Managed Clusters - Create Or Update

Service:

AKS

API Version:

2022-04-01

Creates or updates a managed cluster.

HTTP

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}?api-version=2022-04-01

URI Parameters

Name	In	Required	Type	Description
resourceGroupName	path	True	string	The name of the resource group. The name is case insensitive.
resourceName	path	True	string	The name of the managed cluster resource. Regex pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$
subscriptionId	path	True	string	The ID of the target subscription.
api-version	query	True	string	The API version to use for this operation.

Request Body

Name	Required	Type	Description
location	True	string	The geo-location where the resource lives
extendedLocation		ExtendedLocation	The extended location of the Virtual Machine.
identity		ManagedClusterIdentity	The identity of the managed cluster, if configured.
properties.aadProfile		ManagedClusterAADProfile	AADProfile specifies attributes for Azure Active Directory integration. The Azure Active Directory configuration.
properties.addonProfiles		<string,  ManagedClusterAddonProfile>	The profile of managed cluster add-on.
properties.agentPoolProfiles		ManagedClusterAgentPoolProfile[]	The agent pool properties.
properties.apiServerAccessProfile		ManagedClusterAPIServerAccessProfile	The access profile for managed cluster API server.
properties.autoScalerProfile		AutoScalerProfile	Parameters to be applied to the cluster-autoscaler when enabled
properties.autoUpgradeProfile		ManagedClusterAutoUpgradeProfile	The auto upgrade configuration.
properties.disableLocalAccounts		boolean	If local accounts should be disabled on the Managed Cluster. If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. For more details see disable local accounts.
properties.diskEncryptionSetID		string	The Resource ID of the disk encryption set to use for enabling encryption at rest. This is of the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}'
properties.dnsPrefix		string	The DNS prefix of the Managed Cluster. This cannot be updated once the Managed Cluster has been created.
properties.enablePodSecurityPolicy		boolean	(DEPRECATING) Whether to enable Kubernetes pod security policy (preview). This feature is set for removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy.
properties.enableRBAC		boolean	Whether to enable Kubernetes Role-Based Access Control.
properties.fqdnSubdomain		string	The FQDN subdomain of the private cluster with custom private dns zone. This cannot be updated once the Managed Cluster has been created.
properties.httpProxyConfig		ManagedClusterHTTPProxyConfig	Configurations for provisioning the cluster with HTTP proxy servers.
properties.identityProfile		<string,  UserAssignedIdentity>	Identities associated with the cluster.
properties.kubernetesVersion		string	The version of Kubernetes specified by the user. Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See upgrading an AKS cluster for more details.
properties.linuxProfile		ContainerServiceLinuxProfile	The profile for Linux VMs in the Managed Cluster.
properties.networkProfile		ContainerServiceNetworkProfile	The network configuration profile.
properties.nodeResourceGroup		string	The name of the resource group containing agent pool nodes.
properties.podIdentityProfile		ManagedClusterPodIdentityProfile	The pod identity profile of the Managed Cluster. See use AAD pod identity for more details on AAD pod identity integration.
properties.privateLinkResources		PrivateLinkResource[]	Private link resources associated with the cluster.
properties.publicNetworkAccess		PublicNetworkAccess	PublicNetworkAccess of the managedCluster Allow or deny public network access for AKS
properties.securityProfile		ManagedClusterSecurityProfile	Security profile for the managed cluster.
properties.servicePrincipalProfile		ManagedClusterServicePrincipalProfile	Information about a service principal identity for the cluster to use for manipulating Azure APIs.
properties.storageProfile		ManagedClusterStorageProfile	Storage profile for the managed cluster.
properties.windowsProfile		ManagedClusterWindowsProfile	The profile for Windows VMs in the Managed Cluster.
sku		ManagedClusterSKU	The managed cluster SKU.
tags		object	Resource tags.

Responses

Name	Type	Description
200 OK	ManagedCluster	OK
201 Created	ManagedCluster	Created
Other Status Codes	CloudError	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Create Managed Cluster using an agent pool snapshot

Create Managed Cluster with AKS-managed NAT gateway as outbound type

Create Managed Cluster with EncryptionAtHost enabled

Create Managed Cluster with FIPS enabled OS

Create Managed Cluster with GPUMIG

Create Managed Cluster with HTTP proxy configured

Create Managed Cluster with Node Public IP Prefix

Create Managed Cluster with OSSKU

Create Managed Cluster with PodIdentity enabled

Create Managed Cluster with PPG

Create Managed Cluster with RunCommand disabled

Create Managed Cluster with Security Profile configured

Create Managed Cluster with UltraSSD enabled

Create Managed Cluster with user-assigned NAT gateway as outbound type

Create Managed Private Cluster with fqdn subdomain specified

Create Managed Private Cluster with Public FQDN specified

Create/Update AAD Managed Cluster with EnableAzureRBAC

Create/Update Managed Cluster

Create/Update Managed Cluster with dual-stack networking

Create/Update Managed Cluster with EnableAHUB

Create/Update Managed Cluster with Windows gMSA enabled

Create Managed Cluster using an agent pool snapshot

Sample request

HTTP

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2022-04-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableFIPS": true,
        "creationData": {
          "sourceResourceId": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"
        }
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": false
  }
}

Sample response

Status code:

200

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
        "enableFIPS": true,
        "creationData": {
          "sourceResourceId": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"
        }
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": false,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableFIPS": true,
        "creationData": {
          "sourceResourceId": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"
        }
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": false,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create Managed Cluster with AKS-managed NAT gateway as outbound type

Sample request

HTTP

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2022-04-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": false,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "managedNATGateway",
      "natGatewayProfile": {
        "managedOutboundIPProfile": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  }
}

Sample response

Status code:

200

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": false,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "outboundType": "managedNATGateway",
      "natGatewayProfile": {
        "idleTimeoutInMinutes": 4,
        "managedOutboundIPProfile": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": false,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "loadBalancerSku": "standard",
      "outboundType": "managedNATGateway",
      "natGatewayProfile": {
        "idleTimeoutInMinutes": 4,
        "managedOutboundIPProfile": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create Managed Cluster with EncryptionAtHost enabled

Sample request

HTTP

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2022-04-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  }
}

Sample response

Status code:

200

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create Managed Cluster with FIPS enabled OS

Sample request

HTTP

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2022-04-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableFIPS": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": false
  }
}

Sample response

Status code:

200

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
        "enableFIPS": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": false,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableFIPS": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": false,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create Managed Cluster with GPUMIG

Sample request

HTTP

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2022-04-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_ND96asr_v4",
        "osType": "Linux",
        "gpuInstanceProfile": "MIG3g",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "httpProxyConfig": {
      "httpProxy": "http://myproxy.server.com:8080",
      "httpsProxy": "https://myproxy.server.com:8080",
      "noProxy": [
        "localhost",
        "127.0.0.1"
      ],
      "trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
    }
  }
}

Sample response

Status code:

200

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_ND96asr_v4",
        "maxPods": 110,
        "osType": "Linux",
        "gpuInstanceProfile": "MIG3g",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "httpProxyConfig": {
      "httpProxy": "http://myproxy.server.com:8080",
      "httpsProxy": "https://myproxy.server.com:8080",
      "noProxy": [
        "localhost",
        "127.0.0.1"
      ],
      "trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
    }
  }
}

Status code:

201

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_ND96asr_v4",
        "maxPods": 110,
        "osType": "Linux",
        "gpuInstanceProfile": "MIG3g",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "httpProxyConfig": {
      "httpProxy": "http://myproxy.server.com:8080",
      "httpsProxy": "https://myproxy.server.com:8080",
      "noProxy": [
        "localhost",
        "127.0.0.1"
      ],
      "trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
    }
  }
}

