponse

Object

Error response

Name Type Description
error

ErrorDetail

The error object.

GPUDriver

Enumeration

Whether to install GPU drivers. When it's not specified, default is Install.

Value Description
Install

Install driver.
None

Skip driver install.

GPUInstanceProfile

Enumeration

GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.

Value Description
MIG1g

MIG 1g GPU instance profile.
MIG2g

MIG 2g GPU instance profile.
MIG3g

MIG 3g GPU instance profile.
MIG4g

MIG 4g GPU instance profile.
MIG7g

MIG 7g GPU instance profile.

GPUProfile

Object

GPU settings for the Agent Pool.

Name Type Description
driver

GPUDriver

Whether to install GPU drivers. When it's not specified, default is Install.
driverType

DriverType

Specify the type of GPU driver to install when creating Windows agent pools. If not provided, AKS selects the driver based on system compatibility. This cannot be changed once the AgentPool has been created. This cannot be set on Linux AgentPools. For Linux AgentPools, the driver is selected based on system compatibility.
nvidia

NvidiaGPUProfile

NVIDIA-specific GPU settings.

IPFamily

Enumeration

To determine if address belongs IPv4 or IPv6 family

Value Description
IPv4

IPv4 family
IPv6

IPv6 family

IPTag

Object

Contains the IPTag associated with the object.

Name Type Description
ipTagType

string

The IP tag type. Example: RoutingPreference.
tag

string

The value of the IP tag associated with the public IP. Example: Internet.

KubeletConfig

Object

Kubelet configurations of agent nodes. See AKS custom node configuration for more details.

Name Type Description
allowedUnsafeSysctls

string[]

Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in *).
containerLogMaxFiles

integer (int32)

minimum: 2

The maximum number of container log files that can be present for a container. The number must be ≥ 2.
containerLogMaxSizeMB

integer (int32)

The maximum size (e.g. 10Mi) of container log file before it is rotated.
cpuCfsQuota

boolean

If CPU CFS quota enforcement is enabled for containers that specify CPU limits. The default is true.
cpuCfsQuotaPeriod

string

The CPU CFS quota period value. The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'.
cpuManagerPolicy

string

The CPU Manager policy to use. The default is 'none'. See Kubernetes CPU management policies for more information. Allowed values are 'none' and 'static'.
failSwapOn

boolean

If set to true it will make the Kubelet fail to start if swap is enabled on the node.
imageGcHighThreshold

integer (int32)

The percent of disk usage after which image garbage collection is always run. To disable image garbage collection, set to 100. The default is 85%
imageGcLowThreshold

integer (int32)

The percent of disk usage before which image garbage collection is never run. This cannot be set higher than imageGcHighThreshold. The default is 80%
podMaxPids

integer (int32)

The maximum number of processes per pod.
seccompDefault

SeccompDefault

Specifies the default seccomp profile applied to all workloads. If not specified, 'Unconfined' will be used by default.
topologyManagerPolicy

string

The Topology Manager policy to use. For more information see Kubernetes Topology Manager. The default is 'none'. Allowed values are 'none', 'best-effort', 'restricted', and 'single-numa-node'.

KubeletDiskType

Enumeration

Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.

Value Description
OS

Kubelet will use the OS disk for its data.
Temporary

Kubelet will use the temporary disk for its data.

LinuxOSConfig

Object

OS configurations of Linux agent nodes. See AKS custom node configuration for more details.

Name Type Description
swapFileSizeMB

integer (int32)

The size in MB of a swap file that will be created on each node.
sysctls

SysctlConfig

Sysctl settings for Linux agent nodes.
transparentHugePageDefrag

string

Whether the kernel should make aggressive use of memory compaction to make more hugepages available. Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is 'madvise'. For more information see Transparent Hugepages.
transparentHugePageEnabled

string

Whether transparent hugepages are enabled. Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more information see Transparent Hugepages.

LocalDNSForwardDestination

Enumeration

Destination server for DNS queries to be forwarded from localDNS.

Value Description
ClusterCoreDNS

Forward DNS queries from localDNS to cluster CoreDNS.
VnetDNS

Forward DNS queries from localDNS to DNS server configured in the VNET. A VNET can have multiple DNS servers configured.

