Managed Clusters - Create Or Update

Service:

AKS

API Version:

2023-08-01

Creates or updates a managed cluster.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}?api-version=2023-08-01

URI Parameters

Name	In	Required	Type	Description
resourceGroupName	path	True	string	The name of the resource group. The name is case insensitive.
resourceName	path	True	string	The name of the managed cluster resource. Regex pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$
subscriptionId	path	True	string	The ID of the target subscription.
api-version	query	True	string	The API version to use for this operation.

Request Body

Name	Required	Type	Description
location	True	string	The geo-location where the resource lives
extendedLocation		ExtendedLocation	The extended location of the Virtual Machine.
identity		ManagedClusterIdentity	The identity of the managed cluster, if configured.
properties.aadProfile		ManagedClusterAADProfile	AADProfile specifies attributes for Azure Active Directory integration. The Azure Active Directory configuration.
properties.addonProfiles		<string,  ManagedClusterAddonProfile>	The profile of managed cluster add-on.
properties.agentPoolProfiles		ManagedClusterAgentPoolProfile[]	The agent pool properties.
properties.apiServerAccessProfile		ManagedClusterAPIServerAccessProfile	The access profile for managed cluster API server.
properties.autoScalerProfile		AutoScalerProfile	Parameters to be applied to the cluster-autoscaler when enabled
properties.autoUpgradeProfile		ManagedClusterAutoUpgradeProfile	The auto upgrade configuration.
properties.azureMonitorProfile		ManagedClusterAzureMonitorProfile	Azure Monitor addon profiles for monitoring the managed cluster.
properties.disableLocalAccounts		boolean	If local accounts should be disabled on the Managed Cluster. If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. For more details see disable local accounts.
properties.diskEncryptionSetID		string	The Resource ID of the disk encryption set to use for enabling encryption at rest. This is of the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}'
properties.dnsPrefix		string	The DNS prefix of the Managed Cluster. This cannot be updated once the Managed Cluster has been created.
properties.enablePodSecurityPolicy		boolean	(DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.
properties.enableRBAC		boolean	Whether to enable Kubernetes Role-Based Access Control.
properties.fqdnSubdomain		string	The FQDN subdomain of the private cluster with custom private dns zone. This cannot be updated once the Managed Cluster has been created.
properties.httpProxyConfig		ManagedClusterHTTPProxyConfig	Configurations for provisioning the cluster with HTTP proxy servers.
properties.identityProfile		<string,  UserAssignedIdentity>	Identities associated with the cluster.
properties.kubernetesVersion		string	The version of Kubernetes specified by the user. Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See upgrading an AKS cluster for more details.
properties.linuxProfile		ContainerServiceLinuxProfile	The profile for Linux VMs in the Managed Cluster.
properties.networkProfile		ContainerServiceNetworkProfile	The network configuration profile.
properties.nodeResourceGroup		string	The name of the resource group containing agent pool nodes.
properties.oidcIssuerProfile		ManagedClusterOIDCIssuerProfile	The OIDC issuer profile of the Managed Cluster.
properties.podIdentityProfile		ManagedClusterPodIdentityProfile	The pod identity profile of the Managed Cluster. See use AAD pod identity for more details on AAD pod identity integration.
properties.privateLinkResources		PrivateLinkResource[]	Private link resources associated with the cluster.
properties.publicNetworkAccess		PublicNetworkAccess	PublicNetworkAccess of the managedCluster Allow or deny public network access for AKS
properties.securityProfile		ManagedClusterSecurityProfile	Security profile for the managed cluster.
properties.serviceMeshProfile		ServiceMeshProfile	Service mesh profile for a managed cluster.
properties.servicePrincipalProfile		ManagedClusterServicePrincipalProfile	Information about a service principal identity for the cluster to use for manipulating Azure APIs.
properties.storageProfile		ManagedClusterStorageProfile	Storage profile for the managed cluster.
properties.supportPlan		KubernetesSupportPlan	The support plan for the Managed Cluster. If unspecified, the default is 'KubernetesOfficial'.
properties.upgradeSettings		ClusterUpgradeSettings	Settings for upgrading a cluster.
properties.windowsProfile		ManagedClusterWindowsProfile	The profile for Windows VMs in the Managed Cluster.
properties.workloadAutoScalerProfile		ManagedClusterWorkloadAutoScalerProfile	Workload Auto-scaler profile for the managed cluster.
sku		ManagedClusterSKU	The managed cluster SKU.
tags		object	Resource tags.

Responses

Name	Type	Description
200 OK	ManagedCluster	The existing managed cluster was successfully updated.
201 Created	ManagedCluster	The new managed cluster was successfully created.
Other Status Codes	CloudError	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Create Managed Cluster using an agent pool snapshot

Create Managed Cluster with AKS-managed NAT gateway as outbound type

Create Managed Cluster with Azure KeyVault Secrets Provider Addon

Create Managed Cluster with Dedicated Host Group

Create Managed Cluster with EncryptionAtHost enabled

Create Managed Cluster with FIPS enabled OS

Create Managed Cluster with GPUMIG

Create Managed Cluster with HTTP proxy configured

Create Managed Cluster with LongTermSupport

Create Managed Cluster with Node Public IP Prefix

Create Managed Cluster with OSSKU

Create Managed Cluster with PodIdentity enabled

Create Managed Cluster with PPG

Create Managed Cluster with RunCommand disabled

Create Managed Cluster with Security Profile configured

Create Managed Cluster with UltraSSD enabled

Create Managed Cluster with user-assigned NAT gateway as outbound type

Create Managed Private Cluster with fqdn subdomain specified

Create Managed Private Cluster with Public FQDN specified

Create/Update AAD Managed Cluster with EnableAzureRBAC

Create/Update Managed Cluster

Create/Update Managed Cluster with Azure Service Mesh

Create/Update Managed Cluster with dual-stack networking

Create/Update Managed Cluster with EnableAHUB

Create/Update Managed Cluster with Windows gMSA enabled

Create Managed Cluster using an agent pool snapshot

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableFIPS": true,
        "creationData": {
          "sourceResourceId": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"
        }
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": false
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.CreationData;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_Snapshot.json
     */
    /**
     * Sample code: Create Managed Cluster using an agent pool snapshot.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createManagedClusterUsingAnAgentPoolSnapshot(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS2_v2")
                                    .withOsType(OSType.LINUX)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withEnableNodePublicIp(true)
                                    .withEnableFips(true)
                                    .withCreationData(
                                        new CreationData()
                                            .withSourceResourceId(
                                                "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"))
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder"))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(mapOf())
                    .withEnableRbac(true)
                    .withEnablePodSecurityPolicy(false)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.LOAD_BALANCER)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withLoadBalancerProfile(
                                new ManagedClusterLoadBalancerProfile()
                                    .withManagedOutboundIPs(
                                        new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m"))
                    .withDiskEncryptionSetId(
                        "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_snapshot.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "location": "location1",
            "properties": {
                "addonProfiles": {},
                "agentPoolProfiles": [
                    {
                        "count": 3,
                        "creationData": {
                            "sourceResourceId": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"
                        },
                        "enableFIPS": True,
                        "enableNodePublicIP": True,
                        "mode": "System",
                        "name": "nodepool1",
                        "osType": "Linux",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS2_v2",
                    }
                ],
                "autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
                "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
                "dnsPrefix": "dnsprefix1",
                "enablePodSecurityPolicy": False,
                "enableRBAC": True,
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
                    "loadBalancerSku": "standard",
                    "outboundType": "loadBalancer",
                },
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_Snapshot.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_Snapshot.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterUsingAnAgentPoolSnapshot() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type:  to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					Count: to.Ptr[int32](3),
					CreationData: &armcontainerservice.CreationData{
						SourceResourceID: to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"),
					},
					EnableFIPS:         to.Ptr(true),
					EnableNodePublicIP: to.Ptr(true),
					Mode:               to.Ptr(armcontainerservice.AgentPoolModeSystem),
					OSType:             to.Ptr(armcontainerservice.OSTypeLinux),
					VMSize:             to.Ptr("Standard_DS2_v2"),
					Name:               to.Ptr("nodepool1"),
				}},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				ScaleDownDelayAfterAdd: to.Ptr("15m"),
				ScanInterval:           to.Ptr("20s"),
			},
			DiskEncryptionSetID:     to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
			DNSPrefix:               to.Ptr("dnsprefix1"),
			EnablePodSecurityPolicy: to.Ptr(false),
			EnableRBAC:              to.Ptr(true),
			KubernetesVersion:       to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
						Count: to.Ptr[int32](2),
					},
				},
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				Count: to.Ptr[int32](3),
	// 				CreationData: &armcontainerservice.CreationData{
	// 					SourceResourceID: to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"),
	// 				},
	// 				CurrentOrchestratorVersion: to.Ptr("1.9.6"),
	// 				EnableFIPS: to.Ptr(true),
	// 				EnableNodePublicIP: to.Ptr(true),
	// 				MaxPods: to.Ptr[int32](110),
	// 				Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 				NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 				OrchestratorVersion: to.Ptr("1.9.6"),
	// 				OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 				ProvisioningState: to.Ptr("Succeeded"),
	// 				VMSize: to.Ptr("Standard_DS2_v2"),
	// 				Name: to.Ptr("nodepool1"),
	// 		}},
	// 		AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 			ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 			ScanInterval: to.Ptr("20s"),
	// 		},
	// 		CurrentKubernetesVersion: to.Ptr("1.9.6"),
	// 		DiskEncryptionSetID: to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
	// 		DNSPrefix: to.Ptr("dnsprefix1"),
	// 		EnablePodSecurityPolicy: to.Ptr(false),
	// 		EnableRBAC: to.Ptr(true),
	// 		Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
	// 		KubernetesVersion: to.Ptr("1.9.6"),
	// 		LinuxProfile: &armcontainerservice.LinuxProfile{
	// 			AdminUsername: to.Ptr("azureuser"),
	// 			SSH: &armcontainerservice.SSHConfiguration{
	// 				PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 					{
	// 						KeyData: to.Ptr("keydata"),
	// 				}},
	// 			},
	// 		},
	// 		MaxAgentPools: to.Ptr[int32](1),
	// 		NetworkProfile: &armcontainerservice.NetworkProfile{
	// 			DNSServiceIP: to.Ptr("10.0.0.10"),
	// 			IPFamilies: []*armcontainerservice.IPFamily{
	// 				to.Ptr(armcontainerservice.IPFamilyIPv4)},
	// 				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
	// 					AllocatedOutboundPorts: to.Ptr[int32](2000),
	// 					EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 						},
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 					}},
	// 					IdleTimeoutInMinutes: to.Ptr[int32](10),
	// 					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
	// 						Count: to.Ptr[int32](2),
	// 					},
	// 				},
	// 				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 				NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 				OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
	// 				PodCidr: to.Ptr("10.244.0.0/16"),
	// 				PodCidrs: []*string{
	// 					to.Ptr("10.244.0.0/16")},
	// 					ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 					ServiceCidrs: []*string{
	// 						to.Ptr("10.0.0.0/16")},
	// 					},
	// 					NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 					ProvisioningState: to.Ptr("Succeeded"),
	// 					ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 						ClientID: to.Ptr("clientid"),
	// 					},
	// 					WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 						AdminUsername: to.Ptr("azureuser"),
	// 					},
	// 				},
	// 			}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_Snapshot.json
 */
async function createManagedClusterUsingAnAgentPoolSnapshot() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    addonProfiles: {},
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        count: 3,
        creationData: {
          sourceResourceId:
            "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1",
        },
        enableFips: true,
        enableNodePublicIP: true,
        mode: "System",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
      },
    ],
    autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
    diskEncryptionSetID:
      "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    dnsPrefix: "dnsprefix1",
    enablePodSecurityPolicy: false,
    enableRbac: true,
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
      loadBalancerSku: "standard",
      outboundType: "loadBalancer",
    },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
        "enableFIPS": true,
        "creationData": {
          "sourceResourceId": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"
        }
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": false,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableFIPS": true,
        "creationData": {
          "sourceResourceId": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"
        }
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": false,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create Managed Cluster with AKS-managed NAT gateway as outbound type