Create Managed Cluster with HTTP proxy configured

Sample request

HTTP

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2022-04-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "httpProxyConfig": {
      "httpProxy": "http://myproxy.server.com:8080",
      "httpsProxy": "https://myproxy.server.com:8080",
      "noProxy": [
        "localhost",
        "127.0.0.1"
      ],
      "trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
    }
  }
}

Sample response

Status code:

200

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "httpProxyConfig": {
      "httpProxy": "http://myproxy.server.com:8080",
      "httpsProxy": "https://myproxy.server.com:8080",
      "noProxy": [
        "localhost",
        "127.0.0.1"
      ],
      "trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
    }
  }
}

Status code:

201

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "httpProxyConfig": {
      "httpProxy": "http://myproxy.server.com:8080",
      "httpsProxy": "https://myproxy.server.com:8080",
      "noProxy": [
        "localhost",
        "127.0.0.1"
      ],
      "trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
    }
  }
}

Create Managed Cluster with Node Public IP Prefix

Sample request

HTTP

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2022-04-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodePublicIPPrefixID": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  }
}

Sample response

Status code:

200

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
        "nodePublicIPPrefixID": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodePublicIPPrefixID": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create Managed Cluster with OSSKU

Sample request

HTTP

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2022-04-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "osSKU": "CBLMariner",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "httpProxyConfig": {
      "httpProxy": "http://myproxy.server.com:8080",
      "httpsProxy": "https://myproxy.server.com:8080",
      "noProxy": [
        "localhost",
        "127.0.0.1"
      ],
      "trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
    }
  }
}

Sample response

Status code:

200

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "osSKU": "CBLMariner",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "httpProxyConfig": {
      "httpProxy": "http://myproxy.server.com:8080",
      "httpsProxy": "https://myproxy.server.com:8080",
      "noProxy": [
        "localhost",
        "127.0.0.1"
      ],
      "trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
    }
  }
}

Status code:

201

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "osSKU": "CBLMariner",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "httpProxyConfig": {
      "httpProxy": "http://myproxy.server.com:8080",
      "httpsProxy": "https://myproxy.server.com:8080",
      "noProxy": [
        "localhost",
        "127.0.0.1"
      ],
      "trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
    }
  }
}

Create Managed Cluster with PodIdentity enabled

Sample request

HTTP

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2022-04-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "podIdentityProfile": {
      "enabled": true,
      "allowNetworkPluginKubenet": true
    }
  }
}

Sample response

Status code:

200

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "podIdentityProfile": {
      "enabled": true,
      "allowNetworkPluginKubenet": true
    }
  }
}

Status code:

201

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "podIdentityProfile": {
      "enabled": true,
      "allowNetworkPluginKubenet": true
    }
  }
}

Create Managed Cluster with PPG

Sample request

HTTP

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2022-04-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "proximityPlacementGroupID": "/subscriptions/subid1/resourcegroups/rg1/providers//Microsoft.Compute/proximityPlacementGroups/ppg1"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  }
}

Sample response

Status code:

200

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
        "proximityPlacementGroupID": "/subscriptions/subid1/resourcegroups/rg1/providers//Microsoft.Compute/proximityPlacementGroups/ppg1"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "proximityPlacementGroupID": "/subscriptions/subid1/resourcegroups/rg1/providers//Microsoft.Compute/proximityPlacementGroups/ppg1"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create Managed Cluster with RunCommand disabled

Sample request

HTTP

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2022-04-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "apiServerAccessProfile": {
      "disableRunCommand": true
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "enablePodSecurityPolicy": true
  }
}

Sample response

Status code:

200

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "apiServerAccessProfile": {
      "disableRunCommand": true
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
    "privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "apiServerAccessProfile": {
      "disableRunCommand": true
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
    "privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create Managed Cluster with Security Profile configured

Sample request

HTTP

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2022-04-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "securityProfile": {
      "azureDefender": {
        "enabled": true,
        "logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME"
      }
    }
  }
}

Sample response

Status code:

200

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "securityProfile": {
      "azureDefender": {
        "enabled": true,
        "logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME"
      }
    }
  }
}

Status code:

201

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "securityProfile": {
      "azureDefender": {
        "enabled": true,
        "logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME"
      }
    }
  }
}

Create Managed Cluster with UltraSSD enabled

Sample request

HTTP

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2022-04-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableUltraSSD": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  }
}

Sample response

Status code:

200

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
        "enableUltraSSD": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableUltraSSD": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create Managed Cluster with user-assigned NAT gateway as outbound type

Sample request

HTTP

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2022-04-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": false,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "userAssignedNATGateway"
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  }
}

Sample response

Status code:

200

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": false,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "outboundType": "userAssignedNATGateway"
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": false,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "loadBalancerSku": "standard",
      "outboundType": "userAssignedNATGateway"
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create Managed Private Cluster with fqdn subdomain specified

Sample request

HTTP

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2022-04-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "fqdnSubdomain": "domain1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "apiServerAccessProfile": {
      "enablePrivateCluster": true,
      "privateDNSZone": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "enablePodSecurityPolicy": true
  }
}

Sample response

Status code:

200

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "fqdnSubdomain": "domain1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "apiServerAccessProfile": {
      "enablePrivateCluster": true,
      "privateDNSZone": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "enablePodSecurityPolicy": true,
    "privateFQDN": "domain1.privatelink.location1.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "fqdnSubdomain": "domain1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "apiServerAccessProfile": {
      "enablePrivateCluster": true,
      "privateDNSZone": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "privateFQDN": "domain1.privatelink.location1.azmk8s.io",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create Managed Private Cluster with Public FQDN specified

Sample request

HTTP

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2022-04-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "apiServerAccessProfile": {
      "enablePrivateCluster": true,
      "enablePrivateClusterPublicFQDN": true
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "enablePodSecurityPolicy": true
  }
}

Sample response

Status code:

200

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "apiServerAccessProfile": {
      "enablePrivateCluster": true,
      "enablePrivateClusterPublicFQDN": true,
      "privateDNSZone": "system"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
    "privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "apiServerAccessProfile": {
      "enablePrivateCluster": true,
      "enablePrivateClusterPublicFQDN": true,
      "privateDNSZone": "system"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
    "privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create/Update AAD Managed Cluster with EnableAzureRBAC

Sample request

HTTP

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2022-04-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "aadProfile": {
      "managed": true,
      "enableAzureRBAC": true
    },
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  }
}

Sample response

Status code:

200

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "aadProfile": {
      "managed": true,
      "adminGroupObjectIDs": null,
      "enableAzureRBAC": true,
      "tenantID": "tenantID"
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "aadProfile": {
      "managed": true,
      "adminGroupObjectIDs": null,
      "enableAzureRBAC": true,
      "tenantID": "tenantID"
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create/Update Managed Cluster

Sample request

HTTP

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2022-04-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "scaleDownMode": "Deallocate",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "balance-similar-node-groups": "true",
      "expander": "priority",
      "max-node-provision-time": "15m",
      "new-pod-scale-up-delay": "1m",
      "scale-down-delay-after-add": "15m",
      "scan-interval": "20s",
      "skip-nodes-with-system-pods": "false"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
    }
  }
}

Sample response

Status code:

200

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "scaleDownMode": "Deallocate",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "balance-similar-node-groups": "true",
      "expander": "priority",
      "max-node-provision-time": "15m",
      "new-pod-scale-up-delay": "1m",
      "scale-down-delay-after-add": "15m",
      "scan-interval": "20s",
      "skip-nodes-with-system-pods": "false"
    }
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
        "principalId": "principalId1",
        "clientId": "clientId1"
      }
    }
  }
}

Status code:

201

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "scaleDownMode": "Deallocate",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
        "principalId": "principalId1",
        "clientId": "clientId1"
      }
    }
  }
}