LocalDNSForwardPolicy

Enumeration

Forward policy for selecting upstream DNS server. See forward plugin for more information.

Value Description
Sequential

Implements sequential upstream DNS server selection. See forward plugin for more information.
RoundRobin

Implements round robin upstream DNS server selection. See forward plugin for more information.
Random

Implements random upstream DNS server selection. See forward plugin for more information.

LocalDNSMode

Enumeration

Mode of enablement for localDNS.

Value Description
Preferred

If the current orchestrator version supports this feature, prefer enabling localDNS.
Required

Enable localDNS.
Disabled

Disable localDNS.

LocalDNSOverride

Object

Overrides for localDNS profile.

Name Type Default value Description
cacheDurationInSeconds

integer (int32)

3600

Cache max TTL in seconds. See cache plugin for more information.
forwardDestination

LocalDNSForwardDestination

ClusterCoreDNS

Destination server for DNS queries to be forwarded from localDNS.
forwardPolicy

LocalDNSForwardPolicy

Sequential

Forward policy for selecting upstream DNS server. See forward plugin for more information.
maxConcurrent

integer (int32)

1000

Maximum number of concurrent queries. See forward plugin for more information.
protocol

LocalDNSProtocol

PreferUDP

Enforce TCP or prefer UDP protocol for connections from localDNS to upstream DNS server.
queryLogging

LocalDNSQueryLogging

Error

Log level for DNS queries in localDNS.
serveStale

LocalDNSServeStale

Immediate

Policy for serving stale data. See cache plugin for more information.
serveStaleDurationInSeconds

integer (int32)

3600

Serve stale duration in seconds. See cache plugin for more information.

LocalDNSProfile

Object

Configures the per-node local DNS, with VnetDNS and KubeDNS overrides. LocalDNS helps improve performance and reliability of DNS resolution in an AKS cluster. For more details see aka.ms/aks/localdns.

Name Type Default value Description
kubeDNSOverrides

<string,  LocalDNSOverride>

KubeDNS overrides apply to DNS traffic from pods with dnsPolicy:ClusterFirst (referred to as KubeDNS traffic).
mode

LocalDNSMode

Preferred

Mode of enablement for localDNS.
state

LocalDNSState

System-generated state of localDNS.
vnetDNSOverrides

<string,  LocalDNSOverride>

VnetDNS overrides apply to DNS traffic from pods with dnsPolicy:default or kubelet (referred to as VnetDNS traffic).

LocalDNSProtocol

Enumeration

Enforce TCP or prefer UDP protocol for connections from localDNS to upstream DNS server.

Value Description
PreferUDP

Prefer UDP protocol for connections from localDNS to upstream DNS server.
ForceTCP

Enforce TCP protocol for connections from localDNS to upstream DNS server.

LocalDNSQueryLogging

Enumeration

Log level for DNS queries in localDNS.

Value Description
Error

Enables error logging in localDNS. See errors plugin for more information.
Log

Enables query logging in localDNS. See log plugin for more information.

LocalDNSServeStale

Enumeration

Policy for serving stale data. See cache plugin for more information.

Value Description
Verify

Serve stale data with verification. First verify that an entry is still unavailable from the source before sending the expired entry to the client. See cache plugin for more information.
Immediate

Serve stale data immediately. Send the expired entry to the client before checking to see if the entry is available from the source. See cache plugin for more information.
Disable

Disable serving stale data.

LocalDNSState

Enumeration

System-generated state of localDNS.

Value Description
Enabled

localDNS is enabled.
Disabled

localDNS is disabled.

Machine

Object

A machine. Contains details about the underlying virtual machine. A machine may be visible here but not in kubectl get nodes; if so it may be because the machine has not been registered with the Kubernetes API Server yet.

Name Type Description
id

string (arm-id)

Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
name

string

The name of the resource
properties

MachineProperties

The properties of the machine
systemData

systemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.
type

string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
zones

string[]

The Availability zone in which machine is located.

MachineBillingProfile

Object

The properties having to do with machine billing.