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": false,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "managedNATGateway",
      "natGatewayProfile": {
        "managedOutboundIPProfile": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterManagedOutboundIpProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterNatGatewayProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_ManagedNATGateway.json
     */
    /**
     * Sample code: Create Managed Cluster with AKS-managed NAT gateway as outbound type.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createManagedClusterWithAKSManagedNATGatewayAsOutboundType(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS2_v2")
                                    .withOsType(OSType.LINUX)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withEnableNodePublicIp(false)
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder"))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(mapOf())
                    .withEnableRbac(true)
                    .withEnablePodSecurityPolicy(true)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.MANAGED_NATGATEWAY)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withNatGatewayProfile(
                                new ManagedClusterNatGatewayProfile()
                                    .withManagedOutboundIpProfile(
                                        new ManagedClusterManagedOutboundIpProfile().withCount(2))))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m"))
                    .withDiskEncryptionSetId(
                        "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_managed_nat_gateway.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "location": "location1",
            "properties": {
                "addonProfiles": {},
                "agentPoolProfiles": [
                    {
                        "count": 3,
                        "enableNodePublicIP": False,
                        "mode": "System",
                        "name": "nodepool1",
                        "osType": "Linux",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS2_v2",
                    }
                ],
                "autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
                "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
                "dnsPrefix": "dnsprefix1",
                "enablePodSecurityPolicy": True,
                "enableRBAC": True,
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "loadBalancerSku": "standard",
                    "natGatewayProfile": {"managedOutboundIPProfile": {"count": 2}},
                    "outboundType": "managedNATGateway",
                },
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_ManagedNATGateway.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_ManagedNATGateway.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithAksManagedNatGatewayAsOutboundType() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type:               to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					Count:              to.Ptr[int32](3),
					EnableNodePublicIP: to.Ptr(false),
					Mode:               to.Ptr(armcontainerservice.AgentPoolModeSystem),
					OSType:             to.Ptr(armcontainerservice.OSTypeLinux),
					VMSize:             to.Ptr("Standard_DS2_v2"),
					Name:               to.Ptr("nodepool1"),
				}},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				ScaleDownDelayAfterAdd: to.Ptr("15m"),
				ScanInterval:           to.Ptr("20s"),
			},
			DiskEncryptionSetID:     to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
			DNSPrefix:               to.Ptr("dnsprefix1"),
			EnablePodSecurityPolicy: to.Ptr(true),
			EnableRBAC:              to.Ptr(true),
			KubernetesVersion:       to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				NatGatewayProfile: &armcontainerservice.ManagedClusterNATGatewayProfile{
					ManagedOutboundIPProfile: &armcontainerservice.ManagedClusterManagedOutboundIPProfile{
						Count: to.Ptr[int32](2),
					},
				},
				OutboundType: to.Ptr(armcontainerservice.OutboundTypeManagedNATGateway),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				Count: to.Ptr[int32](3),
	// 				CurrentOrchestratorVersion: to.Ptr("1.9.6"),
	// 				EnableNodePublicIP: to.Ptr(false),
	// 				MaxPods: to.Ptr[int32](110),
	// 				Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 				NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 				OrchestratorVersion: to.Ptr("1.9.6"),
	// 				OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 				ProvisioningState: to.Ptr("Succeeded"),
	// 				VMSize: to.Ptr("Standard_DS2_v2"),
	// 				Name: to.Ptr("nodepool1"),
	// 		}},
	// 		AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 			ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 			ScanInterval: to.Ptr("20s"),
	// 		},
	// 		CurrentKubernetesVersion: to.Ptr("1.9.6"),
	// 		DiskEncryptionSetID: to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
	// 		DNSPrefix: to.Ptr("dnsprefix1"),
	// 		EnablePodSecurityPolicy: to.Ptr(true),
	// 		EnableRBAC: to.Ptr(true),
	// 		Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
	// 		KubernetesVersion: to.Ptr("1.9.6"),
	// 		LinuxProfile: &armcontainerservice.LinuxProfile{
	// 			AdminUsername: to.Ptr("azureuser"),
	// 			SSH: &armcontainerservice.SSHConfiguration{
	// 				PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 					{
	// 						KeyData: to.Ptr("keydata"),
	// 				}},
	// 			},
	// 		},
	// 		MaxAgentPools: to.Ptr[int32](1),
	// 		NetworkProfile: &armcontainerservice.NetworkProfile{
	// 			DNSServiceIP: to.Ptr("10.0.0.10"),
	// 			LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 			NatGatewayProfile: &armcontainerservice.ManagedClusterNATGatewayProfile{
	// 				EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 					{
	// 						ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 					},
	// 					{
	// 						ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 				}},
	// 				IdleTimeoutInMinutes: to.Ptr[int32](4),
	// 				ManagedOutboundIPProfile: &armcontainerservice.ManagedClusterManagedOutboundIPProfile{
	// 					Count: to.Ptr[int32](2),
	// 				},
	// 			},
	// 			NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 			OutboundType: to.Ptr(armcontainerservice.OutboundTypeManagedNATGateway),
	// 			PodCidr: to.Ptr("10.244.0.0/16"),
	// 			ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 		},
	// 		NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 		ProvisioningState: to.Ptr("Succeeded"),
	// 		ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 			ClientID: to.Ptr("clientid"),
	// 		},
	// 		WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 			AdminUsername: to.Ptr("azureuser"),
	// 		},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_ManagedNATGateway.json
 */
async function createManagedClusterWithAksManagedNatGatewayAsOutboundType() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    addonProfiles: {},
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        count: 3,
        enableNodePublicIP: false,
        mode: "System",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
      },
    ],
    autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
    diskEncryptionSetID:
      "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    dnsPrefix: "dnsprefix1",
    enablePodSecurityPolicy: true,
    enableRbac: true,
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerSku: "standard",
      natGatewayProfile: { managedOutboundIPProfile: { count: 2 } },
      outboundType: "managedNATGateway",
    },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": false,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "managedNATGateway",
      "natGatewayProfile": {
        "idleTimeoutInMinutes": 4,
        "managedOutboundIPProfile": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": false,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "managedNATGateway",
      "natGatewayProfile": {
        "idleTimeoutInMinutes": 4,
        "managedOutboundIPProfile": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create Managed Cluster with Azure KeyVault Secrets Provider Addon

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {
      "azureKeyvaultSecretsProvider": {
        "enabled": true,
        "config": {
          "enableSecretRotation": "true",
          "rotationPollInterval": "2m"
        }
      }
    },
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAddonProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_AzureKeyvaultSecretsProvider.json
     */
    /**
     * Sample code: Create Managed Cluster with Azure KeyVault Secrets Provider Addon.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createManagedClusterWithAzureKeyVaultSecretsProviderAddon(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS2_v2")
                                    .withOsType(OSType.LINUX)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withEnableNodePublicIp(true)
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder"))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(
                        mapOf(
                            "azureKeyvaultSecretsProvider",
                            new ManagedClusterAddonProfile()
                                .withEnabled(true)
                                .withConfig(
                                    mapOf(
                                        "enableSecretRotation", "fakeTokenPlaceholder", "rotationPollInterval", "2m"))))
                    .withEnableRbac(true)
                    .withEnablePodSecurityPolicy(true)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.LOAD_BALANCER)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withLoadBalancerProfile(
                                new ManagedClusterLoadBalancerProfile()
                                    .withManagedOutboundIPs(
                                        new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m"))
                    .withDiskEncryptionSetId(
                        "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_azure_keyvault_secrets_provider.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "location": "location1",
            "properties": {
                "addonProfiles": {
                    "azureKeyvaultSecretsProvider": {
                        "config": {"enableSecretRotation": "true", "rotationPollInterval": "2m"},
                        "enabled": True,
                    }
                },
                "agentPoolProfiles": [
                    {
                        "count": 3,
                        "enableNodePublicIP": True,
                        "mode": "System",
                        "name": "nodepool1",
                        "osType": "Linux",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS2_v2",
                    }
                ],
                "autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
                "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
                "dnsPrefix": "dnsprefix1",
                "enablePodSecurityPolicy": True,
                "enableRBAC": True,
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
                    "loadBalancerSku": "standard",
                    "outboundType": "loadBalancer",
                },
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_AzureKeyvaultSecretsProvider.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_AzureKeyvaultSecretsProvider.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithAzureKeyVaultSecretsProviderAddon() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{
				"azureKeyvaultSecretsProvider": {
					Config: map[string]*string{
						"enableSecretRotation": to.Ptr("true"),
						"rotationPollInterval": to.Ptr("2m"),
					},
					Enabled: to.Ptr(true),
				},
			},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type:               to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					Count:              to.Ptr[int32](3),
					EnableNodePublicIP: to.Ptr(true),
					Mode:               to.Ptr(armcontainerservice.AgentPoolModeSystem),
					OSType:             to.Ptr(armcontainerservice.OSTypeLinux),
					VMSize:             to.Ptr("Standard_DS2_v2"),
					Name:               to.Ptr("nodepool1"),
				}},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				ScaleDownDelayAfterAdd: to.Ptr("15m"),
				ScanInterval:           to.Ptr("20s"),
			},
			DiskEncryptionSetID:     to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
			DNSPrefix:               to.Ptr("dnsprefix1"),
			EnablePodSecurityPolicy: to.Ptr(true),
			EnableRBAC:              to.Ptr(true),
			KubernetesVersion:       to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
						Count: to.Ptr[int32](2),
					},
				},
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{
	// 			"azureKeyvaultSecretsProvider": &armcontainerservice.ManagedClusterAddonProfile{
	// 				Config: map[string]*string{
	// 					"enableSecretRotation": to.Ptr("true"),
	// 					"rotationPollInterval": to.Ptr("2m"),
	// 				},
	// 				Enabled: to.Ptr(true),
	// 			},
	// 		},
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				Count: to.Ptr[int32](3),
	// 				EnableEncryptionAtHost: to.Ptr(true),
	// 				EnableNodePublicIP: to.Ptr(true),
	// 				MaxPods: to.Ptr[int32](110),
	// 				Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 				NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 				OrchestratorVersion: to.Ptr("1.9.6"),
	// 				OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 				ProvisioningState: to.Ptr("Succeeded"),
	// 				VMSize: to.Ptr("Standard_DS2_v2"),
	// 				Name: to.Ptr("nodepool1"),
	// 		}},
	// 		AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 			ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 			ScanInterval: to.Ptr("20s"),
	// 		},
	// 		DiskEncryptionSetID: to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
	// 		DNSPrefix: to.Ptr("dnsprefix1"),
	// 		EnablePodSecurityPolicy: to.Ptr(true),
	// 		EnableRBAC: to.Ptr(true),
	// 		Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
	// 		KubernetesVersion: to.Ptr("1.9.6"),
	// 		LinuxProfile: &armcontainerservice.LinuxProfile{
	// 			AdminUsername: to.Ptr("azureuser"),
	// 			SSH: &armcontainerservice.SSHConfiguration{
	// 				PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 					{
	// 						KeyData: to.Ptr("keydata"),
	// 				}},
	// 			},
	// 		},
	// 		MaxAgentPools: to.Ptr[int32](1),
	// 		NetworkProfile: &armcontainerservice.NetworkProfile{
	// 			DNSServiceIP: to.Ptr("10.0.0.10"),
	// 			LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
	// 				AllocatedOutboundPorts: to.Ptr[int32](2000),
	// 				EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 					{
	// 						ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 					},
	// 					{
	// 						ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 				}},
	// 				IdleTimeoutInMinutes: to.Ptr[int32](10),
	// 				ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
	// 					Count: to.Ptr[int32](2),
	// 				},
	// 			},
	// 			LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 			NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 			OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
	// 			PodCidr: to.Ptr("10.244.0.0/16"),
	// 			ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 		},
	// 		NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 		ProvisioningState: to.Ptr("Succeeded"),
	// 		ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 			ClientID: to.Ptr("clientid"),
	// 		},
	// 		WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 			AdminUsername: to.Ptr("azureuser"),
	// 		},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_AzureKeyvaultSecretsProvider.json
 */
async function createManagedClusterWithAzureKeyVaultSecretsProviderAddon() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    addonProfiles: {
      azureKeyvaultSecretsProvider: {
        config: { enableSecretRotation: "true", rotationPollInterval: "2m" },
        enabled: true,
      },
    },
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        count: 3,
        enableNodePublicIP: true,
        mode: "System",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
      },
    ],
    autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
    diskEncryptionSetID:
      "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    dnsPrefix: "dnsprefix1",
    enablePodSecurityPolicy: true,
    enableRbac: true,
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
      loadBalancerSku: "standard",
      outboundType: "loadBalancer",
    },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "addonProfiles": {
      "azureKeyvaultSecretsProvider": {
        "enabled": true,
        "config": {
          "enableSecretRotation": "true",
          "rotationPollInterval": "2m"
        }
      }
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "addonProfiles": {
      "azureKeyvaultSecretsProvider": {
        "enabled": true,
        "config": {
          "enableSecretRotation": "true",
          "rotationPollInterval": "2m"
        }
      }
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create Managed Cluster with Dedicated Host Group