Create/Update Managed Cluster with dual-stack networking

Sample request

HTTP

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2022-04-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "scaleDownMode": "Deallocate",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      },
      "ipFamilies": [
        "IPv4",
        "IPv6"
      ]
    },
    "autoScalerProfile": {
      "balance-similar-node-groups": "true",
      "expander": "priority",
      "max-node-provision-time": "15m",
      "new-pod-scale-up-delay": "1m",
      "scale-down-delay-after-add": "15m",
      "scan-interval": "20s",
      "skip-nodes-with-system-pods": "false"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
    }
  }
}

Sample response

Status code:

200

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.22.1",
    "currentKubernetesVersion": "1.22.1",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.22.1",
        "currentOrchestratorVersion": "1.22.1",
        "type": "VirtualMachineScaleSets",
        "scaleDownMode": "Deallocate",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16",
        "fd11:1234::/64"
      ],
      "serviceCidrs": [
        "10.0.0.0/16",
        "fd00:1234::/108"
      ],
      "ipFamilies": [
        "IPv4",
        "IPv6"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2,
          "countIPv6": 1
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip3-ipv6"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "balance-similar-node-groups": "true",
      "expander": "priority",
      "max-node-provision-time": "15m",
      "new-pod-scale-up-delay": "1m",
      "scale-down-delay-after-add": "15m",
      "scan-interval": "20s",
      "skip-nodes-with-system-pods": "false"
    }
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
        "principalId": "principalId1",
        "clientId": "clientId1"
      }
    }
  }
}

Status code:

201

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.22.1",
    "currentKubernetesVersion": "1.22.1",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.22.1",
        "currentOrchestratorVersion": "1.22.1",
        "type": "VirtualMachineScaleSets",
        "scaleDownMode": "Deallocate",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16",
        "fd11:1234::/64"
      ],
      "serviceCidrs": [
        "10.0.0.0/16",
        "fd00:1234::/108"
      ],
      "ipFamilies": [
        "IPv4",
        "IPv6"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2,
          "countIPv6": 1
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip3-ipv6"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
        "principalId": "principalId1",
        "clientId": "clientId1"
      }
    }
  }
}

Create/Update Managed Cluster with EnableAHUB

Sample request

HTTP

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2022-04-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$",
      "licenseType": "Windows_Server"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
    }
  }
}

Sample response

Status code:

200

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "licenseType": "Windows_Server"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
        "principalId": "principalId1",
        "clientId": "clientId1"
      }
    }
  }
}

Status code:

201

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "licenseType": "Windows_Server"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
        "principalId": "principalId1",
        "clientId": "clientId1"
      }
    }
  }
}

Create/Update Managed Cluster with Windows gMSA enabled

Sample request

HTTP

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2022-04-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$",
      "gmsaProfile": {
        "enabled": true
      }
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
    }
  }
}

Sample response

Status code:

200

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "gmsaProfile": {
        "enabled": true
      }
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
        "principalId": "principalId1",
        "clientId": "clientId1"
      }
    }
  }
}

Status code:

201

JSON

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "gmsaProfile": {
        "enabled": true
      }
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "dockerBridgeCidr": "172.17.0.1/16",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
        "principalId": "principalId1",
        "clientId": "clientId1"
      }
    }
  }
}

Definitions

Name	Description
AgentPoolMode	The mode of an agent pool.
AgentPoolType	The type of Agent Pool.
AgentPoolUpgradeSettings	Settings for upgrading an agentpool
AutoScalerProfile	Parameters to be applied to the cluster-autoscaler when enabled
CloudError	An error response from the Container service.
CloudErrorBody	An error response from the Container service.
code	Tells whether the cluster is Running or Stopped
ContainerServiceLinuxProfile	Profile for Linux VMs in the container service cluster.
ContainerServiceNetworkProfile	Profile of network configuration.
ContainerServiceSshConfiguration	SSH configuration for Linux-based VMs running on Azure.
ContainerServiceSshPublicKey	Contains information about SSH certificate public key data.
createdByType	The type of identity that created the resource.
CreationData	Data used when creating a target resource from a source resource.
expander	The expander to use when scaling up
ExtendedLocation	The complex type of the extended location.
ExtendedLocationTypes	The type of the extended location.
GPUInstanceProfile	GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.
Identity	Identity for the resource.
ipFamily	The IP families used to specify IP versions available to the cluster.
KubeletConfig	Kubelet configurations of agent nodes.
KubeletDiskType	Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.
licenseType	The license type to use for Windows VMs. See Azure Hybrid User Benefits for more details.
LinuxOSConfig	OS configurations of Linux agent nodes.
loadBalancerSku	The load balancer sku for the managed cluster.
ManagedCluster	Managed cluster.
ManagedClusterAADProfile	AADProfile specifies attributes for Azure Active Directory integration.
ManagedClusterAddonProfile	A Kubernetes add-on profile for a managed cluster.
ManagedClusterAgentPoolProfile	Profile for the container service agent pool.
ManagedClusterAPIServerAccessProfile	Access profile for managed cluster API server.
ManagedClusterAutoUpgradeProfile	Auto upgrade profile for a managed cluster.
ManagedClusterHTTPProxyConfig	Cluster HTTP proxy configuration.
ManagedClusterIdentity	Identity for the managed cluster.
ManagedClusterLoadBalancerProfile	Profile of the managed cluster load balancer.
ManagedClusterManagedOutboundIPProfile	Profile of the managed outbound IP resources of the managed cluster.
ManagedClusterNATGatewayProfile	Profile of the managed cluster NAT gateway.
ManagedClusterPodIdentity	Details about the pod identity assigned to the Managed Cluster.
ManagedClusterPodIdentityException	A pod identity exception, which allows pods with certain labels to access the Azure Instance Metadata Service (IMDS) endpoint without being intercepted by the node-managed identity (NMI) server.
ManagedClusterPodIdentityProfile	The pod identity profile of the Managed Cluster.
ManagedClusterPodIdentityProvisioningError	An error response from the pod identity provisioning.
ManagedClusterPodIdentityProvisioningErrorBody	An error response from the pod identity provisioning.
ManagedClusterPodIdentityProvisioningState	The current provisioning state of the pod identity.
ManagedClusterSecurityProfile	Security profile for the container service cluster.
ManagedClusterSecurityProfileAzureDefender	Azure Defender settings for the security profile.
ManagedClusterServicePrincipalProfile	Information about a service principal identity for the cluster to use for manipulating Azure APIs.
ManagedClusterSKU	The SKU of a Managed Cluster.
ManagedClusterSKUName	The name of a managed cluster SKU.
ManagedClusterSKUTier	The tier of a managed cluster SKU.
ManagedClusterStorageProfile	Storage profile for the container service cluster.
ManagedClusterStorageProfileDiskCSIDriver	AzureDisk CSI Driver settings for the storage profile.
ManagedClusterStorageProfileFileCSIDriver	AzureFile CSI Driver settings for the storage profile.
ManagedClusterStorageProfileSnapshotController	Snapshot Controller settings for the storage profile.
ManagedClusterWindowsProfile	Profile for Windows VMs in the managed cluster.
ManagedOutboundIPs	Desired managed outbound IPs for the cluster load balancer.
networkMode	The network mode Azure CNI is configured with.
NetworkPlugin	Network plugin used for building the Kubernetes network.
NetworkPolicy	Network policy used for building the Kubernetes network.
OSDiskType	The OS disk type to be used for machines in the agent pool.
OSSKU	Specifies an OS SKU. This value must not be specified if OSType is Windows.
OSType	The operating system type. The default is Linux.
OutboundIPPrefixes	Desired outbound IP Prefix resources for the cluster load balancer.
OutboundIPs	Desired outbound IP resources for the cluster load balancer.
outboundType	The outbound (egress) routing method.
PowerState	Describes the Power State of the cluster
PrivateLinkResource	A private link resource
ProvisioningInfo
PublicNetworkAccess	PublicNetworkAccess of the managedCluster
ResourceIdentityType	The type of identity used for the managed cluster.
ResourceReference	A reference to an Azure resource.
ScaleDownMode	Describes how VMs are added to or removed from Agent Pools. See billing states.
ScaleSetEvictionPolicy	The Virtual Machine Scale Set eviction policy.
ScaleSetPriority	The Virtual Machine Scale Set priority.
SysctlConfig	Sysctl settings for Linux agent nodes.
systemData	Metadata pertaining to creation and last modification of the resource.
upgradeChannel	The upgrade channel for auto upgrade. The default is 'none'.
UserAssignedIdentities	The user identity associated with the managed cluster. This identity will be used in control plane. Only one user assigned identity is allowed.
UserAssignedIdentity	Details about a user assigned identity.
WindowsGmsaProfile	Windows gMSA Profile in the managed cluster.
WorkloadRuntime	Determines the type of workload a node can run.