Name Type Default value Description
spotMaxPrice

number (float)

-1

The max price (in US Dollars) you are willing to pay for spot instances. Possible values are any decimal value greater than zero or -1 which indicates default price to be up-to on-demand. For more details on spot pricing, see spot VMs pricing

MachineHardwareProfile

Object

The hardware and GPU settings of the machine.

Name Type Description
gpuInstanceProfile

GPUInstanceProfile

GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.
gpuProfile

GPUProfile

The GPU settings of the machine.
ultraSsdEnabled

boolean

Whether to enable UltraSSD
vmSize

string

The size of the VM. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions

MachineIpAddress

Object

The machine IP address details.

Name Type Description
family

IPFamily

To determine if address belongs IPv4 or IPv6 family
ip

string

IPv4 or IPv6 address of the machine

MachineKubernetesProfile

Object

The Kubernetes configurations used by the machine.

Name Type Description
artifactStreamingProfile

AgentPoolArtifactStreamingProfile

Configuration for using artifact streaming on AKS.
currentOrchestratorVersion

string

The version of Kubernetes running on the machine. If orchestratorVersion was a fully specified version <major.minor.patch>, this field will be exactly equal to it. If orchestratorVersion was <major.minor>, this field will contain the full <major.minor.patch> version being used.
kubeletConfig

KubeletConfig

The Kubelet configuration on the machine.
kubeletDiskType

KubeletDiskType

Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.
maxPods

integer (int32)

The maximum number of pods that can run on a node.
nodeInitializationTaints

string[]

Taints added on the node during creation that will not be reconciled by AKS. These taints will not be reconciled by AKS and can be removed with a kubectl call. These taints allow for required configuration to run before the node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with kubectl taint nodes node1 key1=value1:NoSchedule-
nodeLabels

object

The node labels on the machine.
nodeName

string

The node name in the Kubernetes cluster.
nodeTaints

string[]

The taints added to new node during machine create. For example, key=value:NoSchedule.
orchestratorVersion

string

The version of Kubernetes specified by the user. Both patch version <major.minor.patch> and <major.minor> are supported. When <major.minor> is specified, the latest supported patch version is chosen automatically.
workloadRuntime

WorkloadRuntime

Determines the type of workload a node can run.

MachineNetworkProperties

Object

network properties of the machine

Name Type Description
enableNodePublicIP

boolean

Whether the machine is allocated its own public IP. Some scenarios may require the machine to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. The default is false.
ipAddresses

MachineIpAddress[]

IPv4, IPv6 addresses of the machine
nodePublicIPPrefixID

string (arm-id)

The public IP prefix ID which VM node should use IPs from. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}
nodePublicIPTags

IPTag[]

IPTags of instance-level public IPs.
podSubnetID

string (arm-id)

The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}
vnetSubnetID

string (arm-id)

The ID of the subnet which node and optionally pods will join on startup. If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}

MachineOSProfile

Object

The operating system and disk used by the machine.

Name Type Default value Description
enableFIPS

boolean

Whether to use a FIPS-enabled OS.
linuxProfile

MachineOSProfileLinuxProfile

The Linux machine's specific profile.
osDiskSizeGB

integer (int32)

minimum: 0
maximum: 2048

OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified.
osDiskType

OSDiskType

The OS disk type to be used for machines in the agent pool. The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see Ephemeral OS.
osSKU

OSSKU

Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is deprecated.
osType

OSType

Linux

The operating system type. The default is Linux.
windowsProfile

AgentPoolWindowsProfile

The Windows machine's specific profile.

MachineOSProfileLinuxProfile

Object

The Linux machine's specific profile.

Name Type Description
linuxOSConfig

LinuxOSConfig

The OS configuration of Linux machine.
messageOfTheDay

string

Message of the day for Linux nodes, base64-encoded. A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., will be printed raw and not be executed as a script).