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "hostGroupID": "/subscriptions/subid1/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": false
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_DedicatedHostGroup.json
     */
    /**
     * Sample code: Create Managed Cluster with Dedicated Host Group.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createManagedClusterWithDedicatedHostGroup(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS2_v2")
                                    .withOsType(OSType.LINUX)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withEnableNodePublicIp(true)
                                    .withHostGroupId(
                                        "/subscriptions/subid1/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1")
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder"))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(mapOf())
                    .withEnableRbac(true)
                    .withEnablePodSecurityPolicy(false)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.LOAD_BALANCER)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withLoadBalancerProfile(
                                new ManagedClusterLoadBalancerProfile()
                                    .withManagedOutboundIPs(
                                        new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m"))
                    .withDiskEncryptionSetId(
                        "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_dedicated_host_group.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "location": "location1",
            "properties": {
                "addonProfiles": {},
                "agentPoolProfiles": [
                    {
                        "count": 3,
                        "enableNodePublicIP": True,
                        "hostGroupID": "/subscriptions/subid1/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1",
                        "name": "nodepool1",
                        "osType": "Linux",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS2_v2",
                    }
                ],
                "autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
                "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
                "dnsPrefix": "dnsprefix1",
                "enablePodSecurityPolicy": False,
                "enableRBAC": True,
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
                    "loadBalancerSku": "standard",
                    "outboundType": "loadBalancer",
                },
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_DedicatedHostGroup.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_DedicatedHostGroup.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithDedicatedHostGroup() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type:               to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					Count:              to.Ptr[int32](3),
					EnableNodePublicIP: to.Ptr(true),
					HostGroupID:        to.Ptr("/subscriptions/subid1/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1"),
					OSType:             to.Ptr(armcontainerservice.OSTypeLinux),
					VMSize:             to.Ptr("Standard_DS2_v2"),
					Name:               to.Ptr("nodepool1"),
				}},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				ScaleDownDelayAfterAdd: to.Ptr("15m"),
				ScanInterval:           to.Ptr("20s"),
			},
			DiskEncryptionSetID:     to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
			DNSPrefix:               to.Ptr("dnsprefix1"),
			EnablePodSecurityPolicy: to.Ptr(false),
			EnableRBAC:              to.Ptr(true),
			KubernetesVersion:       to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
						Count: to.Ptr[int32](2),
					},
				},
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				Count: to.Ptr[int32](3),
	// 				EnableNodePublicIP: to.Ptr(true),
	// 				HostGroupID: to.Ptr("/subscriptions/subid1/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1"),
	// 				MaxPods: to.Ptr[int32](110),
	// 				NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 				OrchestratorVersion: to.Ptr("1.9.6"),
	// 				OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 				ProvisioningState: to.Ptr("Succeeded"),
	// 				VMSize: to.Ptr("Standard_DS2_v2"),
	// 				Name: to.Ptr("nodepool1"),
	// 		}},
	// 		AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 			ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 			ScanInterval: to.Ptr("20s"),
	// 		},
	// 		DiskEncryptionSetID: to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
	// 		DNSPrefix: to.Ptr("dnsprefix1"),
	// 		EnablePodSecurityPolicy: to.Ptr(false),
	// 		EnableRBAC: to.Ptr(true),
	// 		Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
	// 		KubernetesVersion: to.Ptr("1.9.6"),
	// 		LinuxProfile: &armcontainerservice.LinuxProfile{
	// 			AdminUsername: to.Ptr("azureuser"),
	// 			SSH: &armcontainerservice.SSHConfiguration{
	// 				PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 					{
	// 						KeyData: to.Ptr("keydata"),
	// 				}},
	// 			},
	// 		},
	// 		MaxAgentPools: to.Ptr[int32](1),
	// 		NetworkProfile: &armcontainerservice.NetworkProfile{
	// 			DNSServiceIP: to.Ptr("10.0.0.10"),
	// 			IPFamilies: []*armcontainerservice.IPFamily{
	// 				to.Ptr(armcontainerservice.IPFamilyIPv4)},
	// 				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
	// 					AllocatedOutboundPorts: to.Ptr[int32](2000),
	// 					EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 						},
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 					}},
	// 					IdleTimeoutInMinutes: to.Ptr[int32](10),
	// 					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
	// 						Count: to.Ptr[int32](2),
	// 					},
	// 				},
	// 				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 				NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 				OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
	// 				PodCidr: to.Ptr("10.244.0.0/16"),
	// 				PodCidrs: []*string{
	// 					to.Ptr("10.244.0.0/16")},
	// 					ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 					ServiceCidrs: []*string{
	// 						to.Ptr("10.0.0.0/16")},
	// 					},
	// 					NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 					ProvisioningState: to.Ptr("Succeeded"),
	// 					ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 						ClientID: to.Ptr("clientid"),
	// 					},
	// 					WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 						AdminUsername: to.Ptr("azureuser"),
	// 					},
	// 				},
	// 			}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_DedicatedHostGroup.json
 */
async function createManagedClusterWithDedicatedHostGroup() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    addonProfiles: {},
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        count: 3,
        enableNodePublicIP: true,
        hostGroupID:
          "/subscriptions/subid1/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
      },
    ],
    autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
    diskEncryptionSetID:
      "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    dnsPrefix: "dnsprefix1",
    enablePodSecurityPolicy: false,
    enableRbac: true,
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
      loadBalancerSku: "standard",
      outboundType: "loadBalancer",
    },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
        "hostGroupID": "/subscriptions/subid1/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": false,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "hostGroupID": "/subscriptions/subid1/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": false,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create Managed Cluster with EncryptionAtHost enabled

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_EnableEncryptionAtHost.json
     */
    /**
     * Sample code: Create Managed Cluster with EncryptionAtHost enabled.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createManagedClusterWithEncryptionAtHostEnabled(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS2_v2")
                                    .withOsType(OSType.LINUX)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withEnableNodePublicIp(true)
                                    .withEnableEncryptionAtHost(true)
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder"))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(mapOf())
                    .withEnableRbac(true)
                    .withEnablePodSecurityPolicy(true)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.LOAD_BALANCER)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withLoadBalancerProfile(
                                new ManagedClusterLoadBalancerProfile()
                                    .withManagedOutboundIPs(
                                        new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m"))
                    .withDiskEncryptionSetId(
                        "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_enable_encryption_at_host.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "location": "location1",
            "properties": {
                "addonProfiles": {},
                "agentPoolProfiles": [
                    {
                        "count": 3,
                        "enableEncryptionAtHost": True,
                        "enableNodePublicIP": True,
                        "mode": "System",
                        "name": "nodepool1",
                        "osType": "Linux",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS2_v2",
                    }
                ],
                "autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
                "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
                "dnsPrefix": "dnsprefix1",
                "enablePodSecurityPolicy": True,
                "enableRBAC": True,
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
                    "loadBalancerSku": "standard",
                    "outboundType": "loadBalancer",
                },
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_EnableEncryptionAtHost.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_EnableEncryptionAtHost.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithEncryptionAtHostEnabled() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type:                   to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					Count:                  to.Ptr[int32](3),
					EnableEncryptionAtHost: to.Ptr(true),
					EnableNodePublicIP:     to.Ptr(true),
					Mode:                   to.Ptr(armcontainerservice.AgentPoolModeSystem),
					OSType:                 to.Ptr(armcontainerservice.OSTypeLinux),
					VMSize:                 to.Ptr("Standard_DS2_v2"),
					Name:                   to.Ptr("nodepool1"),
				}},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				ScaleDownDelayAfterAdd: to.Ptr("15m"),
				ScanInterval:           to.Ptr("20s"),
			},
			DiskEncryptionSetID:     to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
			DNSPrefix:               to.Ptr("dnsprefix1"),
			EnablePodSecurityPolicy: to.Ptr(true),
			EnableRBAC:              to.Ptr(true),
			KubernetesVersion:       to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
						Count: to.Ptr[int32](2),
					},
				},
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				Count: to.Ptr[int32](3),
	// 				CurrentOrchestratorVersion: to.Ptr("1.9.6"),
	// 				EnableEncryptionAtHost: to.Ptr(true),
	// 				EnableNodePublicIP: to.Ptr(true),
	// 				MaxPods: to.Ptr[int32](110),
	// 				Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 				NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 				OrchestratorVersion: to.Ptr("1.9.6"),
	// 				OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 				ProvisioningState: to.Ptr("Succeeded"),
	// 				VMSize: to.Ptr("Standard_DS2_v2"),
	// 				Name: to.Ptr("nodepool1"),
	// 		}},
	// 		AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 			ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 			ScanInterval: to.Ptr("20s"),
	// 		},
	// 		CurrentKubernetesVersion: to.Ptr("1.9.6"),
	// 		DiskEncryptionSetID: to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
	// 		DNSPrefix: to.Ptr("dnsprefix1"),
	// 		EnablePodSecurityPolicy: to.Ptr(true),
	// 		EnableRBAC: to.Ptr(true),
	// 		Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
	// 		KubernetesVersion: to.Ptr("1.9.6"),
	// 		LinuxProfile: &armcontainerservice.LinuxProfile{
	// 			AdminUsername: to.Ptr("azureuser"),
	// 			SSH: &armcontainerservice.SSHConfiguration{
	// 				PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 					{
	// 						KeyData: to.Ptr("keydata"),
	// 				}},
	// 			},
	// 		},
	// 		MaxAgentPools: to.Ptr[int32](1),
	// 		NetworkProfile: &armcontainerservice.NetworkProfile{
	// 			DNSServiceIP: to.Ptr("10.0.0.10"),
	// 			IPFamilies: []*armcontainerservice.IPFamily{
	// 				to.Ptr(armcontainerservice.IPFamilyIPv4)},
	// 				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
	// 					AllocatedOutboundPorts: to.Ptr[int32](2000),
	// 					EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 						},
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 					}},
	// 					IdleTimeoutInMinutes: to.Ptr[int32](10),
	// 					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
	// 						Count: to.Ptr[int32](2),
	// 					},
	// 				},
	// 				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 				NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 				OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
	// 				PodCidr: to.Ptr("10.244.0.0/16"),
	// 				PodCidrs: []*string{
	// 					to.Ptr("10.244.0.0/16")},
	// 					ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 					ServiceCidrs: []*string{
	// 						to.Ptr("10.0.0.0/16")},
	// 					},
	// 					NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 					ProvisioningState: to.Ptr("Succeeded"),
	// 					ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 						ClientID: to.Ptr("clientid"),
	// 					},
	// 					WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 						AdminUsername: to.Ptr("azureuser"),
	// 					},
	// 				},
	// 			}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_EnableEncryptionAtHost.json
 */
async function createManagedClusterWithEncryptionAtHostEnabled() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    addonProfiles: {},
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        count: 3,
        enableEncryptionAtHost: true,
        enableNodePublicIP: true,
        mode: "System",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
      },
    ],
    autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
    diskEncryptionSetID:
      "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    dnsPrefix: "dnsprefix1",
    enablePodSecurityPolicy: true,
    enableRbac: true,
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
      loadBalancerSku: "standard",
      outboundType: "loadBalancer",
    },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create Managed Cluster with FIPS enabled OS

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableFIPS": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": false
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_EnabledFIPS.json
     */
    /**
     * Sample code: Create Managed Cluster with FIPS enabled OS.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createManagedClusterWithFIPSEnabledOS(com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS2_v2")
                                    .withOsType(OSType.LINUX)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withEnableNodePublicIp(true)
                                    .withEnableFips(true)
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder"))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(mapOf())
                    .withEnableRbac(true)
                    .withEnablePodSecurityPolicy(false)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.LOAD_BALANCER)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withLoadBalancerProfile(
                                new ManagedClusterLoadBalancerProfile()
                                    .withManagedOutboundIPs(
                                        new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m"))
                    .withDiskEncryptionSetId(
                        "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_enabled_fips.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "location": "location1",
            "properties": {
                "addonProfiles": {},
                "agentPoolProfiles": [
                    {
                        "count": 3,
                        "enableFIPS": True,
                        "enableNodePublicIP": True,
                        "mode": "System",
                        "name": "nodepool1",
                        "osType": "Linux",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS2_v2",
                    }
                ],
                "autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
                "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
                "dnsPrefix": "dnsprefix1",
                "enablePodSecurityPolicy": False,
                "enableRBAC": True,
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
                    "loadBalancerSku": "standard",
                    "outboundType": "loadBalancer",
                },
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_EnabledFIPS.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_EnabledFIPS.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithFipsEnabledOs() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type:               to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					Count:              to.Ptr[int32](3),
					EnableFIPS:         to.Ptr(true),
					EnableNodePublicIP: to.Ptr(true),
					Mode:               to.Ptr(armcontainerservice.AgentPoolModeSystem),
					OSType:             to.Ptr(armcontainerservice.OSTypeLinux),
					VMSize:             to.Ptr("Standard_DS2_v2"),
					Name:               to.Ptr("nodepool1"),
				}},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				ScaleDownDelayAfterAdd: to.Ptr("15m"),
				ScanInterval:           to.Ptr("20s"),
			},
			DiskEncryptionSetID:     to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
			DNSPrefix:               to.Ptr("dnsprefix1"),
			EnablePodSecurityPolicy: to.Ptr(false),
			EnableRBAC:              to.Ptr(true),
			KubernetesVersion:       to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
						Count: to.Ptr[int32](2),
					},
				},
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				Count: to.Ptr[int32](3),
	// 				CurrentOrchestratorVersion: to.Ptr("1.9.6"),
	// 				EnableFIPS: to.Ptr(true),
	// 				EnableNodePublicIP: to.Ptr(true),
	// 				MaxPods: to.Ptr[int32](110),
	// 				Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 				NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 				OrchestratorVersion: to.Ptr("1.9.6"),
	// 				OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 				ProvisioningState: to.Ptr("Succeeded"),
	// 				VMSize: to.Ptr("Standard_DS2_v2"),
	// 				Name: to.Ptr("nodepool1"),
	// 		}},
	// 		AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 			ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 			ScanInterval: to.Ptr("20s"),
	// 		},
	// 		CurrentKubernetesVersion: to.Ptr("1.9.6"),
	// 		DiskEncryptionSetID: to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
	// 		DNSPrefix: to.Ptr("dnsprefix1"),
	// 		EnablePodSecurityPolicy: to.Ptr(false),
	// 		EnableRBAC: to.Ptr(true),
	// 		Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
	// 		KubernetesVersion: to.Ptr("1.9.6"),
	// 		LinuxProfile: &armcontainerservice.LinuxProfile{
	// 			AdminUsername: to.Ptr("azureuser"),
	// 			SSH: &armcontainerservice.SSHConfiguration{
	// 				PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 					{
	// 						KeyData: to.Ptr("keydata"),
	// 				}},
	// 			},
	// 		},
	// 		MaxAgentPools: to.Ptr[int32](1),
	// 		NetworkProfile: &armcontainerservice.NetworkProfile{
	// 			DNSServiceIP: to.Ptr("10.0.0.10"),
	// 			IPFamilies: []*armcontainerservice.IPFamily{
	// 				to.Ptr(armcontainerservice.IPFamilyIPv4)},
	// 				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
	// 					AllocatedOutboundPorts: to.Ptr[int32](2000),
	// 					EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 						},
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 					}},
	// 					IdleTimeoutInMinutes: to.Ptr[int32](10),
	// 					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
	// 						Count: to.Ptr[int32](2),
	// 					},
	// 				},
	// 				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 				NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 				OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
	// 				PodCidr: to.Ptr("10.244.0.0/16"),
	// 				PodCidrs: []*string{
	// 					to.Ptr("10.244.0.0/16")},
	// 					ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 					ServiceCidrs: []*string{
	// 						to.Ptr("10.0.0.0/16")},
	// 					},
	// 					NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 					ProvisioningState: to.Ptr("Succeeded"),
	// 					ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 						ClientID: to.Ptr("clientid"),
	// 					},
	// 					WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 						AdminUsername: to.Ptr("azureuser"),
	// 					},
	// 				},
	// 			}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_EnabledFIPS.json
 */
async function createManagedClusterWithFipsEnabledOS() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    addonProfiles: {},
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        count: 3,
        enableFips: true,
        enableNodePublicIP: true,
        mode: "System",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
      },
    ],
    autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
    diskEncryptionSetID:
      "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    dnsPrefix: "dnsprefix1",
    enablePodSecurityPolicy: false,
    enableRbac: true,
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
      loadBalancerSku: "standard",
      outboundType: "loadBalancer",
    },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
        "enableFIPS": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": false,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableFIPS": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": false,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create Managed Cluster with GPUMIG