AgentPoolMode

Enumeration

The mode of an agent pool.

Value	Description
System	System agent pools are primarily for hosting critical system pods such as CoreDNS and metrics-server. System agent pools osType must be Linux. System agent pools VM SKU must have at least 2vCPUs and 4GB of memory.
User	User agent pools are primarily for hosting your application pods.

AgentPoolType

Enumeration

The type of Agent Pool.

Value	Description
AvailabilitySet	Use of this is strongly discouraged.
VirtualMachineScaleSets	Create an Agent Pool backed by a Virtual Machine Scale Set.

AgentPoolUpgradeSettings

Object

Settings for upgrading an agentpool

Name	Type	Description
maxSurge	string	The maximum number or percentage of nodes that are surged during upgrade. This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 1. For more information, including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade

AutoScalerProfile

Object

Parameters to be applied to the cluster-autoscaler when enabled

Name	Type	Description
balance-similar-node-groups	string	Detects similar node pools and balances the number of nodes between them. Valid values are 'true' and 'false'
expander	expander	The expander to use when scaling up If not specified, the default is 'random'. See expanders for more information.
max-empty-bulk-delete	string	The maximum number of empty nodes that can be deleted at the same time. This must be a positive integer. The default is 10.
max-graceful-termination-sec	string	The maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. The default is 600.
max-node-provision-time	string	The maximum time the autoscaler waits for a node to be provisioned. The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.
max-total-unready-percentage	string	The maximum percentage of unready nodes in the cluster. After this percentage is exceeded, cluster autoscaler halts operations. The default is 45. The maximum is 100 and the minimum is 0.
new-pod-scale-up-delay	string	Ignore unscheduled pods before they're a certain age. For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc).
ok-total-unready-count	string	The number of allowed unready nodes, irrespective of max-total-unready-percentage. This must be an integer. The default is 3.
scale-down-delay-after-add	string	How long after scale up that scale down evaluation resumes The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.
scale-down-delay-after-delete	string	How long after node deletion that scale down evaluation resumes. The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.
scale-down-delay-after-failure	string	How long after scale down failure that scale down evaluation resumes. The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.
scale-down-unneeded-time	string	How long a node should be unneeded before it is eligible for scale down. The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.
scale-down-unready-time	string	How long an unready node should be unneeded before it is eligible for scale down The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.
scale-down-utilization-threshold	string	Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. The default is '0.5'.
scan-interval	string	How often cluster is reevaluated for scale up or down. The default is '10'. Values must be an integer number of seconds.
skip-nodes-with-local-storage	string	If cluster autoscaler will skip deleting nodes with pods with local storage, for example, EmptyDir or HostPath. The default is true.
skip-nodes-with-system-pods	string	If cluster autoscaler will skip deleting nodes with pods from kube-system (except for DaemonSet or mirror pods) The default is true.

CloudError

Object

An error response from the Container service.

Name	Type	Description
error	CloudErrorBody	Details about the error.

CloudErrorBody

Object

An error response from the Container service.

Name	Type	Description
code	string	An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
details	CloudErrorBody[]	A list of additional details about the error.
message	string	A message describing the error, intended to be suitable for display in a user interface.
target	string	The target of the particular error. For example, the name of the property in error.

code

Enumeration

Tells whether the cluster is Running or Stopped

Value	Description
Running	The cluster is running.
Stopped	The cluster is stopped.

ContainerServiceLinuxProfile

Object

Profile for Linux VMs in the container service cluster.

Name	Type	Description
adminUsername	string	The administrator username to use for Linux VMs.
ssh	ContainerServiceSshConfiguration	The SSH configuration for Linux-based VMs running on Azure.

ContainerServiceNetworkProfile

Object

Profile of network configuration.

Name	Type	Default value	Description
dnsServiceIP	string	10.0.0.10	An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr.
dockerBridgeCidr	string	172.17.0.1/16	A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range.
ipFamilies	ipFamily[]		The IP families used to specify IP versions available to the cluster. IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value is IPv4. For dual-stack, the expected values are IPv4 and IPv6.
loadBalancerProfile	ManagedClusterLoadBalancerProfile		Profile of the cluster load balancer.
loadBalancerSku	loadBalancerSku		The load balancer sku for the managed cluster. The default is 'standard'. See Azure Load Balancer SKUs for more information about the differences between load balancer SKUs.
natGatewayProfile	ManagedClusterNATGatewayProfile		Profile of the cluster NAT gateway.
networkMode	networkMode		The network mode Azure CNI is configured with. This cannot be specified if networkPlugin is anything other than 'azure'.
networkPlugin	NetworkPlugin	kubenet	Network plugin used for building the Kubernetes network.
networkPolicy	NetworkPolicy		Network policy used for building the Kubernetes network.
outboundType	outboundType	loadBalancer	The outbound (egress) routing method. This can only be set at cluster creation time and cannot be changed later. For more information see egress outbound type.
podCidr	string	10.244.0.0/16	A CIDR notation IP range from which to assign pod IPs when kubenet is used.
podCidrs	string[]		The CIDR notation IP ranges from which to assign pod IPs. One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking.
serviceCidr	string	10.0.0.0/16	A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges.
serviceCidrs	string[]		The CIDR notation IP ranges from which to assign service cluster IPs. One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. They must not overlap with any Subnet IP ranges.

ContainerServiceSshConfiguration

Object

SSH configuration for Linux-based VMs running on Azure.

Name	Type	Description
publicKeys	ContainerServiceSshPublicKey[]	The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.

ContainerServiceSshPublicKey

Object

Contains information about SSH certificate public key data.

Name	Type	Description
keyData	string	Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or without headers.

createdByType

Enumeration

The type of identity that created the resource.

Value	Description
Application
Key
ManagedIdentity
User

CreationData

Object

Data used when creating a target resource from a source resource.

Name	Type	Description
sourceResourceId	string	This is the ARM ID of the source object to be used to create the target object.

expander

Enumeration

The expander to use when scaling up

Value	Description
least-waste	Selects the node group that will have the least idle CPU (if tied, unused memory) after scale-up. This is useful when you have different classes of nodes, for example, high CPU or high memory nodes, and only want to expand those when there are pending pods that need a lot of those resources.
most-pods	Selects the node group that would be able to schedule the most pods when scaling up. This is useful when you are using nodeSelector to make sure certain pods land on certain nodes. Note that this won't cause the autoscaler to select bigger nodes vs. smaller, as it can add multiple smaller nodes at once.
priority	Selects the node group that has the highest priority assigned by the user. It's configuration is described in more details here.
random	Used when you don't have a particular need for the node groups to scale differently.

ExtendedLocation

Object

The complex type of the extended location.

Name	Type	Description
name	string	The name of the extended location.
type	ExtendedLocationTypes	The type of the extended location.

ExtendedLocationTypes

Enumeration

The type of the extended location.

Value	Description
EdgeZone

GPUInstanceProfile

Enumeration

GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.

Value	Description
MIG1g
MIG2g
MIG3g
MIG4g
MIG7g

Identity

Object

Identity for the resource.