MachineProperties

Object

The properties of the machine

Name Type Default value Description
billing

MachineBillingProfile

The properties having to do with machine billing.
eTag

string

Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic concurrency per the normal eTag convention.
evictionPolicy

ScaleSetEvictionPolicy

Delete

The eviction policy for machine. This cannot be specified unless the priority is 'Spot'. If not specified, the default is 'Delete'.
hardware

MachineHardwareProfile

The hardware and GPU settings of the machine.
kubernetes

MachineKubernetesProfile

The Kubernetes configurations used by the machine.
localDNSProfile

LocalDNSProfile

Configures the per-node local DNS, with VnetDNS and KubeDNS overrides. LocalDNS helps improve performance and reliability of DNS resolution in an AKS cluster. For more details see aka.ms/aks/localdns.
mode

AgentPoolMode

Machine only allows 'System' and 'User' mode.
network

MachineNetworkProperties

network properties of the machine
nodeImageVersion

string

The version of node image.
operatingSystem

MachineOSProfile

The operating system and disk used by the machine.
priority

ScaleSetPriority

Regular

The priority for the machine. If not specified, the default is 'Regular'.
provisioningState

string

The current deployment or provisioning state.
resourceId

string (arm-id)

Azure resource id of the machine. It can be used to GET underlying VM Instance
security

MachineSecurityProfile

The security settings of the machine.
status

MachineStatus

Contains read-only information about the machine.
tags

object

The tags to be persisted on the machine.

MachineSecurityProfile

Object

The security settings of the machine.

Name Type Description
enableEncryptionAtHost

boolean

Whether to enable host based OS and data drive encryption. This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption
enableSecureBoot

boolean

Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false.
enableVTPM

boolean

vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false.
sshAccess

AgentPoolSSHAccess

SSH access method of an agent pool.

MachineStatus

Object

Contains read-only information about the machine.

Name Type Description
creationTimestamp

string (date-time)

Specifies the time at which the machine was created.
driftAction

DriftAction

The drift action of the machine. Indicates whether a machine has deviated from its expected state due to changes in managed cluster properties, requiring corrective action.
driftReason

string

Reason for machine drift. Provides detailed information on why the machine has drifted. This field is omitted if the machine is up to date.
provisioningError

ErrorDetail

The error details information of the machine. Preserves the detailed info of failure. If there was no error, this field is omitted.
vmState

VmState

Virtual machine state. Indicates the current state of the underlying virtual machine.

ManagementMode

Enumeration

The Managed GPU experience installs additional components, such as the Data Center GPU Manager (DCGM) metrics for monitoring, on top of the GPU driver for you. For more details of what is installed, check out aka.ms/aks/managed-gpu.

Value Description
Unmanaged

Managed GPU experience is disabled for NVIDIA GPUs.
Managed

Managed GPU experience is enabled for NVIDIA GPUs.

MigStrategy

Enumeration

Sets the MIG (Multi-Instance GPU) strategy that will be used for managed MIG support. For more information about the different strategies, visit aka.ms/aks/managed-gpu. When not specified, the default is None.

Value Description
None

Don't set a MIG strategy. If you previously had one set, this will override it and set remove the set MIG strategy.
Single

Set the MIG strategy for managed MIG as single.
Mixed

Set the MIG strategy for managed MIG as mixed.

NvidiaGPUProfile

Object

NVIDIA-specific GPU settings

Name Type Description
managementMode

ManagementMode

The Managed GPU experience installs additional components, such as the Data Center GPU Manager (DCGM) metrics for monitoring, on top of the GPU driver for you. For more details of what is installed, check out aka.ms/aks/managed-gpu.
migStrategy

MigStrategy

Sets the MIG (Multi-Instance GPU) strategy that will be used for managed MIG support. For more information about the different strategies, visit aka.ms/aks/managed-gpu. When not specified, the default is None.

OSDiskType

Enumeration

The OS disk type to be used for machines in the agent pool. The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see Ephemeral OS.

Value Description
Managed

Azure replicates the operating system disk for a virtual machine to Azure storage to avoid data loss should the VM need to be relocated to another host. Since containers aren't designed to have local state persisted, this behavior offers limited value while providing some drawbacks, including slower node provisioning and higher read/write latency.
Ephemeral

Ephemeral OS disks are stored only on the host machine, just like a temporary disk. This provides lower read/write latency, along with faster node scaling and cluster upgrades.

OSSKU

Enumeration

Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows.