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_ND96asr_v4",
        "osType": "Linux",
        "gpuInstanceProfile": "MIG3g",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "httpProxyConfig": {
      "httpProxy": "http://myproxy.server.com:8080",
      "httpsProxy": "https://myproxy.server.com:8080",
      "noProxy": [
        "localhost",
        "127.0.0.1"
      ],
      "trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
    }
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.GpuInstanceProfile;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterHttpProxyConfig;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_GPUMIG.json
     */
    /**
     * Sample code: Create Managed Cluster with GPUMIG.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createManagedClusterWithGPUMIG(com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_ND96asr_v4")
                                    .withOsType(OSType.LINUX)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withEnableNodePublicIp(true)
                                    .withGpuInstanceProfile(GpuInstanceProfile.MIG3G)
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder"))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(mapOf())
                    .withEnableRbac(true)
                    .withEnablePodSecurityPolicy(true)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.LOAD_BALANCER)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withLoadBalancerProfile(
                                new ManagedClusterLoadBalancerProfile()
                                    .withManagedOutboundIPs(
                                        new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m"))
                    .withDiskEncryptionSetId(
                        "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
                    .withHttpProxyConfig(
                        new ManagedClusterHttpProxyConfig()
                            .withHttpProxy("http://myproxy.server.com:8080")
                            .withHttpsProxy("https://myproxy.server.com:8080")
                            .withNoProxy(Arrays.asList("localhost", "127.0.0.1"))
                            .withTrustedCa("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=")),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_gpumig.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "location": "location1",
            "properties": {
                "addonProfiles": {},
                "agentPoolProfiles": [
                    {
                        "count": 3,
                        "enableNodePublicIP": True,
                        "gpuInstanceProfile": "MIG3g",
                        "mode": "System",
                        "name": "nodepool1",
                        "osType": "Linux",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_ND96asr_v4",
                    }
                ],
                "autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
                "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
                "dnsPrefix": "dnsprefix1",
                "enablePodSecurityPolicy": True,
                "enableRBAC": True,
                "httpProxyConfig": {
                    "httpProxy": "http://myproxy.server.com:8080",
                    "httpsProxy": "https://myproxy.server.com:8080",
                    "noProxy": ["localhost", "127.0.0.1"],
                    "trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
                },
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
                    "loadBalancerSku": "standard",
                    "outboundType": "loadBalancer",
                },
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_GPUMIG.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_GPUMIG.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithGpumig() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type:               to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					Count:              to.Ptr[int32](3),
					EnableNodePublicIP: to.Ptr(true),
					GpuInstanceProfile: to.Ptr(armcontainerservice.GPUInstanceProfileMIG3G),
					Mode:               to.Ptr(armcontainerservice.AgentPoolModeSystem),
					OSType:             to.Ptr(armcontainerservice.OSTypeLinux),
					VMSize:             to.Ptr("Standard_ND96asr_v4"),
					Name:               to.Ptr("nodepool1"),
				}},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				ScaleDownDelayAfterAdd: to.Ptr("15m"),
				ScanInterval:           to.Ptr("20s"),
			},
			DiskEncryptionSetID:     to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
			DNSPrefix:               to.Ptr("dnsprefix1"),
			EnablePodSecurityPolicy: to.Ptr(true),
			EnableRBAC:              to.Ptr(true),
			HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
				HTTPProxy:  to.Ptr("http://myproxy.server.com:8080"),
				HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
				NoProxy: []*string{
					to.Ptr("localhost"),
					to.Ptr("127.0.0.1")},
				TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
			},
			KubernetesVersion: to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
						Count: to.Ptr[int32](2),
					},
				},
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				Count: to.Ptr[int32](3),
	// 				CurrentOrchestratorVersion: to.Ptr("1.9.6"),
	// 				EnableNodePublicIP: to.Ptr(true),
	// 				GpuInstanceProfile: to.Ptr(armcontainerservice.GPUInstanceProfileMIG3G),
	// 				MaxPods: to.Ptr[int32](110),
	// 				Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 				NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 				OrchestratorVersion: to.Ptr("1.9.6"),
	// 				OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 				ProvisioningState: to.Ptr("Succeeded"),
	// 				VMSize: to.Ptr("Standard_ND96asr_v4"),
	// 				Name: to.Ptr("nodepool1"),
	// 		}},
	// 		AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 			ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 			ScanInterval: to.Ptr("20s"),
	// 		},
	// 		CurrentKubernetesVersion: to.Ptr("1.9.6"),
	// 		DiskEncryptionSetID: to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
	// 		DNSPrefix: to.Ptr("dnsprefix1"),
	// 		EnablePodSecurityPolicy: to.Ptr(true),
	// 		EnableRBAC: to.Ptr(true),
	// 		Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
	// 		HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
	// 			HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
	// 			HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
	// 			NoProxy: []*string{
	// 				to.Ptr("localhost"),
	// 				to.Ptr("127.0.0.1")},
	// 				TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
	// 			},
	// 			KubernetesVersion: to.Ptr("1.9.6"),
	// 			LinuxProfile: &armcontainerservice.LinuxProfile{
	// 				AdminUsername: to.Ptr("azureuser"),
	// 				SSH: &armcontainerservice.SSHConfiguration{
	// 					PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 						{
	// 							KeyData: to.Ptr("keydata"),
	// 					}},
	// 				},
	// 			},
	// 			MaxAgentPools: to.Ptr[int32](1),
	// 			NetworkProfile: &armcontainerservice.NetworkProfile{
	// 				DNSServiceIP: to.Ptr("10.0.0.10"),
	// 				IPFamilies: []*armcontainerservice.IPFamily{
	// 					to.Ptr(armcontainerservice.IPFamilyIPv4)},
	// 					LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
	// 						AllocatedOutboundPorts: to.Ptr[int32](2000),
	// 						EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 							{
	// 								ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 							},
	// 							{
	// 								ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 						}},
	// 						IdleTimeoutInMinutes: to.Ptr[int32](10),
	// 						ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
	// 							Count: to.Ptr[int32](2),
	// 						},
	// 					},
	// 					LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 					NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 					OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
	// 					PodCidr: to.Ptr("10.244.0.0/16"),
	// 					PodCidrs: []*string{
	// 						to.Ptr("10.244.0.0/16")},
	// 						ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 						ServiceCidrs: []*string{
	// 							to.Ptr("10.0.0.0/16")},
	// 						},
	// 						NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 						ProvisioningState: to.Ptr("Succeeded"),
	// 						ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 							ClientID: to.Ptr("clientid"),
	// 						},
	// 						WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 							AdminUsername: to.Ptr("azureuser"),
	// 						},
	// 					},
	// 				}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_GPUMIG.json
 */
async function createManagedClusterWithGpumig() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    addonProfiles: {},
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        count: 3,
        enableNodePublicIP: true,
        gpuInstanceProfile: "MIG3g",
        mode: "System",
        osType: "Linux",
        vmSize: "Standard_ND96asr_v4",
      },
    ],
    autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
    diskEncryptionSetID:
      "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    dnsPrefix: "dnsprefix1",
    enablePodSecurityPolicy: true,
    enableRbac: true,
    httpProxyConfig: {
      httpProxy: "http://myproxy.server.com:8080",
      httpsProxy: "https://myproxy.server.com:8080",
      noProxy: ["localhost", "127.0.0.1"],
      trustedCa: "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
    },
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
      loadBalancerSku: "standard",
      outboundType: "loadBalancer",
    },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_ND96asr_v4",
        "maxPods": 110,
        "osType": "Linux",
        "gpuInstanceProfile": "MIG3g",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "httpProxyConfig": {
      "httpProxy": "http://myproxy.server.com:8080",
      "httpsProxy": "https://myproxy.server.com:8080",
      "noProxy": [
        "localhost",
        "127.0.0.1"
      ],
      "trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
    }
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_ND96asr_v4",
        "maxPods": 110,
        "osType": "Linux",
        "gpuInstanceProfile": "MIG3g",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "httpProxyConfig": {
      "httpProxy": "http://myproxy.server.com:8080",
      "httpsProxy": "https://myproxy.server.com:8080",
      "noProxy": [
        "localhost",
        "127.0.0.1"
      ],
      "trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
    }
  }
}

Create Managed Cluster with HTTP proxy configured

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "httpProxyConfig": {
      "httpProxy": "http://myproxy.server.com:8080",
      "httpsProxy": "https://myproxy.server.com:8080",
      "noProxy": [
        "localhost",
        "127.0.0.1"
      ],
      "trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
    }
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterHttpProxyConfig;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_HTTPProxy.json
     */
    /**
     * Sample code: Create Managed Cluster with HTTP proxy configured.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createManagedClusterWithHTTPProxyConfigured(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS2_v2")
                                    .withOsType(OSType.LINUX)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withEnableNodePublicIp(true)
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder"))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(mapOf())
                    .withEnableRbac(true)
                    .withEnablePodSecurityPolicy(true)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.LOAD_BALANCER)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withLoadBalancerProfile(
                                new ManagedClusterLoadBalancerProfile()
                                    .withManagedOutboundIPs(
                                        new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m"))
                    .withDiskEncryptionSetId(
                        "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
                    .withHttpProxyConfig(
                        new ManagedClusterHttpProxyConfig()
                            .withHttpProxy("http://myproxy.server.com:8080")
                            .withHttpsProxy("https://myproxy.server.com:8080")
                            .withNoProxy(Arrays.asList("localhost", "127.0.0.1"))
                            .withTrustedCa("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=")),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_httpproxy.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "location": "location1",
            "properties": {
                "addonProfiles": {},
                "agentPoolProfiles": [
                    {
                        "count": 3,
                        "enableNodePublicIP": True,
                        "mode": "System",
                        "name": "nodepool1",
                        "osType": "Linux",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS2_v2",
                    }
                ],
                "autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
                "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
                "dnsPrefix": "dnsprefix1",
                "enablePodSecurityPolicy": True,
                "enableRBAC": True,
                "httpProxyConfig": {
                    "httpProxy": "http://myproxy.server.com:8080",
                    "httpsProxy": "https://myproxy.server.com:8080",
                    "noProxy": ["localhost", "127.0.0.1"],
                    "trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
                },
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
                    "loadBalancerSku": "standard",
                    "outboundType": "loadBalancer",
                },
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_HTTPProxy.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_HTTPProxy.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithHttpProxyConfigured() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type:               to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					Count:              to.Ptr[int32](3),
					EnableNodePublicIP: to.Ptr(true),
					Mode:               to.Ptr(armcontainerservice.AgentPoolModeSystem),
					OSType:             to.Ptr(armcontainerservice.OSTypeLinux),
					VMSize:             to.Ptr("Standard_DS2_v2"),
					Name:               to.Ptr("nodepool1"),
				}},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				ScaleDownDelayAfterAdd: to.Ptr("15m"),
				ScanInterval:           to.Ptr("20s"),
			},
			DiskEncryptionSetID:     to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
			DNSPrefix:               to.Ptr("dnsprefix1"),
			EnablePodSecurityPolicy: to.Ptr(true),
			EnableRBAC:              to.Ptr(true),
			HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
				HTTPProxy:  to.Ptr("http://myproxy.server.com:8080"),
				HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
				NoProxy: []*string{
					to.Ptr("localhost"),
					to.Ptr("127.0.0.1")},
				TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
			},
			KubernetesVersion: to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
						Count: to.Ptr[int32](2),
					},
				},
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				Count: to.Ptr[int32](3),
	// 				CurrentOrchestratorVersion: to.Ptr("1.9.6"),
	// 				EnableNodePublicIP: to.Ptr(true),
	// 				MaxPods: to.Ptr[int32](110),
	// 				Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 				NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 				OrchestratorVersion: to.Ptr("1.9.6"),
	// 				OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 				ProvisioningState: to.Ptr("Succeeded"),
	// 				VMSize: to.Ptr("Standard_DS2_v2"),
	// 				Name: to.Ptr("nodepool1"),
	// 		}},
	// 		AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 			ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 			ScanInterval: to.Ptr("20s"),
	// 		},
	// 		CurrentKubernetesVersion: to.Ptr("1.9.6"),
	// 		DiskEncryptionSetID: to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
	// 		DNSPrefix: to.Ptr("dnsprefix1"),
	// 		EnablePodSecurityPolicy: to.Ptr(true),
	// 		EnableRBAC: to.Ptr(true),
	// 		Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
	// 		HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
	// 			HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
	// 			HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
	// 			NoProxy: []*string{
	// 				to.Ptr("localhost"),
	// 				to.Ptr("127.0.0.1")},
	// 				TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
	// 			},
	// 			KubernetesVersion: to.Ptr("1.9.6"),
	// 			LinuxProfile: &armcontainerservice.LinuxProfile{
	// 				AdminUsername: to.Ptr("azureuser"),
	// 				SSH: &armcontainerservice.SSHConfiguration{
	// 					PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 						{
	// 							KeyData: to.Ptr("keydata"),
	// 					}},
	// 				},
	// 			},
	// 			MaxAgentPools: to.Ptr[int32](1),
	// 			NetworkProfile: &armcontainerservice.NetworkProfile{
	// 				DNSServiceIP: to.Ptr("10.0.0.10"),
	// 				IPFamilies: []*armcontainerservice.IPFamily{
	// 					to.Ptr(armcontainerservice.IPFamilyIPv4)},
	// 					LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
	// 						AllocatedOutboundPorts: to.Ptr[int32](2000),
	// 						EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 							{
	// 								ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 							},
	// 							{
	// 								ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 						}},
	// 						IdleTimeoutInMinutes: to.Ptr[int32](10),
	// 						ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
	// 							Count: to.Ptr[int32](2),
	// 						},
	// 					},
	// 					LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 					NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 					OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
	// 					PodCidr: to.Ptr("10.244.0.0/16"),
	// 					PodCidrs: []*string{
	// 						to.Ptr("10.244.0.0/16")},
	// 						ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 						ServiceCidrs: []*string{
	// 							to.Ptr("10.0.0.0/16")},
	// 						},
	// 						NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 						ProvisioningState: to.Ptr("Succeeded"),
	// 						ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 							ClientID: to.Ptr("clientid"),
	// 						},
	// 						WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 							AdminUsername: to.Ptr("azureuser"),
	// 						},
	// 					},
	// 				}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_HTTPProxy.json
 */
async function createManagedClusterWithHttpProxyConfigured() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    addonProfiles: {},
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        count: 3,
        enableNodePublicIP: true,
        mode: "System",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
      },
    ],
    autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
    diskEncryptionSetID:
      "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    dnsPrefix: "dnsprefix1",
    enablePodSecurityPolicy: true,
    enableRbac: true,
    httpProxyConfig: {
      httpProxy: "http://myproxy.server.com:8080",
      httpsProxy: "https://myproxy.server.com:8080",
      noProxy: ["localhost", "127.0.0.1"],
      trustedCa: "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
    },
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
      loadBalancerSku: "standard",
      outboundType: "loadBalancer",
    },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "httpProxyConfig": {
      "httpProxy": "http://myproxy.server.com:8080",
      "httpsProxy": "https://myproxy.server.com:8080",
      "noProxy": [
        "localhost",
        "127.0.0.1"
      ],
      "trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
    }
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "httpProxyConfig": {
      "httpProxy": "http://myproxy.server.com:8080",
      "httpsProxy": "https://myproxy.server.com:8080",
      "noProxy": [
        "localhost",
        "127.0.0.1"
      ],
      "trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
    }
  }
}