Name	Type	Description
principalId	string	The principal ID of resource identity.
tenantId	string	The tenant ID of resource.
type	ResourceIdentityType	The identity type.

ipFamily

Enumeration

The IP families used to specify IP versions available to the cluster.

Value	Description
IPv4
IPv6

KubeletConfig

Object

Kubelet configurations of agent nodes.

Name	Type	Description
allowedUnsafeSysctls	string[]	Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in *).
containerLogMaxFiles	integer	The maximum number of container log files that can be present for a container. The number must be ≥ 2.
containerLogMaxSizeMB	integer	The maximum size (e.g. 10Mi) of container log file before it is rotated.
cpuCfsQuota	boolean	If CPU CFS quota enforcement is enabled for containers that specify CPU limits. The default is true.
cpuCfsQuotaPeriod	string	The CPU CFS quota period value. The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'.
cpuManagerPolicy	string	The CPU Manager policy to use. The default is 'none'. See Kubernetes CPU management policies for more information. Allowed values are 'none' and 'static'.
failSwapOn	boolean	If set to true it will make the Kubelet fail to start if swap is enabled on the node.
imageGcHighThreshold	integer	The percent of disk usage after which image garbage collection is always run. To disable image garbage collection, set to 100. The default is 85%
imageGcLowThreshold	integer	The percent of disk usage before which image garbage collection is never run. This cannot be set higher than imageGcHighThreshold. The default is 80%
podMaxPids	integer	The maximum number of processes per pod.
topologyManagerPolicy	string	The Topology Manager policy to use. For more information see Kubernetes Topology Manager. The default is 'none'. Allowed values are 'none', 'best-effort', 'restricted', and 'single-numa-node'.

KubeletDiskType

Enumeration

Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.

Value	Description
OS	Kubelet will use the OS disk for its data.
Temporary	Kubelet will use the temporary disk for its data.

licenseType

Enumeration

The license type to use for Windows VMs. See Azure Hybrid User Benefits for more details.

Value	Description
None	No additional licensing is applied.
Windows_Server	Enables Azure Hybrid User Benefits for Windows VMs.

LinuxOSConfig

Object

OS configurations of Linux agent nodes.

Name	Type	Description
swapFileSizeMB	integer	The size in MB of a swap file that will be created on each node.
sysctls	SysctlConfig	Sysctl settings for Linux agent nodes.
transparentHugePageDefrag	string	Whether the kernel should make aggressive use of memory compaction to make more hugepages available. Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is 'madvise'. For more information see Transparent Hugepages.
transparentHugePageEnabled	string	Whether transparent hugepages are enabled. Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more information see Transparent Hugepages.

loadBalancerSku

Enumeration

The load balancer sku for the managed cluster.

Value	Description
basic	Use a basic Load Balancer with limited functionality.
standard	Use a a standard Load Balancer. This is the recommended Load Balancer SKU. For more information about on working with the load balancer in the managed cluster, see the standard Load Balancer article.

ManagedCluster

Object

Managed cluster.

Name	Type	Description
extendedLocation	ExtendedLocation	The extended location of the Virtual Machine.
id	string	Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
identity	ManagedClusterIdentity	The identity of the managed cluster, if configured.
location	string	The geo-location where the resource lives
name	string	The name of the resource
properties.aadProfile	ManagedClusterAADProfile	AADProfile specifies attributes for Azure Active Directory integration. The Azure Active Directory configuration.
properties.addonProfiles	<string,  ManagedClusterAddonProfile>	The profile of managed cluster add-on.
properties.agentPoolProfiles	ManagedClusterAgentPoolProfile[]	The agent pool properties.
properties.apiServerAccessProfile	ManagedClusterAPIServerAccessProfile	The access profile for managed cluster API server.
properties.autoScalerProfile	AutoScalerProfile	Parameters to be applied to the cluster-autoscaler when enabled
properties.autoUpgradeProfile	ManagedClusterAutoUpgradeProfile	The auto upgrade configuration.
properties.azurePortalFQDN	string	The special FQDN used by the Azure Portal to access the Managed Cluster. This FQDN is for use only by the Azure Portal and should not be used by other clients. The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure Portal to function properly.
properties.currentKubernetesVersion	string	The version of Kubernetes the Managed Cluster is running. If kubernetesVersion was a fully specified version <major.minor.patch>, this field will be exactly equal to it. If kubernetesVersion was <major.minor>, this field will contain the full <major.minor.patch> version being used.
properties.disableLocalAccounts	boolean	If local accounts should be disabled on the Managed Cluster. If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. For more details see disable local accounts.
properties.diskEncryptionSetID	string	The Resource ID of the disk encryption set to use for enabling encryption at rest. This is of the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}'
properties.dnsPrefix	string	The DNS prefix of the Managed Cluster. This cannot be updated once the Managed Cluster has been created.
properties.enablePodSecurityPolicy	boolean	(DEPRECATING) Whether to enable Kubernetes pod security policy (preview). This feature is set for removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy.
properties.enableRBAC	boolean	Whether to enable Kubernetes Role-Based Access Control.
properties.fqdn	string	The FQDN of the master pool.
properties.fqdnSubdomain	string	The FQDN subdomain of the private cluster with custom private dns zone. This cannot be updated once the Managed Cluster has been created.
properties.httpProxyConfig	ManagedClusterHTTPProxyConfig	Configurations for provisioning the cluster with HTTP proxy servers.
properties.identityProfile	<string,  UserAssignedIdentity>	Identities associated with the cluster.
properties.kubernetesVersion	string	The version of Kubernetes specified by the user. Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See upgrading an AKS cluster for more details.
properties.linuxProfile	ContainerServiceLinuxProfile	The profile for Linux VMs in the Managed Cluster.
properties.maxAgentPools	integer	The max number of agent pools for the managed cluster.
properties.networkProfile	ContainerServiceNetworkProfile	The network configuration profile.
properties.nodeResourceGroup	string	The name of the resource group containing agent pool nodes.
properties.podIdentityProfile	ManagedClusterPodIdentityProfile	The pod identity profile of the Managed Cluster. See use AAD pod identity for more details on AAD pod identity integration.
properties.powerState	PowerState	The Power State of the cluster.
properties.privateFQDN	string	The FQDN of private cluster.
properties.privateLinkResources	PrivateLinkResource[]	Private link resources associated with the cluster.
properties.provisioningState	string	The current provisioning state.
properties.publicNetworkAccess	PublicNetworkAccess	PublicNetworkAccess of the managedCluster Allow or deny public network access for AKS
properties.securityProfile	ManagedClusterSecurityProfile	Security profile for the managed cluster.
properties.servicePrincipalProfile	ManagedClusterServicePrincipalProfile	Information about a service principal identity for the cluster to use for manipulating Azure APIs.
properties.storageProfile	ManagedClusterStorageProfile	Storage profile for the managed cluster.
properties.windowsProfile	ManagedClusterWindowsProfile	The profile for Windows VMs in the Managed Cluster.
sku	ManagedClusterSKU	The managed cluster SKU.
systemData	systemData	Azure Resource Manager metadata containing createdBy and modifiedBy information.
tags	object	Resource tags.
type	string	The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

ManagedClusterAADProfile

Object

AADProfile specifies attributes for Azure Active Directory integration.

Name	Type	Description
adminGroupObjectIDs	string[]	The list of AAD group object IDs that will have admin role of the cluster.
clientAppID	string	The client AAD application ID.
enableAzureRBAC	boolean	Whether to enable Azure RBAC for Kubernetes authorization.
managed	boolean	Whether to enable managed AAD.
serverAppID	string	The server AAD application ID.
serverAppSecret	string	The server AAD application secret.
tenantID	string	The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment subscription.

ManagedClusterAddonProfile

Object

A Kubernetes add-on profile for a managed cluster.