Value Description
Ubuntu

Use Ubuntu as the OS for node images.
AzureLinux

Use AzureLinux as the OS for node images. Azure Linux is a container-optimized Linux distro built by Microsoft, visit https://aka.ms/azurelinux for more information.
AzureLinux3

Use AzureLinux3 as the OS for node images. Azure Linux is a container-optimized Linux distro built by Microsoft, visit https://aka.ms/azurelinux for more information. For limitations, visit https://aka.ms/aks/node-images. For OS migration guidance, see https://aka.ms/aks/upgrade-os-version.
Mariner

Deprecated OSSKU. Microsoft recommends that new deployments choose 'AzureLinux' instead.
Flatcar

Use Flatcar Container Linux as the OS for node images. Flatcar is a container-optimized, security-focused Linux OS, with an immutable filesystem and part of the Cloud Native Computing Foundation (CNCF). For more information about Flatcar Container Linux for AKS, see aka.ms/aks/flatcar-container-linux-for-aks
CBLMariner

Deprecated OSSKU. Microsoft recommends that new deployments choose 'AzureLinux' instead.
Windows2019

Use Windows2019 as the OS for node images. Unsupported for system node pools. Windows2019 only supports Windows2019 containers; it cannot run Windows2022 containers and vice versa.
Windows2022

Use Windows2022 as the OS for node images. Unsupported for system node pools. Windows2022 only supports Windows2022 containers; it cannot run Windows2019 containers and vice versa.
Ubuntu2204

Use Ubuntu2204 as the OS for node images, however, Ubuntu 22.04 may not be supported for all nodepools. For limitations and supported kubernetes versions, see https://aka.ms/aks/supported-ubuntu-versions
Windows2025

Use Windows2025 as the OS for node images. Unsupported for system node pools. Windows2025 supports Windows2022 and Windows 2025 containers; it cannot run Windows2019 containers and vice versa.
WindowsAnnual

Use Windows Annual Channel version as the OS for node images. Unsupported for system node pools. Details about supported container images and kubernetes versions under different AKS Annual Channel versions could be seen in https://aka.ms/aks/windows-annual-channel-details.
Ubuntu2404

Use Ubuntu2404 as the OS for node images, however, Ubuntu 24.04 may not be supported for all nodepools. For limitations and supported kubernetes versions, see see https://aka.ms/aks/supported-ubuntu-versions

OSType

Enumeration

The operating system type. The default is Linux.

Value Description
Linux

Use Linux.
Windows

Use Windows.

ScaleSetEvictionPolicy

Enumeration

The Virtual Machine Scale Set eviction policy. The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs

Value Description
Delete

Nodes in the underlying Scale Set of the node pool are deleted when they're evicted.
Deallocate

Nodes in the underlying Scale Set of the node pool are set to the stopped-deallocated state upon eviction. Nodes in the stopped-deallocated state count against your compute quota and can cause issues with cluster scaling or upgrading.

ScaleSetPriority

Enumeration

The Virtual Machine Scale Set priority.

Value Description
Spot

Spot priority VMs will be used. There is no SLA for spot nodes. See spot on AKS for more information.
Regular

Regular VMs will be used.

SeccompDefault

Enumeration

Specifies the default seccomp profile applied to all workloads. If not specified, 'Unconfined' will be used by default.

Value Description
Unconfined

No seccomp profile is applied, allowing all system calls.
RuntimeDefault

The default seccomp profile for container runtime is applied, which restricts certain system calls for enhanced security.

SysctlConfig

Object

Sysctl settings for Linux agent nodes.

Name Type Description
fsAioMaxNr

integer (int32)

Sysctl setting fs.aio-max-nr.
fsFileMax

integer (int32)

Sysctl setting fs.file-max.
fsInotifyMaxUserWatches

integer (int32)

Sysctl setting fs.inotify.max_user_watches.
fsNrOpen

integer (int32)

Sysctl setting fs.nr_open.
kernelThreadsMax

integer (int32)

Sysctl setting kernel.threads-max.
netCoreNetdevMaxBacklog

integer (int32)

Sysctl setting net.core.netdev_max_backlog.
netCoreOptmemMax

integer (int32)

Sysctl setting net.core.optmem_max.
netCoreRmemDefault

integer (int32)