Create Managed Cluster with LongTermSupport

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Base",
    "tier": "Premium"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "apiServerAccessProfile": {
      "disableRunCommand": true
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "enablePodSecurityPolicy": true,
    "supportPlan": "AKSLongTermSupport"
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.KubernetesSupportPlan;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterApiServerAccessProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_Premium.json
     */
    /**
     * Sample code: Create Managed Cluster with LongTermSupport.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createManagedClusterWithLongTermSupport(com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.BASE)
                            .withTier(ManagedClusterSkuTier.PREMIUM))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS2_v2")
                                    .withOsType(OSType.LINUX)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withEnableNodePublicIp(true)
                                    .withEnableEncryptionAtHost(true)
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder"))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(mapOf())
                    .withEnableRbac(true)
                    .withSupportPlan(KubernetesSupportPlan.AKSLONG_TERM_SUPPORT)
                    .withEnablePodSecurityPolicy(true)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.LOAD_BALANCER)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withLoadBalancerProfile(
                                new ManagedClusterLoadBalancerProfile()
                                    .withManagedOutboundIPs(
                                        new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m"))
                    .withApiServerAccessProfile(new ManagedClusterApiServerAccessProfile().withDisableRunCommand(true)),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_premium.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "location": "location1",
            "properties": {
                "addonProfiles": {},
                "agentPoolProfiles": [
                    {
                        "count": 3,
                        "enableEncryptionAtHost": True,
                        "enableNodePublicIP": True,
                        "mode": "System",
                        "name": "nodepool1",
                        "osType": "Linux",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS2_v2",
                    }
                ],
                "apiServerAccessProfile": {"disableRunCommand": True},
                "autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
                "dnsPrefix": "dnsprefix1",
                "enablePodSecurityPolicy": True,
                "enableRBAC": True,
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
                    "loadBalancerSku": "standard",
                    "outboundType": "loadBalancer",
                },
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "supportPlan": "AKSLongTermSupport",
                "windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
            },
            "sku": {"name": "Base", "tier": "Premium"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_Premium.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_Premium.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithLongTermSupport() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type:                   to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					Count:                  to.Ptr[int32](3),
					EnableEncryptionAtHost: to.Ptr(true),
					EnableNodePublicIP:     to.Ptr(true),
					Mode:                   to.Ptr(armcontainerservice.AgentPoolModeSystem),
					OSType:                 to.Ptr(armcontainerservice.OSTypeLinux),
					VMSize:                 to.Ptr("Standard_DS2_v2"),
					Name:                   to.Ptr("nodepool1"),
				}},
			APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
				DisableRunCommand: to.Ptr(true),
			},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				ScaleDownDelayAfterAdd: to.Ptr("15m"),
				ScanInterval:           to.Ptr("20s"),
			},
			DNSPrefix:               to.Ptr("dnsprefix1"),
			EnablePodSecurityPolicy: to.Ptr(true),
			EnableRBAC:              to.Ptr(true),
			KubernetesVersion:       to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
						Count: to.Ptr[int32](2),
					},
				},
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			SupportPlan: to.Ptr(armcontainerservice.KubernetesSupportPlanAKSLongTermSupport),
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUNameBase),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierPremium),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				Count: to.Ptr[int32](3),
	// 				CurrentOrchestratorVersion: to.Ptr("1.9.6"),
	// 				EnableEncryptionAtHost: to.Ptr(true),
	// 				EnableNodePublicIP: to.Ptr(true),
	// 				MaxPods: to.Ptr[int32](110),
	// 				Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 				NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 				OrchestratorVersion: to.Ptr("1.9.6"),
	// 				OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 				ProvisioningState: to.Ptr("Succeeded"),
	// 				VMSize: to.Ptr("Standard_DS2_v2"),
	// 				Name: to.Ptr("nodepool1"),
	// 		}},
	// 		APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
	// 			DisableRunCommand: to.Ptr(true),
	// 		},
	// 		AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 			ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 			ScanInterval: to.Ptr("20s"),
	// 		},
	// 		DNSPrefix: to.Ptr("dnsprefix1"),
	// 		EnablePodSecurityPolicy: to.Ptr(true),
	// 		EnableRBAC: to.Ptr(true),
	// 		Fqdn: to.Ptr("dnsprefix1-ee788a1f.hcp.location1.azmk8s.io"),
	// 		KubernetesVersion: to.Ptr("1.9.6"),
	// 		LinuxProfile: &armcontainerservice.LinuxProfile{
	// 			AdminUsername: to.Ptr("azureuser"),
	// 			SSH: &armcontainerservice.SSHConfiguration{
	// 				PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 					{
	// 						KeyData: to.Ptr("keydata"),
	// 				}},
	// 			},
	// 		},
	// 		MaxAgentPools: to.Ptr[int32](1),
	// 		NetworkProfile: &armcontainerservice.NetworkProfile{
	// 			DNSServiceIP: to.Ptr("10.0.0.10"),
	// 			IPFamilies: []*armcontainerservice.IPFamily{
	// 				to.Ptr(armcontainerservice.IPFamilyIPv4)},
	// 				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
	// 					AllocatedOutboundPorts: to.Ptr[int32](2000),
	// 					EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 						},
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 					}},
	// 					IdleTimeoutInMinutes: to.Ptr[int32](10),
	// 					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
	// 						Count: to.Ptr[int32](2),
	// 					},
	// 				},
	// 				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 				NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 				OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
	// 				PodCidr: to.Ptr("10.244.0.0/16"),
	// 				PodCidrs: []*string{
	// 					to.Ptr("10.244.0.0/16")},
	// 					ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 					ServiceCidrs: []*string{
	// 						to.Ptr("10.0.0.0/16")},
	// 					},
	// 					NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 					PrivateFQDN: to.Ptr("dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io"),
	// 					ProvisioningState: to.Ptr("Succeeded"),
	// 					ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 						ClientID: to.Ptr("clientid"),
	// 					},
	// 					SupportPlan: to.Ptr(armcontainerservice.KubernetesSupportPlanAKSLongTermSupport),
	// 					WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 						AdminUsername: to.Ptr("azureuser"),
	// 					},
	// 				},
	// 				SKU: &armcontainerservice.ManagedClusterSKU{
	// 					Name: to.Ptr(armcontainerservice.ManagedClusterSKUNameBase),
	// 					Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierPremium),
	// 				},
	// 			}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_Premium.json
 */
async function createManagedClusterWithLongTermSupport() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    addonProfiles: {},
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        count: 3,
        enableEncryptionAtHost: true,
        enableNodePublicIP: true,
        mode: "System",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
      },
    ],
    apiServerAccessProfile: { disableRunCommand: true },
    autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
    dnsPrefix: "dnsprefix1",
    enablePodSecurityPolicy: true,
    enableRbac: true,
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
      loadBalancerSku: "standard",
      outboundType: "loadBalancer",
    },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Base", tier: "Premium" },
    supportPlan: "AKSLongTermSupport",
    tags: { archv2: "", tier: "production" },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "sku": {
    "name": "Base",
    "tier": "Premium"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "apiServerAccessProfile": {
      "disableRunCommand": true
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
    "privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "supportPlan": "AKSLongTermSupport"
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "sku": {
    "name": "Base",
    "tier": "Premium"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "apiServerAccessProfile": {
      "disableRunCommand": true
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
    "privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "supportPlan": "AKSLongTermSupport"
  }
}

Create Managed Cluster with Node Public IP Prefix

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodePublicIPPrefixID": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_NodePublicIPPrefix.json
     */
    /**
     * Sample code: Create Managed Cluster with Node Public IP Prefix.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createManagedClusterWithNodePublicIPPrefix(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS2_v2")
                                    .withOsType(OSType.LINUX)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withEnableNodePublicIp(true)
                                    .withNodePublicIpPrefixId(
                                        "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix")
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder"))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(mapOf())
                    .withEnableRbac(true)
                    .withEnablePodSecurityPolicy(true)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.LOAD_BALANCER)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withLoadBalancerProfile(
                                new ManagedClusterLoadBalancerProfile()
                                    .withManagedOutboundIPs(
                                        new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m"))
                    .withDiskEncryptionSetId(
                        "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_node_public_ip_prefix.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "location": "location1",
            "properties": {
                "addonProfiles": {},
                "agentPoolProfiles": [
                    {
                        "count": 3,
                        "enableNodePublicIP": True,
                        "mode": "System",
                        "name": "nodepool1",
                        "nodePublicIPPrefixID": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix",
                        "osType": "Linux",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS2_v2",
                    }
                ],
                "autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
                "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
                "dnsPrefix": "dnsprefix1",
                "enablePodSecurityPolicy": True,
                "enableRBAC": True,
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
                    "loadBalancerSku": "standard",
                    "outboundType": "loadBalancer",
                },
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_NodePublicIPPrefix.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_NodePublicIPPrefix.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithNodePublicIpPrefix() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type:                 to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					Count:                to.Ptr[int32](3),
					EnableNodePublicIP:   to.Ptr(true),
					Mode:                 to.Ptr(armcontainerservice.AgentPoolModeSystem),
					NodePublicIPPrefixID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"),
					OSType:               to.Ptr(armcontainerservice.OSTypeLinux),
					VMSize:               to.Ptr("Standard_DS2_v2"),
					Name:                 to.Ptr("nodepool1"),
				}},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				ScaleDownDelayAfterAdd: to.Ptr("15m"),
				ScanInterval:           to.Ptr("20s"),
			},
			DiskEncryptionSetID:     to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
			DNSPrefix:               to.Ptr("dnsprefix1"),
			EnablePodSecurityPolicy: to.Ptr(true),
			EnableRBAC:              to.Ptr(true),
			KubernetesVersion:       to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
						Count: to.Ptr[int32](2),
					},
				},
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				Count: to.Ptr[int32](3),
	// 				CurrentOrchestratorVersion: to.Ptr("1.9.6"),
	// 				EnableNodePublicIP: to.Ptr(true),
	// 				MaxPods: to.Ptr[int32](110),
	// 				Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 				NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 				NodePublicIPPrefixID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"),
	// 				OrchestratorVersion: to.Ptr("1.9.6"),
	// 				OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 				ProvisioningState: to.Ptr("Succeeded"),
	// 				VMSize: to.Ptr("Standard_DS2_v2"),
	// 				Name: to.Ptr("nodepool1"),
	// 		}},
	// 		AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 			ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 			ScanInterval: to.Ptr("20s"),
	// 		},
	// 		CurrentKubernetesVersion: to.Ptr("1.9.6"),
	// 		DiskEncryptionSetID: to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
	// 		DNSPrefix: to.Ptr("dnsprefix1"),
	// 		EnablePodSecurityPolicy: to.Ptr(true),
	// 		EnableRBAC: to.Ptr(true),
	// 		Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
	// 		KubernetesVersion: to.Ptr("1.9.6"),
	// 		LinuxProfile: &armcontainerservice.LinuxProfile{
	// 			AdminUsername: to.Ptr("azureuser"),
	// 			SSH: &armcontainerservice.SSHConfiguration{
	// 				PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 					{
	// 						KeyData: to.Ptr("keydata"),
	// 				}},
	// 			},
	// 		},
	// 		MaxAgentPools: to.Ptr[int32](1),
	// 		NetworkProfile: &armcontainerservice.NetworkProfile{
	// 			DNSServiceIP: to.Ptr("10.0.0.10"),
	// 			IPFamilies: []*armcontainerservice.IPFamily{
	// 				to.Ptr(armcontainerservice.IPFamilyIPv4)},
	// 				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
	// 					AllocatedOutboundPorts: to.Ptr[int32](2000),
	// 					EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 						},
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 					}},
	// 					IdleTimeoutInMinutes: to.Ptr[int32](10),
	// 					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
	// 						Count: to.Ptr[int32](2),
	// 					},
	// 				},
	// 				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 				NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 				OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
	// 				PodCidr: to.Ptr("10.244.0.0/16"),
	// 				PodCidrs: []*string{
	// 					to.Ptr("10.244.0.0/16")},
	// 					ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 					ServiceCidrs: []*string{
	// 						to.Ptr("10.0.0.0/16")},
	// 					},
	// 					NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 					ProvisioningState: to.Ptr("Succeeded"),
	// 					ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 						ClientID: to.Ptr("clientid"),
	// 					},
	// 					WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 						AdminUsername: to.Ptr("azureuser"),
	// 					},
	// 				},
	// 			}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_NodePublicIPPrefix.json
 */
async function createManagedClusterWithNodePublicIPPrefix() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    addonProfiles: {},
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        count: 3,
        enableNodePublicIP: true,
        mode: "System",
        nodePublicIPPrefixID:
          "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
      },
    ],
    autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
    diskEncryptionSetID:
      "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    dnsPrefix: "dnsprefix1",
    enablePodSecurityPolicy: true,
    enableRbac: true,
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
      loadBalancerSku: "standard",
      outboundType: "loadBalancer",
    },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
        "nodePublicIPPrefixID": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodePublicIPPrefixID": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create Managed Cluster with OSSKU