Name	Type	Description
config	object	Key-value pairs for configuring an add-on.
enabled	boolean	Whether the add-on is enabled or not.
identity	Identity	Information of user assigned identity used by this add-on.

ManagedClusterAgentPoolProfile

Object

Profile for the container service agent pool.

Name	Type	Default value	Description
availabilityZones	string[]		The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is 'VirtualMachineScaleSets'.
count	integer		Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1.
creationData	CreationData		CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot.
currentOrchestratorVersion	string		The version of Kubernetes the Agent Pool is running. If orchestratorVersion is a fully specified version <major.minor.patch>, this field will be exactly equal to it. If orchestratorVersion is <major.minor>, this field will contain the full <major.minor.patch> version being used.
enableAutoScaling	boolean		Whether to enable auto-scaler
enableEncryptionAtHost	boolean		Whether to enable host based OS and data drive encryption. This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption
enableFIPS	boolean		Whether to use a FIPS-enabled OS. See Add a FIPS-enabled node pool for more details.
enableNodePublicIP	boolean		Whether each node is allocated its own public IP. Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false.
enableUltraSSD	boolean		Whether to enable UltraSSD
gpuInstanceProfile	GPUInstanceProfile		GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.
kubeletConfig	KubeletConfig		Kubelet configurations of agent nodes. The Kubelet configuration on the agent pool nodes.
kubeletDiskType	KubeletDiskType		Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.
linuxOSConfig	LinuxOSConfig		OS configurations of Linux agent nodes. The OS configuration of Linux agent nodes.
maxCount	integer		The maximum number of nodes for auto-scaling
maxPods	integer		The maximum number of pods that can run on a node.
minCount	integer		The minimum number of nodes for auto-scaling
mode	AgentPoolMode		The mode of an agent pool. A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools
name	string		Unique name of the agent pool profile in the context of the subscription and resource group. Windows agent pool names must be 6 characters or less.
nodeImageVersion	string		The version of node image
nodeLabels	object		The node labels to be persisted across all nodes in agent pool.
nodePublicIPPrefixID	string		The public IP prefix ID which VM nodes should use IPs from. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}
nodeTaints	string[]		The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.
orchestratorVersion	string		The version of Kubernetes specified by the user. Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool.
osDiskSizeGB	integer		OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified.
osDiskType	OSDiskType		The OS disk type to be used for machines in the agent pool. The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see Ephemeral OS.
osSKU	OSSKU		Specifies an OS SKU. This value must not be specified if OSType is Windows.
osType	OSType	Linux	The operating system type. The default is Linux.
podSubnetID	string		The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}
powerState	PowerState		Whether the Agent Pool is running or stopped. When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded
provisioningState	string		The current deployment or provisioning state.
proximityPlacementGroupID	string		The ID for Proximity Placement Group.
scaleDownMode	ScaleDownMode		The scale down mode to use when scaling the Agent Pool. This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.
scaleSetEvictionPolicy	ScaleSetEvictionPolicy	Delete	The Virtual Machine Scale Set eviction policy to use. This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is 'Delete'.
scaleSetPriority	ScaleSetPriority	Regular	The Virtual Machine Scale Set priority. If not specified, the default is 'Regular'.
spotMaxPrice	number	-1	The max price (in US Dollars) you are willing to pay for spot instances. Possible values are any decimal value greater than zero or -1 which indicates default price to be up-to on-demand. Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing
tags	object		The tags to be persisted on the agent pool virtual machine scale set.
type	AgentPoolType		The type of Agent Pool.
upgradeSettings	AgentPoolUpgradeSettings		Settings for upgrading the agentpool
vmSize	string		The size of the agent pool VMs. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions
vnetSubnetID	string		The ID of the subnet which agent pool nodes and optionally pods will join on startup. If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}
workloadRuntime	WorkloadRuntime		Determines the type of workload a node can run.

ManagedClusterAPIServerAccessProfile

Object

Access profile for managed cluster API server.

Name	Type	Description
authorizedIPRanges	string[]	The IP ranges authorized to access the Kubernetes API server. IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see API server authorized IP ranges.
disableRunCommand	boolean	Whether to disable run command for the cluster or not.
enablePrivateCluster	boolean	Whether to create the cluster as a private cluster or not. For more details, see Creating a private AKS cluster.
enablePrivateClusterPublicFQDN	boolean	Whether to create additional public FQDN for private cluster or not.
privateDNSZone	string	The private DNS zone mode for the cluster. The default is System. For more details see configure private DNS zone. Allowed values are 'system' and 'none'.

ManagedClusterAutoUpgradeProfile

Object

Auto upgrade profile for a managed cluster.

Name	Type	Description
upgradeChannel	upgradeChannel	The upgrade channel for auto upgrade. The default is 'none'. For more information see setting the AKS cluster auto-upgrade channel.

ManagedClusterHTTPProxyConfig

Object

Cluster HTTP proxy configuration.

Name	Type	Description
httpProxy	string	The HTTP proxy server endpoint to use.
httpsProxy	string	The HTTPS proxy server endpoint to use.
noProxy	string[]	The endpoints that should not go through proxy.
trustedCa	string	Alternative CA cert to use for connecting to proxy servers.

ManagedClusterIdentity

Object

Identity for the managed cluster.

Name	Type	Description
principalId	string	The principal id of the system assigned identity which is used by master components.
tenantId	string	The tenant id of the system assigned identity which is used by master components.
type	ResourceIdentityType	The type of identity used for the managed cluster. For more information see use managed identities in AKS.
userAssignedIdentities	UserAssignedIdentities	The user identity associated with the managed cluster. This identity will be used in control plane. Only one user assigned identity is allowed. The keys must be ARM resource IDs in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

ManagedClusterLoadBalancerProfile

Object

Profile of the managed cluster load balancer.

Name	Type	Default value	Description
allocatedOutboundPorts	integer	0	The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 (inclusive). The default value is 0 which results in Azure dynamically allocating ports.
effectiveOutboundIPs	ResourceReference[]		The effective outbound IP resources of the cluster load balancer.
enableMultipleStandardLoadBalancers	boolean		Enable multiple standard load balancers per AKS cluster or not.
idleTimeoutInMinutes	integer	30	Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 30 minutes.
managedOutboundIPs	ManagedOutboundIPs		Desired managed outbound IPs for the cluster load balancer.
outboundIPPrefixes	OutboundIPPrefixes		Desired outbound IP Prefix resources for the cluster load balancer.
outboundIPs	OutboundIPs		Desired outbound IP resources for the cluster load balancer.

ManagedClusterManagedOutboundIPProfile

Object

Profile of the managed outbound IP resources of the managed cluster.

Name	Type	Default value	Description
count	integer	1	The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 (inclusive). The default value is 1.

ManagedClusterNATGatewayProfile

Object

Profile of the managed cluster NAT gateway.

Name	Type	Default value	Description
effectiveOutboundIPs	ResourceReference[]		The effective outbound IP resources of the cluster NAT gateway.
idleTimeoutInMinutes	integer	4	Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 4 minutes.
managedOutboundIPProfile	ManagedClusterManagedOutboundIPProfile		Profile of the managed outbound IP resources of the cluster NAT gateway.

ManagedClusterPodIdentity

Object

Details about the pod identity assigned to the Managed Cluster.

Name	Type	Description
bindingSelector	string	The binding selector to use for the AzureIdentityBinding resource.
identity	UserAssignedIdentity	The user assigned identity details.
name	string	The name of the pod identity.
namespace	string	The namespace of the pod identity.
provisioningInfo	ProvisioningInfo
provisioningState	ManagedClusterPodIdentityProvisioningState	The current provisioning state of the pod identity.

ManagedClusterPodIdentityException

Object

A pod identity exception, which allows pods with certain labels to access the Azure Instance Metadata Service (IMDS) endpoint without being intercepted by the node-managed identity (NMI) server.