Sysctl setting net.core.rmem_default.
netCoreRmemMax

integer (int32)

Sysctl setting net.core.rmem_max.
netCoreSomaxconn

integer (int32)

Sysctl setting net.core.somaxconn.
netCoreWmemDefault

integer (int32)

Sysctl setting net.core.wmem_default.
netCoreWmemMax

integer (int32)

Sysctl setting net.core.wmem_max.
netIpv4IpLocalPortRange

string

Sysctl setting net.ipv4.ip_local_port_range.
netIpv4NeighDefaultGcThresh1

integer (int32)

Sysctl setting net.ipv4.neigh.default.gc_thresh1.
netIpv4NeighDefaultGcThresh2

integer (int32)

Sysctl setting net.ipv4.neigh.default.gc_thresh2.
netIpv4NeighDefaultGcThresh3

integer (int32)

Sysctl setting net.ipv4.neigh.default.gc_thresh3.
netIpv4TcpFinTimeout

integer (int32)

Sysctl setting net.ipv4.tcp_fin_timeout.
netIpv4TcpKeepaliveProbes

integer (int32)

Sysctl setting net.ipv4.tcp_keepalive_probes.
netIpv4TcpKeepaliveTime

integer (int32)

Sysctl setting net.ipv4.tcp_keepalive_time.
netIpv4TcpMaxSynBacklog

integer (int32)

Sysctl setting net.ipv4.tcp_max_syn_backlog.
netIpv4TcpMaxTwBuckets

integer (int32)

Sysctl setting net.ipv4.tcp_max_tw_buckets.
netIpv4TcpTwReuse

boolean

Sysctl setting net.ipv4.tcp_tw_reuse.
netIpv4TcpkeepaliveIntvl

integer (int32)

minimum: 10
maximum: 90

Sysctl setting net.ipv4.tcp_keepalive_intvl.
netNetfilterNfConntrackBuckets

integer (int32)

minimum: 65536
maximum: 524288

Sysctl setting net.netfilter.nf_conntrack_buckets.
netNetfilterNfConntrackMax

integer (int32)

minimum: 131072
maximum: 2097152

Sysctl setting net.netfilter.nf_conntrack_max.
vmMaxMapCount

integer (int32)

Sysctl setting vm.max_map_count.
vmSwappiness

integer (int32)

Sysctl setting vm.swappiness.
vmVfsCachePressure

integer (int32)

Sysctl setting vm.vfs_cache_pressure.

systemData

Object

Metadata pertaining to creation and last modification of the resource.

Name Type Description
createdAt

string (date-time)

The timestamp of resource creation (UTC).
createdBy

string

The identity that created the resource.
createdByType

createdByType

The type of identity that created the resource.
lastModifiedAt

string (date-time)

The timestamp of resource last modification (UTC)
lastModifiedBy

string

The identity that last modified the resource.
lastModifiedByType

createdByType

The type of identity that last modified the resource.

VmState

Enumeration

Virtual machine state. Indicates the current state of the underlying virtual machine.

Value Description
Running

The virtual machine is currently running.
Deleted

The virtual machine has been deleted by the user or due to spot eviction.

WorkloadRuntime

Enumeration

Determines the type of workload a node can run.

Value Description
OCIContainer

Nodes will use Kubelet to run standard OCI container workloads.
WasmWasi

Nodes will use Krustlet to run WASM workloads using the WASI provider (Preview).
KataMshvVmIsolation

Nodes can use (Kata + Cloud Hypervisor + Hyper-V) to enable Nested VM-based pods (Preview). Due to the use Hyper-V, AKS node OS itself is a nested VM (the root OS) of Hyper-V. Thus it can only be used with VM series that support Nested Virtualization such as Dv3 series. This naming convention will be deprecated in future releases in favor of KataVmIsolation.
KataVmIsolation

Nodes can use (Kata + Cloud Hypervisor + Hyper-V) to enable Nested VM-based pods. Due to the use Hyper-V, AKS node OS itself is a nested VM (the root OS) of Hyper-V. Thus it can only be used with VM series that support Nested Virtualization such as Dv3 series.