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "osSKU": "AzureLinux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "httpProxyConfig": {
      "httpProxy": "http://myproxy.server.com:8080",
      "httpsProxy": "https://myproxy.server.com:8080",
      "noProxy": [
        "localhost",
        "127.0.0.1"
      ],
      "trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
    }
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterHttpProxyConfig;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSSku;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_OSSKU.json
     */
    /**
     * Sample code: Create Managed Cluster with OSSKU.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createManagedClusterWithOSSKU(com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS2_v2")
                                    .withOsType(OSType.LINUX)
                                    .withOsSku(OSSku.AZURE_LINUX)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withEnableNodePublicIp(true)
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder"))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(mapOf())
                    .withEnableRbac(true)
                    .withEnablePodSecurityPolicy(true)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.LOAD_BALANCER)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withLoadBalancerProfile(
                                new ManagedClusterLoadBalancerProfile()
                                    .withManagedOutboundIPs(
                                        new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m"))
                    .withDiskEncryptionSetId(
                        "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
                    .withHttpProxyConfig(
                        new ManagedClusterHttpProxyConfig()
                            .withHttpProxy("http://myproxy.server.com:8080")
                            .withHttpsProxy("https://myproxy.server.com:8080")
                            .withNoProxy(Arrays.asList("localhost", "127.0.0.1"))
                            .withTrustedCa("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=")),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_ossku.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "location": "location1",
            "properties": {
                "addonProfiles": {},
                "agentPoolProfiles": [
                    {
                        "count": 3,
                        "enableNodePublicIP": True,
                        "mode": "System",
                        "name": "nodepool1",
                        "osSKU": "AzureLinux",
                        "osType": "Linux",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS2_v2",
                    }
                ],
                "autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
                "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
                "dnsPrefix": "dnsprefix1",
                "enablePodSecurityPolicy": True,
                "enableRBAC": True,
                "httpProxyConfig": {
                    "httpProxy": "http://myproxy.server.com:8080",
                    "httpsProxy": "https://myproxy.server.com:8080",
                    "noProxy": ["localhost", "127.0.0.1"],
                    "trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
                },
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
                    "loadBalancerSku": "standard",
                    "outboundType": "loadBalancer",
                },
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_OSSKU.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_OSSKU.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithOssku() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type:               to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					Count:              to.Ptr[int32](3),
					EnableNodePublicIP: to.Ptr(true),
					Mode:               to.Ptr(armcontainerservice.AgentPoolModeSystem),
					OSSKU:              to.Ptr(armcontainerservice.OSSKUAzureLinux),
					OSType:             to.Ptr(armcontainerservice.OSTypeLinux),
					VMSize:             to.Ptr("Standard_DS2_v2"),
					Name:               to.Ptr("nodepool1"),
				}},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				ScaleDownDelayAfterAdd: to.Ptr("15m"),
				ScanInterval:           to.Ptr("20s"),
			},
			DiskEncryptionSetID:     to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
			DNSPrefix:               to.Ptr("dnsprefix1"),
			EnablePodSecurityPolicy: to.Ptr(true),
			EnableRBAC:              to.Ptr(true),
			HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
				HTTPProxy:  to.Ptr("http://myproxy.server.com:8080"),
				HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
				NoProxy: []*string{
					to.Ptr("localhost"),
					to.Ptr("127.0.0.1")},
				TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
			},
			KubernetesVersion: to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
						Count: to.Ptr[int32](2),
					},
				},
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				Count: to.Ptr[int32](3),
	// 				CurrentOrchestratorVersion: to.Ptr("1.9.6"),
	// 				EnableNodePublicIP: to.Ptr(true),
	// 				MaxPods: to.Ptr[int32](110),
	// 				Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 				NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 				OrchestratorVersion: to.Ptr("1.9.6"),
	// 				OSSKU: to.Ptr(armcontainerservice.OSSKUAzureLinux),
	// 				OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 				ProvisioningState: to.Ptr("Succeeded"),
	// 				VMSize: to.Ptr("Standard_DS2_v2"),
	// 				Name: to.Ptr("nodepool1"),
	// 		}},
	// 		AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 			ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 			ScanInterval: to.Ptr("20s"),
	// 		},
	// 		CurrentKubernetesVersion: to.Ptr("1.9.6"),
	// 		DiskEncryptionSetID: to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
	// 		DNSPrefix: to.Ptr("dnsprefix1"),
	// 		EnablePodSecurityPolicy: to.Ptr(true),
	// 		EnableRBAC: to.Ptr(true),
	// 		Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
	// 		HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
	// 			HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
	// 			HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
	// 			NoProxy: []*string{
	// 				to.Ptr("localhost"),
	// 				to.Ptr("127.0.0.1")},
	// 				TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
	// 			},
	// 			KubernetesVersion: to.Ptr("1.9.6"),
	// 			LinuxProfile: &armcontainerservice.LinuxProfile{
	// 				AdminUsername: to.Ptr("azureuser"),
	// 				SSH: &armcontainerservice.SSHConfiguration{
	// 					PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 						{
	// 							KeyData: to.Ptr("keydata"),
	// 					}},
	// 				},
	// 			},
	// 			MaxAgentPools: to.Ptr[int32](1),
	// 			NetworkProfile: &armcontainerservice.NetworkProfile{
	// 				DNSServiceIP: to.Ptr("10.0.0.10"),
	// 				IPFamilies: []*armcontainerservice.IPFamily{
	// 					to.Ptr(armcontainerservice.IPFamilyIPv4)},
	// 					LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
	// 						AllocatedOutboundPorts: to.Ptr[int32](2000),
	// 						EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 							{
	// 								ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 							},
	// 							{
	// 								ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 						}},
	// 						IdleTimeoutInMinutes: to.Ptr[int32](10),
	// 						ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
	// 							Count: to.Ptr[int32](2),
	// 						},
	// 					},
	// 					LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 					NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 					OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
	// 					PodCidr: to.Ptr("10.244.0.0/16"),
	// 					PodCidrs: []*string{
	// 						to.Ptr("10.244.0.0/16")},
	// 						ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 						ServiceCidrs: []*string{
	// 							to.Ptr("10.0.0.0/16")},
	// 						},
	// 						NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 						ProvisioningState: to.Ptr("Succeeded"),
	// 						ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 							ClientID: to.Ptr("clientid"),
	// 						},
	// 						WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 							AdminUsername: to.Ptr("azureuser"),
	// 						},
	// 					},
	// 				}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_OSSKU.json
 */
async function createManagedClusterWithOssku() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    addonProfiles: {},
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        count: 3,
        enableNodePublicIP: true,
        mode: "System",
        osSKU: "AzureLinux",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
      },
    ],
    autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
    diskEncryptionSetID:
      "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    dnsPrefix: "dnsprefix1",
    enablePodSecurityPolicy: true,
    enableRbac: true,
    httpProxyConfig: {
      httpProxy: "http://myproxy.server.com:8080",
      httpsProxy: "https://myproxy.server.com:8080",
      noProxy: ["localhost", "127.0.0.1"],
      trustedCa: "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
    },
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
      loadBalancerSku: "standard",
      outboundType: "loadBalancer",
    },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "osSKU": "AzureLinux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "httpProxyConfig": {
      "httpProxy": "http://myproxy.server.com:8080",
      "httpsProxy": "https://myproxy.server.com:8080",
      "noProxy": [
        "localhost",
        "127.0.0.1"
      ],
      "trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
    }
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "osSKU": "AzureLinux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "httpProxyConfig": {
      "httpProxy": "http://myproxy.server.com:8080",
      "httpsProxy": "https://myproxy.server.com:8080",
      "noProxy": [
        "localhost",
        "127.0.0.1"
      ],
      "trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
    }
  }
}

Create Managed Cluster with PodIdentity enabled

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "podIdentityProfile": {
      "enabled": true,
      "allowNetworkPluginKubenet": true
    }
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPodIdentityProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_PodIdentity.json
     */
    /**
     * Sample code: Create Managed Cluster with PodIdentity enabled.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createManagedClusterWithPodIdentityEnabled(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS2_v2")
                                    .withOsType(OSType.LINUX)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withEnableNodePublicIp(true)
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder"))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(mapOf())
                    .withPodIdentityProfile(
                        new ManagedClusterPodIdentityProfile().withEnabled(true).withAllowNetworkPluginKubenet(true))
                    .withEnableRbac(true)
                    .withEnablePodSecurityPolicy(true)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.LOAD_BALANCER)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withLoadBalancerProfile(
                                new ManagedClusterLoadBalancerProfile()
                                    .withManagedOutboundIPs(
                                        new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m"))
                    .withDiskEncryptionSetId(
                        "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_pod_identity.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "location": "location1",
            "properties": {
                "addonProfiles": {},
                "agentPoolProfiles": [
                    {
                        "count": 3,
                        "enableNodePublicIP": True,
                        "mode": "System",
                        "name": "nodepool1",
                        "osType": "Linux",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS2_v2",
                    }
                ],
                "autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
                "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
                "dnsPrefix": "dnsprefix1",
                "enablePodSecurityPolicy": True,
                "enableRBAC": True,
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
                    "loadBalancerSku": "standard",
                    "outboundType": "loadBalancer",
                },
                "podIdentityProfile": {"allowNetworkPluginKubenet": True, "enabled": True},
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_PodIdentity.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_PodIdentity.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithPodIdentityEnabled() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type:               to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					Count:              to.Ptr[int32](3),
					EnableNodePublicIP: to.Ptr(true),
					Mode:               to.Ptr(armcontainerservice.AgentPoolModeSystem),
					OSType:             to.Ptr(armcontainerservice.OSTypeLinux),
					VMSize:             to.Ptr("Standard_DS2_v2"),
					Name:               to.Ptr("nodepool1"),
				}},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				ScaleDownDelayAfterAdd: to.Ptr("15m"),
				ScanInterval:           to.Ptr("20s"),
			},
			DiskEncryptionSetID:     to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
			DNSPrefix:               to.Ptr("dnsprefix1"),
			EnablePodSecurityPolicy: to.Ptr(true),
			EnableRBAC:              to.Ptr(true),
			KubernetesVersion:       to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
						Count: to.Ptr[int32](2),
					},
				},
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
			},
			PodIdentityProfile: &armcontainerservice.ManagedClusterPodIdentityProfile{
				AllowNetworkPluginKubenet: to.Ptr(true),
				Enabled:                   to.Ptr(true),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				Count: to.Ptr[int32](3),
	// 				CurrentOrchestratorVersion: to.Ptr("1.9.6"),
	// 				EnableNodePublicIP: to.Ptr(true),
	// 				MaxPods: to.Ptr[int32](110),
	// 				Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 				NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 				OrchestratorVersion: to.Ptr("1.9.6"),
	// 				OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 				ProvisioningState: to.Ptr("Succeeded"),
	// 				VMSize: to.Ptr("Standard_DS2_v2"),
	// 				Name: to.Ptr("nodepool1"),
	// 		}},
	// 		AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 			ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 			ScanInterval: to.Ptr("20s"),
	// 		},
	// 		CurrentKubernetesVersion: to.Ptr("1.9.6"),
	// 		DiskEncryptionSetID: to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
	// 		DNSPrefix: to.Ptr("dnsprefix1"),
	// 		EnablePodSecurityPolicy: to.Ptr(true),
	// 		EnableRBAC: to.Ptr(true),
	// 		Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
	// 		KubernetesVersion: to.Ptr("1.9.6"),
	// 		LinuxProfile: &armcontainerservice.LinuxProfile{
	// 			AdminUsername: to.Ptr("azureuser"),
	// 			SSH: &armcontainerservice.SSHConfiguration{
	// 				PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 					{
	// 						KeyData: to.Ptr("keydata"),
	// 				}},
	// 			},
	// 		},
	// 		MaxAgentPools: to.Ptr[int32](1),
	// 		NetworkProfile: &armcontainerservice.NetworkProfile{
	// 			DNSServiceIP: to.Ptr("10.0.0.10"),
	// 			IPFamilies: []*armcontainerservice.IPFamily{
	// 				to.Ptr(armcontainerservice.IPFamilyIPv4)},
	// 				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
	// 					AllocatedOutboundPorts: to.Ptr[int32](2000),
	// 					EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 						},
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 					}},
	// 					IdleTimeoutInMinutes: to.Ptr[int32](10),
	// 					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
	// 						Count: to.Ptr[int32](2),
	// 					},
	// 				},
	// 				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 				NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 				OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
	// 				PodCidr: to.Ptr("10.244.0.0/16"),
	// 				PodCidrs: []*string{
	// 					to.Ptr("10.244.0.0/16")},
	// 					ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 					ServiceCidrs: []*string{
	// 						to.Ptr("10.0.0.0/16")},
	// 					},
	// 					NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 					PodIdentityProfile: &armcontainerservice.ManagedClusterPodIdentityProfile{
	// 						AllowNetworkPluginKubenet: to.Ptr(true),
	// 						Enabled: to.Ptr(true),
	// 					},
	// 					ProvisioningState: to.Ptr("Succeeded"),
	// 					ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 						ClientID: to.Ptr("clientid"),
	// 					},
	// 					WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 						AdminUsername: to.Ptr("azureuser"),
	// 					},
	// 				},
	// 			}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_PodIdentity.json
 */
async function createManagedClusterWithPodIdentityEnabled() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    addonProfiles: {},
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        count: 3,
        enableNodePublicIP: true,
        mode: "System",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
      },
    ],
    autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
    diskEncryptionSetID:
      "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    dnsPrefix: "dnsprefix1",
    enablePodSecurityPolicy: true,
    enableRbac: true,
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
      loadBalancerSku: "standard",
      outboundType: "loadBalancer",
    },
    podIdentityProfile: { allowNetworkPluginKubenet: true, enabled: true },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "podIdentityProfile": {
      "enabled": true,
      "allowNetworkPluginKubenet": true
    }
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "podIdentityProfile": {
      "enabled": true,
      "allowNetworkPluginKubenet": true
    }
  }
}