Name	Type	Description
name	string	The name of the pod identity exception.
namespace	string	The namespace of the pod identity exception.
podLabels	object	The pod labels to match.

ManagedClusterPodIdentityProfile

Object

The pod identity profile of the Managed Cluster.

Name	Type	Description
allowNetworkPluginKubenet	boolean	Whether pod identity is allowed to run on clusters with Kubenet networking. Running in Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. See using Kubenet network plugin with AAD Pod Identity for more information.
enabled	boolean	Whether the pod identity addon is enabled.
userAssignedIdentities	ManagedClusterPodIdentity[]	The pod identities to use in the cluster.
userAssignedIdentityExceptions	ManagedClusterPodIdentityException[]	The pod identity exceptions to allow.

ManagedClusterPodIdentityProvisioningError

Object

An error response from the pod identity provisioning.

Name	Type	Description
error	ManagedClusterPodIdentityProvisioningErrorBody	Details about the error.

ManagedClusterPodIdentityProvisioningErrorBody

Object

An error response from the pod identity provisioning.

Name	Type	Description
code	string	An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
details	ManagedClusterPodIdentityProvisioningErrorBody[]	A list of additional details about the error.
message	string	A message describing the error, intended to be suitable for display in a user interface.
target	string	The target of the particular error. For example, the name of the property in error.

ManagedClusterPodIdentityProvisioningState

Enumeration

The current provisioning state of the pod identity.

Value	Description
Assigned
Deleting
Failed
Updating

ManagedClusterSecurityProfile

Object

Security profile for the container service cluster.

Name	Type	Description
azureDefender	ManagedClusterSecurityProfileAzureDefender	Azure Defender settings for the security profile.

ManagedClusterSecurityProfileAzureDefender

Object

Azure Defender settings for the security profile.

Name	Type	Description
enabled	boolean	Whether to enable Azure Defender
logAnalyticsWorkspaceResourceId	string	Resource ID of the Log Analytics workspace to be associated with Azure Defender. When Azure Defender is enabled, this field is required and must be a valid workspace resource ID. When Azure Defender is disabled, leave the field empty.

ManagedClusterServicePrincipalProfile

Object

Information about a service principal identity for the cluster to use for manipulating Azure APIs.

Name	Type	Description
clientId	string	The ID for the service principal.
secret	string	The secret password associated with the service principal in plain text.

ManagedClusterSKU

Object

The SKU of a Managed Cluster.

Name	Type	Description
name	ManagedClusterSKUName	The name of a managed cluster SKU.
tier	ManagedClusterSKUTier	The tier of a managed cluster SKU. If not specified, the default is 'Free'. See uptime SLA for more details.

ManagedClusterSKUName

Enumeration

The name of a managed cluster SKU.

Value	Description
Basic

ManagedClusterSKUTier

Enumeration

The tier of a managed cluster SKU.

Value	Description
Free	No guaranteed SLA, no additional charges. Free tier clusters have an SLO of 99.5%.
Paid	Guarantees 99.95% availability of the Kubernetes API server endpoint for clusters that use Availability Zones and 99.9% of availability for clusters that don't use Availability Zones.

ManagedClusterStorageProfile

Object

Storage profile for the container service cluster.

Name	Type	Description
diskCSIDriver	ManagedClusterStorageProfileDiskCSIDriver	AzureDisk CSI Driver settings for the storage profile.
fileCSIDriver	ManagedClusterStorageProfileFileCSIDriver	AzureFile CSI Driver settings for the storage profile.
snapshotController	ManagedClusterStorageProfileSnapshotController	Snapshot Controller settings for the storage profile.

ManagedClusterStorageProfileDiskCSIDriver

Object

AzureDisk CSI Driver settings for the storage profile.

Name	Type	Description
enabled	boolean	Whether to enable AzureDisk CSI Driver. The default value is true.

ManagedClusterStorageProfileFileCSIDriver

Object

AzureFile CSI Driver settings for the storage profile.

Name	Type	Description
enabled	boolean	Whether to enable AzureFile CSI Driver. The default value is true.

ManagedClusterStorageProfileSnapshotController

Object

Snapshot Controller settings for the storage profile.

Name	Type	Description
enabled	boolean	Whether to enable Snapshot Controller. The default value is true.

ManagedClusterWindowsProfile

Object

Profile for Windows VMs in the managed cluster.

Name	Type	Description
adminPassword	string	Specifies the password of the administrator account. Minimum-length: 8 characters Max-length: 123 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!"
adminUsername	string	Specifies the name of the administrator account. Restriction: Cannot end in "." Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". Minimum-length: 1 character Max-length: 20 characters
enableCSIProxy	boolean	Whether to enable CSI proxy. For more details on CSI proxy, see the CSI proxy GitHub repo.
gmsaProfile	WindowsGmsaProfile	The Windows gMSA Profile in the Managed Cluster.
licenseType	licenseType	The license type to use for Windows VMs. See Azure Hybrid User Benefits for more details.

ManagedOutboundIPs

Object

Desired managed outbound IPs for the cluster load balancer.

Name	Type	Default value	Description
count	integer	1	The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 1.
countIPv6	integer	0	The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack.

networkMode

Enumeration

The network mode Azure CNI is configured with.

Value	Description
bridge	This is no longer supported
transparent	No bridge is created. Intra-VM Pod to Pod communication is through IP routes created by Azure CNI. See Transparent Mode for more information.

NetworkPlugin

Enumeration

Network plugin used for building the Kubernetes network.

Value	Description
azure	Use the Azure CNI network plugin. See Azure CNI (advanced) networking for more information.
kubenet	Use the Kubenet network plugin. See Kubenet (basic) networking for more information.

NetworkPolicy

Enumeration

Network policy used for building the Kubernetes network.

Value	Description
azure	Use Azure network policies. See differences between Azure and Calico policies for more information.
calico	Use Calico network policies. See differences between Azure and Calico policies for more information.

OSDiskType

Enumeration

The OS disk type to be used for machines in the agent pool.

Value	Description
Ephemeral	Ephemeral OS disks are stored only on the host machine, just like a temporary disk. This provides lower read/write latency, along with faster node scaling and cluster upgrades.
Managed	Azure replicates the operating system disk for a virtual machine to Azure storage to avoid data loss should the VM need to be relocated to another host. Since containers aren't designed to have local state persisted, this behavior offers limited value while providing some drawbacks, including slower node provisioning and higher read/write latency.

OSSKU

Enumeration

Specifies an OS SKU. This value must not be specified if OSType is Windows.

Value	Description
CBLMariner
Ubuntu

OSType

Enumeration

The operating system type. The default is Linux.

Value	Description
Linux	Use Linux.
Windows	Use Windows.

OutboundIPPrefixes

Object

Desired outbound IP Prefix resources for the cluster load balancer.

Name	Type	Description
publicIPPrefixes	ResourceReference[]	A list of public IP prefix resources.

OutboundIPs

Object

Desired outbound IP resources for the cluster load balancer.

Name	Type	Description
publicIPs	ResourceReference[]	A list of public IP resources.

outboundType

Enumeration

The outbound (egress) routing method.

Value	Description
loadBalancer	The load balancer is used for egress through an AKS assigned public IP. This supports Kubernetes services of type 'loadBalancer'. For more information see outbound type loadbalancer.
managedNATGateway	The AKS-managed NAT gateway is used for egress.
userAssignedNATGateway	The user-assigned NAT gateway associated to the cluster subnet is used for egress. This is an advanced scenario and requires proper network configuration.
userDefinedRouting	Egress paths must be defined by the user. This is an advanced scenario and requires proper network configuration. For more information see outbound type userDefinedRouting.

PowerState

Object

Describes the Power State of the cluster

Name	Type	Description
code	code	Tells whether the cluster is Running or Stopped

PrivateLinkResource

Object

A private link resource

Name	Type	Description
groupId	string	The group ID of the resource.
id	string	The ID of the private link resource.
name	string	The name of the private link resource.
privateLinkServiceID	string	The private link service ID of the resource, this field is exposed only to NRP internally.
requiredMembers	string[]	The RequiredMembers of the resource
type	string	The resource type.