Create Managed Cluster with PPG

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "proximityPlacementGroupID": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_PPG.json
     */
    /**
     * Sample code: Create Managed Cluster with PPG.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createManagedClusterWithPPG(com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS2_v2")
                                    .withOsType(OSType.LINUX)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withEnableNodePublicIp(true)
                                    .withProximityPlacementGroupId(
                                        "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1")
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder"))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(mapOf())
                    .withEnableRbac(true)
                    .withEnablePodSecurityPolicy(true)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.LOAD_BALANCER)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withLoadBalancerProfile(
                                new ManagedClusterLoadBalancerProfile()
                                    .withManagedOutboundIPs(
                                        new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m"))
                    .withDiskEncryptionSetId(
                        "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_ppg.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "location": "location1",
            "properties": {
                "addonProfiles": {},
                "agentPoolProfiles": [
                    {
                        "count": 3,
                        "enableNodePublicIP": True,
                        "mode": "System",
                        "name": "nodepool1",
                        "osType": "Linux",
                        "proximityPlacementGroupID": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS2_v2",
                    }
                ],
                "autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
                "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
                "dnsPrefix": "dnsprefix1",
                "enablePodSecurityPolicy": True,
                "enableRBAC": True,
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
                    "loadBalancerSku": "standard",
                    "outboundType": "loadBalancer",
                },
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_PPG.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_PPG.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithPpg() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type:                      to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					Count:                     to.Ptr[int32](3),
					EnableNodePublicIP:        to.Ptr(true),
					Mode:                      to.Ptr(armcontainerservice.AgentPoolModeSystem),
					OSType:                    to.Ptr(armcontainerservice.OSTypeLinux),
					ProximityPlacementGroupID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1"),
					VMSize:                    to.Ptr("Standard_DS2_v2"),
					Name:                      to.Ptr("nodepool1"),
				}},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				ScaleDownDelayAfterAdd: to.Ptr("15m"),
				ScanInterval:           to.Ptr("20s"),
			},
			DiskEncryptionSetID:     to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
			DNSPrefix:               to.Ptr("dnsprefix1"),
			EnablePodSecurityPolicy: to.Ptr(true),
			EnableRBAC:              to.Ptr(true),
			KubernetesVersion:       to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
						Count: to.Ptr[int32](2),
					},
				},
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				Count: to.Ptr[int32](3),
	// 				CurrentOrchestratorVersion: to.Ptr("1.9.6"),
	// 				EnableNodePublicIP: to.Ptr(true),
	// 				MaxPods: to.Ptr[int32](110),
	// 				Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 				NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 				OrchestratorVersion: to.Ptr("1.9.6"),
	// 				OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 				ProvisioningState: to.Ptr("Succeeded"),
	// 				ProximityPlacementGroupID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1"),
	// 				VMSize: to.Ptr("Standard_DS2_v2"),
	// 				Name: to.Ptr("nodepool1"),
	// 		}},
	// 		AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 			ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 			ScanInterval: to.Ptr("20s"),
	// 		},
	// 		CurrentKubernetesVersion: to.Ptr("1.9.6"),
	// 		DiskEncryptionSetID: to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
	// 		DNSPrefix: to.Ptr("dnsprefix1"),
	// 		EnablePodSecurityPolicy: to.Ptr(true),
	// 		EnableRBAC: to.Ptr(true),
	// 		Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
	// 		KubernetesVersion: to.Ptr("1.9.6"),
	// 		LinuxProfile: &armcontainerservice.LinuxProfile{
	// 			AdminUsername: to.Ptr("azureuser"),
	// 			SSH: &armcontainerservice.SSHConfiguration{
	// 				PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 					{
	// 						KeyData: to.Ptr("keydata"),
	// 				}},
	// 			},
	// 		},
	// 		MaxAgentPools: to.Ptr[int32](1),
	// 		NetworkProfile: &armcontainerservice.NetworkProfile{
	// 			DNSServiceIP: to.Ptr("10.0.0.10"),
	// 			IPFamilies: []*armcontainerservice.IPFamily{
	// 				to.Ptr(armcontainerservice.IPFamilyIPv4)},
	// 				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
	// 					AllocatedOutboundPorts: to.Ptr[int32](2000),
	// 					EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 						},
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 					}},
	// 					IdleTimeoutInMinutes: to.Ptr[int32](10),
	// 					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
	// 						Count: to.Ptr[int32](2),
	// 					},
	// 				},
	// 				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 				NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 				OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
	// 				PodCidr: to.Ptr("10.244.0.0/16"),
	// 				PodCidrs: []*string{
	// 					to.Ptr("10.244.0.0/16")},
	// 					ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 					ServiceCidrs: []*string{
	// 						to.Ptr("10.0.0.0/16")},
	// 					},
	// 					NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 					ProvisioningState: to.Ptr("Succeeded"),
	// 					ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 						ClientID: to.Ptr("clientid"),
	// 					},
	// 					WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 						AdminUsername: to.Ptr("azureuser"),
	// 					},
	// 				},
	// 			}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_PPG.json
 */
async function createManagedClusterWithPpg() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    addonProfiles: {},
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        count: 3,
        enableNodePublicIP: true,
        mode: "System",
        osType: "Linux",
        proximityPlacementGroupID:
          "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1",
        vmSize: "Standard_DS2_v2",
      },
    ],
    autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
    diskEncryptionSetID:
      "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    dnsPrefix: "dnsprefix1",
    enablePodSecurityPolicy: true,
    enableRbac: true,
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
      loadBalancerSku: "standard",
      outboundType: "loadBalancer",
    },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
        "proximityPlacementGroupID": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "proximityPlacementGroupID": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create Managed Cluster with RunCommand disabled

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "apiServerAccessProfile": {
      "disableRunCommand": true
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "enablePodSecurityPolicy": true
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterApiServerAccessProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_DisableRunCommand.json
     */
    /**
     * Sample code: Create Managed Cluster with RunCommand disabled.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createManagedClusterWithRunCommandDisabled(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS2_v2")
                                    .withOsType(OSType.LINUX)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withEnableNodePublicIp(true)
                                    .withEnableEncryptionAtHost(true)
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder"))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(mapOf())
                    .withEnableRbac(true)
                    .withEnablePodSecurityPolicy(true)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.LOAD_BALANCER)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withLoadBalancerProfile(
                                new ManagedClusterLoadBalancerProfile()
                                    .withManagedOutboundIPs(
                                        new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m"))
                    .withApiServerAccessProfile(new ManagedClusterApiServerAccessProfile().withDisableRunCommand(true)),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_disable_run_command.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "location": "location1",
            "properties": {
                "addonProfiles": {},
                "agentPoolProfiles": [
                    {
                        "count": 3,
                        "enableEncryptionAtHost": True,
                        "enableNodePublicIP": True,
                        "mode": "System",
                        "name": "nodepool1",
                        "osType": "Linux",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS2_v2",
                    }
                ],
                "apiServerAccessProfile": {"disableRunCommand": True},
                "autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
                "dnsPrefix": "dnsprefix1",
                "enablePodSecurityPolicy": True,
                "enableRBAC": True,
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
                    "loadBalancerSku": "standard",
                    "outboundType": "loadBalancer",
                },
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_DisableRunCommand.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_DisableRunCommand.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithRunCommandDisabled() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type:                   to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					Count:                  to.Ptr[int32](3),
					EnableEncryptionAtHost: to.Ptr(true),
					EnableNodePublicIP:     to.Ptr(true),
					Mode:                   to.Ptr(armcontainerservice.AgentPoolModeSystem),
					OSType:                 to.Ptr(armcontainerservice.OSTypeLinux),
					VMSize:                 to.Ptr("Standard_DS2_v2"),
					Name:                   to.Ptr("nodepool1"),
				}},
			APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
				DisableRunCommand: to.Ptr(true),
			},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				ScaleDownDelayAfterAdd: to.Ptr("15m"),
				ScanInterval:           to.Ptr("20s"),
			},
			DNSPrefix:               to.Ptr("dnsprefix1"),
			EnablePodSecurityPolicy: to.Ptr(true),
			EnableRBAC:              to.Ptr(true),
			KubernetesVersion:       to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
						Count: to.Ptr[int32](2),
					},
				},
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				Count: to.Ptr[int32](3),
	// 				CurrentOrchestratorVersion: to.Ptr("1.9.6"),
	// 				EnableEncryptionAtHost: to.Ptr(true),
	// 				EnableNodePublicIP: to.Ptr(true),
	// 				MaxPods: to.Ptr[int32](110),
	// 				Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 				NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 				OrchestratorVersion: to.Ptr("1.9.6"),
	// 				OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 				ProvisioningState: to.Ptr("Succeeded"),
	// 				VMSize: to.Ptr("Standard_DS2_v2"),
	// 				Name: to.Ptr("nodepool1"),
	// 		}},
	// 		APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
	// 			DisableRunCommand: to.Ptr(true),
	// 		},
	// 		AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 			ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 			ScanInterval: to.Ptr("20s"),
	// 		},
	// 		CurrentKubernetesVersion: to.Ptr("1.9.6"),
	// 		DNSPrefix: to.Ptr("dnsprefix1"),
	// 		EnablePodSecurityPolicy: to.Ptr(true),
	// 		EnableRBAC: to.Ptr(true),
	// 		Fqdn: to.Ptr("dnsprefix1-ee788a1f.hcp.location1.azmk8s.io"),
	// 		KubernetesVersion: to.Ptr("1.9.6"),
	// 		LinuxProfile: &armcontainerservice.LinuxProfile{
	// 			AdminUsername: to.Ptr("azureuser"),
	// 			SSH: &armcontainerservice.SSHConfiguration{
	// 				PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 					{
	// 						KeyData: to.Ptr("keydata"),
	// 				}},
	// 			},
	// 		},
	// 		MaxAgentPools: to.Ptr[int32](1),
	// 		NetworkProfile: &armcontainerservice.NetworkProfile{
	// 			DNSServiceIP: to.Ptr("10.0.0.10"),
	// 			IPFamilies: []*armcontainerservice.IPFamily{
	// 				to.Ptr(armcontainerservice.IPFamilyIPv4)},
	// 				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
	// 					AllocatedOutboundPorts: to.Ptr[int32](2000),
	// 					EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 						},
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 					}},
	// 					IdleTimeoutInMinutes: to.Ptr[int32](10),
	// 					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
	// 						Count: to.Ptr[int32](2),
	// 					},
	// 				},
	// 				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 				NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 				OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
	// 				PodCidr: to.Ptr("10.244.0.0/16"),
	// 				PodCidrs: []*string{
	// 					to.Ptr("10.244.0.0/16")},
	// 					ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 					ServiceCidrs: []*string{
	// 						to.Ptr("10.0.0.0/16")},
	// 					},
	// 					NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 					PrivateFQDN: to.Ptr("dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io"),
	// 					ProvisioningState: to.Ptr("Succeeded"),
	// 					ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 						ClientID: to.Ptr("clientid"),
	// 					},
	// 					SupportPlan: to.Ptr(armcontainerservice.KubernetesSupportPlanKubernetesOfficial),
	// 					WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 						AdminUsername: to.Ptr("azureuser"),
	// 					},
	// 				},
	// 			}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_DisableRunCommand.json
 */
async function createManagedClusterWithRunCommandDisabled() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    addonProfiles: {},
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        count: 3,
        enableEncryptionAtHost: true,
        enableNodePublicIP: true,
        mode: "System",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
      },
    ],
    apiServerAccessProfile: { disableRunCommand: true },
    autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
    dnsPrefix: "dnsprefix1",
    enablePodSecurityPolicy: true,
    enableRbac: true,
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
      loadBalancerSku: "standard",
      outboundType: "loadBalancer",
    },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "apiServerAccessProfile": {
      "disableRunCommand": true
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
    "privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "supportPlan": "KubernetesOfficial"
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "apiServerAccessProfile": {
      "disableRunCommand": true
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
    "privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "supportPlan": "KubernetesOfficial"
  }
}