ProvisioningInfo

Object

Name	Type	Description
error	ManagedClusterPodIdentityProvisioningError	Pod identity assignment error (if any).

PublicNetworkAccess

Enumeration

PublicNetworkAccess of the managedCluster

Value	Description
Disabled
Enabled

ResourceIdentityType

Enumeration

The type of identity used for the managed cluster.

Value	Description
None	Do not use a managed identity for the Managed Cluster, service principal will be used instead.
SystemAssigned	Use an implicitly created system assigned managed identity to manage cluster resources. Master components in the control plane such as kube-controller-manager will use the system assigned managed identity to manipulate Azure resources.
UserAssigned	Use a user-specified identity to manage cluster resources. Master components in the control plane such as kube-controller-manager will use the specified user assigned managed identity to manipulate Azure resources.

ResourceReference

Object

A reference to an Azure resource.

Name	Type	Description
id	string	The fully qualified Azure resource id.

ScaleDownMode

Enumeration

Describes how VMs are added to or removed from Agent Pools. See billing states.

Value	Description
Deallocate	Attempt to start deallocated instances (if they exist) during scale up and deallocate instances during scale down.
Delete	Create new instances during scale up and remove instances during scale down.

ScaleSetEvictionPolicy

Enumeration

The Virtual Machine Scale Set eviction policy.

Value	Description
Deallocate	Nodes in the underlying Scale Set of the node pool are set to the stopped-deallocated state upon eviction. Nodes in the stopped-deallocated state count against your compute quota and can cause issues with cluster scaling or upgrading.
Delete	Nodes in the underlying Scale Set of the node pool are deleted when they're evicted.

ScaleSetPriority

Enumeration

The Virtual Machine Scale Set priority.

Value	Description
Regular	Regular VMs will be used.
Spot	Spot priority VMs will be used. There is no SLA for spot nodes. See spot on AKS for more information.

SysctlConfig

Object

Sysctl settings for Linux agent nodes.

Name	Type	Description
fsAioMaxNr	integer	Sysctl setting fs.aio-max-nr.
fsFileMax	integer	Sysctl setting fs.file-max.
fsInotifyMaxUserWatches	integer	Sysctl setting fs.inotify.max_user_watches.
fsNrOpen	integer	Sysctl setting fs.nr_open.
kernelThreadsMax	integer	Sysctl setting kernel.threads-max.
netCoreNetdevMaxBacklog	integer	Sysctl setting net.core.netdev_max_backlog.
netCoreOptmemMax	integer	Sysctl setting net.core.optmem_max.
netCoreRmemDefault	integer	Sysctl setting net.core.rmem_default.
netCoreRmemMax	integer	Sysctl setting net.core.rmem_max.
netCoreSomaxconn	integer	Sysctl setting net.core.somaxconn.
netCoreWmemDefault	integer	Sysctl setting net.core.wmem_default.
netCoreWmemMax	integer	Sysctl setting net.core.wmem_max.
netIpv4IpLocalPortRange	string	Sysctl setting net.ipv4.ip_local_port_range.
netIpv4NeighDefaultGcThresh1	integer	Sysctl setting net.ipv4.neigh.default.gc_thresh1.
netIpv4NeighDefaultGcThresh2	integer	Sysctl setting net.ipv4.neigh.default.gc_thresh2.
netIpv4NeighDefaultGcThresh3	integer	Sysctl setting net.ipv4.neigh.default.gc_thresh3.
netIpv4TcpFinTimeout	integer	Sysctl setting net.ipv4.tcp_fin_timeout.
netIpv4TcpKeepaliveProbes	integer	Sysctl setting net.ipv4.tcp_keepalive_probes.
netIpv4TcpKeepaliveTime	integer	Sysctl setting net.ipv4.tcp_keepalive_time.
netIpv4TcpMaxSynBacklog	integer	Sysctl setting net.ipv4.tcp_max_syn_backlog.
netIpv4TcpMaxTwBuckets	integer	Sysctl setting net.ipv4.tcp_max_tw_buckets.
netIpv4TcpTwReuse	boolean	Sysctl setting net.ipv4.tcp_tw_reuse.
netIpv4TcpkeepaliveIntvl	integer	Sysctl setting net.ipv4.tcp_keepalive_intvl.
netNetfilterNfConntrackBuckets	integer	Sysctl setting net.netfilter.nf_conntrack_buckets.
netNetfilterNfConntrackMax	integer	Sysctl setting net.netfilter.nf_conntrack_max.
vmMaxMapCount	integer	Sysctl setting vm.max_map_count.
vmSwappiness	integer	Sysctl setting vm.swappiness.
vmVfsCachePressure	integer	Sysctl setting vm.vfs_cache_pressure.

systemData

Object

Metadata pertaining to creation and last modification of the resource.

Name	Type	Description
createdAt	string	The timestamp of resource creation (UTC).
createdBy	string	The identity that created the resource.
createdByType	createdByType	The type of identity that created the resource.
lastModifiedAt	string	The timestamp of resource last modification (UTC)
lastModifiedBy	string	The identity that last modified the resource.
lastModifiedByType	createdByType	The type of identity that last modified the resource.

upgradeChannel

Enumeration

The upgrade channel for auto upgrade. The default is 'none'.

Value	Description
node-image	Automatically upgrade the node image to the latest version available. Microsoft provides patches and new images for image nodes frequently (usually weekly), but your running nodes won't get the new images unless you do a node image upgrade. Turning on the node-image channel will automatically update your node images whenever a new version is available.
none	Disables auto-upgrades and keeps the cluster at its current version of Kubernetes.
patch	Automatically upgrade the cluster to the latest supported patch version when it becomes available while keeping the minor version the same. For example, if a cluster is running version 1.17.7 and versions 1.17.9, 1.18.4, 1.18.6, and 1.19.1 are available, your cluster is upgraded to 1.17.9.
rapid	Automatically upgrade the cluster to the latest supported patch release on the latest supported minor version. In cases where the cluster is at a version of Kubernetes that is at an N-2 minor version where N is the latest supported minor version, the cluster first upgrades to the latest supported patch version on N-1 minor version. For example, if a cluster is running version 1.17.7 and versions 1.17.9, 1.18.4, 1.18.6, and 1.19.1 are available, your cluster first is upgraded to 1.18.6, then is upgraded to 1.19.1.
stable	Automatically upgrade the cluster to the latest supported patch release on minor version N-1, where N is the latest supported minor version. For example, if a cluster is running version 1.17.7 and versions 1.17.9, 1.18.4, 1.18.6, and 1.19.1 are available, your cluster is upgraded to 1.18.6.

UserAssignedIdentities

Object

The user identity associated with the managed cluster. This identity will be used in control plane. Only one user assigned identity is allowed.

Name	Type	Description

UserAssignedIdentity

Object

Details about a user assigned identity.

Name	Type	Description
clientId	string	The client ID of the user assigned identity.
objectId	string	The object ID of the user assigned identity.
resourceId	string	The resource ID of the user assigned identity.

WindowsGmsaProfile

Object

Windows gMSA Profile in the managed cluster.

Name	Type	Description
dnsServer	string	Specifies the DNS server for Windows gMSA. Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster.
enabled	boolean	Whether to enable Windows gMSA. Specifies whether to enable Windows gMSA in the managed cluster.
rootDomainName	string	Specifies the root domain name for Windows gMSA. Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster.

WorkloadRuntime

Enumeration

Determines the type of workload a node can run.

Value	Description
OCIContainer	Nodes will use Kubelet to run standard OCI container workloads.
WasmWasi	Nodes will use Krustlet to run WASM workloads using the WASI provider (Preview).