Create Managed Cluster with Security Profile configured

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "securityProfile": {
      "defender": {
        "logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
        "securityMonitoring": {
          "enabled": true
        }
      },
      "workloadIdentity": {
        "enabled": true
      }
    }
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfileDefender;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfileDefenderSecurityMonitoring;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfileWorkloadIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_SecurityProfile.json
     */
    /**
     * Sample code: Create Managed Cluster with Security Profile configured.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createManagedClusterWithSecurityProfileConfigured(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS2_v2")
                                    .withOsType(OSType.LINUX)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withEnableNodePublicIp(true)
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.LOAD_BALANCER)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withLoadBalancerProfile(
                                new ManagedClusterLoadBalancerProfile()
                                    .withManagedOutboundIPs(
                                        new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
                    .withSecurityProfile(
                        new ManagedClusterSecurityProfile()
                            .withDefender(
                                new ManagedClusterSecurityProfileDefender()
                                    .withLogAnalyticsWorkspaceResourceId(
                                        "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME")
                                    .withSecurityMonitoring(
                                        new ManagedClusterSecurityProfileDefenderSecurityMonitoring()
                                            .withEnabled(true)))
                            .withWorkloadIdentity(
                                new ManagedClusterSecurityProfileWorkloadIdentity().withEnabled(true))),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_security_profile.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "location": "location1",
            "properties": {
                "agentPoolProfiles": [
                    {
                        "count": 3,
                        "enableNodePublicIP": True,
                        "mode": "System",
                        "name": "nodepool1",
                        "osType": "Linux",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS2_v2",
                    }
                ],
                "dnsPrefix": "dnsprefix1",
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
                    "loadBalancerSku": "standard",
                    "outboundType": "loadBalancer",
                },
                "securityProfile": {
                    "defender": {
                        "logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
                        "securityMonitoring": {"enabled": True},
                    },
                    "workloadIdentity": {"enabled": True},
                },
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_SecurityProfile.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_SecurityProfile.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithSecurityProfileConfigured() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type:               to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					Count:              to.Ptr[int32](3),
					EnableNodePublicIP: to.Ptr(true),
					Mode:               to.Ptr(armcontainerservice.AgentPoolModeSystem),
					OSType:             to.Ptr(armcontainerservice.OSTypeLinux),
					VMSize:             to.Ptr("Standard_DS2_v2"),
					Name:               to.Ptr("nodepool1"),
				}},
			DNSPrefix:         to.Ptr("dnsprefix1"),
			KubernetesVersion: to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
						Count: to.Ptr[int32](2),
					},
				},
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
			},
			SecurityProfile: &armcontainerservice.ManagedClusterSecurityProfile{
				Defender: &armcontainerservice.ManagedClusterSecurityProfileDefender{
					LogAnalyticsWorkspaceResourceID: to.Ptr("/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME"),
					SecurityMonitoring: &armcontainerservice.ManagedClusterSecurityProfileDefenderSecurityMonitoring{
						Enabled: to.Ptr(true),
					},
				},
				WorkloadIdentity: &armcontainerservice.ManagedClusterSecurityProfileWorkloadIdentity{
					Enabled: to.Ptr(true),
				},
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				Count: to.Ptr[int32](3),
	// 				CurrentOrchestratorVersion: to.Ptr("1.9.6"),
	// 				EnableNodePublicIP: to.Ptr(true),
	// 				MaxPods: to.Ptr[int32](110),
	// 				Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 				NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 				OrchestratorVersion: to.Ptr("1.9.6"),
	// 				OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 				ProvisioningState: to.Ptr("Succeeded"),
	// 				VMSize: to.Ptr("Standard_DS2_v2"),
	// 				Name: to.Ptr("nodepool1"),
	// 		}},
	// 		CurrentKubernetesVersion: to.Ptr("1.9.6"),
	// 		DiskEncryptionSetID: to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
	// 		DNSPrefix: to.Ptr("dnsprefix1"),
	// 		EnablePodSecurityPolicy: to.Ptr(true),
	// 		EnableRBAC: to.Ptr(true),
	// 		Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
	// 		KubernetesVersion: to.Ptr("1.9.6"),
	// 		LinuxProfile: &armcontainerservice.LinuxProfile{
	// 			AdminUsername: to.Ptr("azureuser"),
	// 			SSH: &armcontainerservice.SSHConfiguration{
	// 				PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 					{
	// 						KeyData: to.Ptr("keydata"),
	// 				}},
	// 			},
	// 		},
	// 		MaxAgentPools: to.Ptr[int32](1),
	// 		NetworkProfile: &armcontainerservice.NetworkProfile{
	// 			DNSServiceIP: to.Ptr("10.0.0.10"),
	// 			IPFamilies: []*armcontainerservice.IPFamily{
	// 				to.Ptr(armcontainerservice.IPFamilyIPv4)},
	// 				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
	// 					AllocatedOutboundPorts: to.Ptr[int32](2000),
	// 					EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 						},
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 					}},
	// 					IdleTimeoutInMinutes: to.Ptr[int32](10),
	// 					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
	// 						Count: to.Ptr[int32](2),
	// 					},
	// 				},
	// 				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 				NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 				OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
	// 				PodCidr: to.Ptr("10.244.0.0/16"),
	// 				PodCidrs: []*string{
	// 					to.Ptr("10.244.0.0/16")},
	// 					ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 					ServiceCidrs: []*string{
	// 						to.Ptr("10.0.0.0/16")},
	// 					},
	// 					NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 					ProvisioningState: to.Ptr("Succeeded"),
	// 					SecurityProfile: &armcontainerservice.ManagedClusterSecurityProfile{
	// 						Defender: &armcontainerservice.ManagedClusterSecurityProfileDefender{
	// 							LogAnalyticsWorkspaceResourceID: to.Ptr("/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME"),
	// 							SecurityMonitoring: &armcontainerservice.ManagedClusterSecurityProfileDefenderSecurityMonitoring{
	// 								Enabled: to.Ptr(true),
	// 							},
	// 						},
	// 						WorkloadIdentity: &armcontainerservice.ManagedClusterSecurityProfileWorkloadIdentity{
	// 							Enabled: to.Ptr(true),
	// 						},
	// 					},
	// 					ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 						ClientID: to.Ptr("clientid"),
	// 					},
	// 					WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 						AdminUsername: to.Ptr("azureuser"),
	// 					},
	// 				},
	// 			}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_SecurityProfile.json
 */
async function createManagedClusterWithSecurityProfileConfigured() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        count: 3,
        enableNodePublicIP: true,
        mode: "System",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
      },
    ],
    dnsPrefix: "dnsprefix1",
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
      loadBalancerSku: "standard",
      outboundType: "loadBalancer",
    },
    securityProfile: {
      defender: {
        logAnalyticsWorkspaceResourceId:
          "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
        securityMonitoring: { enabled: true },
      },
      workloadIdentity: { enabled: true },
    },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "securityProfile": {
      "defender": {
        "logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
        "securityMonitoring": {
          "enabled": true
        }
      },
      "workloadIdentity": {
        "enabled": true
      }
    }
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "securityProfile": {
      "defender": {
        "logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
        "securityMonitoring": {
          "enabled": true
        }
      },
      "workloadIdentity": {
        "enabled": true
      }
    }
  }
}

Create Managed Cluster with UltraSSD enabled

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableUltraSSD": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_EnableUltraSSD.json
     */
    /**
     * Sample code: Create Managed Cluster with UltraSSD enabled.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createManagedClusterWithUltraSSDEnabled(com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS2_v2")
                                    .withOsType(OSType.LINUX)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withEnableNodePublicIp(true)
                                    .withEnableUltraSsd(true)
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder"))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(mapOf())
                    .withEnableRbac(true)
                    .withEnablePodSecurityPolicy(true)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.LOAD_BALANCER)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withLoadBalancerProfile(
                                new ManagedClusterLoadBalancerProfile()
                                    .withManagedOutboundIPs(
                                        new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m"))
                    .withDiskEncryptionSetId(
                        "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_enable_ultra_ssd.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "location": "location1",
            "properties": {
                "addonProfiles": {},
                "agentPoolProfiles": [
                    {
                        "count": 3,
                        "enableNodePublicIP": True,
                        "enableUltraSSD": True,
                        "mode": "System",
                        "name": "nodepool1",
                        "osType": "Linux",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS2_v2",
                    }
                ],
                "autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
                "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
                "dnsPrefix": "dnsprefix1",
                "enablePodSecurityPolicy": True,
                "enableRBAC": True,
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
                    "loadBalancerSku": "standard",
                    "outboundType": "loadBalancer",
                },
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_EnableUltraSSD.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_EnableUltraSSD.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithUltraSsdEnabled() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type:               to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					Count:              to.Ptr[int32](3),
					EnableNodePublicIP: to.Ptr(true),
					EnableUltraSSD:     to.Ptr(true),
					Mode:               to.Ptr(armcontainerservice.AgentPoolModeSystem),
					OSType:             to.Ptr(armcontainerservice.OSTypeLinux),
					VMSize:             to.Ptr("Standard_DS2_v2"),
					Name:               to.Ptr("nodepool1"),
				}},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				ScaleDownDelayAfterAdd: to.Ptr("15m"),
				ScanInterval:           to.Ptr("20s"),
			},
			DiskEncryptionSetID:     to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
			DNSPrefix:               to.Ptr("dnsprefix1"),
			EnablePodSecurityPolicy: to.Ptr(true),
			EnableRBAC:              to.Ptr(true),
			KubernetesVersion:       to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
						Count: to.Ptr[int32](2),
					},
				},
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				Count: to.Ptr[int32](3),
	// 				CurrentOrchestratorVersion: to.Ptr("1.9.6"),
	// 				EnableNodePublicIP: to.Ptr(true),
	// 				EnableUltraSSD: to.Ptr(true),
	// 				MaxPods: to.Ptr[int32](110),
	// 				Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 				NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 				OrchestratorVersion: to.Ptr("1.9.6"),
	// 				OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 				ProvisioningState: to.Ptr("Succeeded"),
	// 				VMSize: to.Ptr("Standard_DS2_v2"),
	// 				Name: to.Ptr("nodepool1"),
	// 		}},
	// 		AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 			ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 			ScanInterval: to.Ptr("20s"),
	// 		},
	// 		CurrentKubernetesVersion: to.Ptr("1.9.6"),
	// 		DiskEncryptionSetID: to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
	// 		DNSPrefix: to.Ptr("dnsprefix1"),
	// 		EnablePodSecurityPolicy: to.Ptr(true),
	// 		EnableRBAC: to.Ptr(true),
	// 		Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
	// 		KubernetesVersion: to.Ptr("1.9.6"),
	// 		LinuxProfile: &armcontainerservice.LinuxProfile{
	// 			AdminUsername: to.Ptr("azureuser"),
	// 			SSH: &armcontainerservice.SSHConfiguration{
	// 				PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 					{
	// 						KeyData: to.Ptr("keydata"),
	// 				}},
	// 			},
	// 		},
	// 		MaxAgentPools: to.Ptr[int32](1),
	// 		NetworkProfile: &armcontainerservice.NetworkProfile{
	// 			DNSServiceIP: to.Ptr("10.0.0.10"),
	// 			IPFamilies: []*armcontainerservice.IPFamily{
	// 				to.Ptr(armcontainerservice.IPFamilyIPv4)},
	// 				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
	// 					AllocatedOutboundPorts: to.Ptr[int32](2000),
	// 					EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 						},
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 					}},
	// 					IdleTimeoutInMinutes: to.Ptr[int32](10),
	// 					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
	// 						Count: to.Ptr[int32](2),
	// 					},
	// 				},
	// 				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 				NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 				OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
	// 				PodCidr: to.Ptr("10.244.0.0/16"),
	// 				PodCidrs: []*string{
	// 					to.Ptr("10.244.0.0/16")},
	// 					ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 					ServiceCidrs: []*string{
	// 						to.Ptr("10.0.0.0/16")},
	// 					},
	// 					NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 					ProvisioningState: to.Ptr("Succeeded"),
	// 					ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 						ClientID: to.Ptr("clientid"),
	// 					},
	// 					WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 						AdminUsername: to.Ptr("azureuser"),
	// 					},
	// 				},
	// 			}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_EnableUltraSSD.json
 */
async function createManagedClusterWithUltraSsdEnabled() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    addonProfiles: {},
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        count: 3,
        enableNodePublicIP: true,
        enableUltraSSD: true,
        mode: "System",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
      },
    ],
    autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
    diskEncryptionSetID:
      "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    dnsPrefix: "dnsprefix1",
    enablePodSecurityPolicy: true,
    enableRbac: true,
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
      loadBalancerSku: "standard",
      outboundType: "loadBalancer",
    },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
        "enableUltraSSD": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableUltraSSD": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create Managed Cluster with user-assigned NAT gateway as outbound type

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": false,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "userAssignedNATGateway"
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_UserAssignedNATGateway.json
     */
    /**
     * Sample code: Create Managed Cluster with user-assigned NAT gateway as outbound type.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createManagedClusterWithUserAssignedNATGatewayAsOutboundType(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS2_v2")
                                    .withOsType(OSType.LINUX)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withEnableNodePublicIp(false)
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder"))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(mapOf())
                    .withEnableRbac(true)
                    .withEnablePodSecurityPolicy(true)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.USER_ASSIGNED_NATGATEWAY)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m"))
                    .withDiskEncryptionSetId(
                        "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_user_assigned_nat_gateway.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "location": "location1",
            "properties": {
                "addonProfiles": {},
                "agentPoolProfiles": [
                    {
                        "count": 3,
                        "enableNodePublicIP": False,
                        "mode": "System",
                        "name": "nodepool1",
                        "osType": "Linux",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS2_v2",
                    }
                ],
                "autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
                "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
                "dnsPrefix": "dnsprefix1",
                "enablePodSecurityPolicy": True,
                "enableRBAC": True,
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {"loadBalancerSku": "standard", "outboundType": "userAssignedNATGateway"},
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_UserAssignedNATGateway.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_UserAssignedNATGateway.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithUserAssignedNatGatewayAsOutboundType() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type:               to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					Count:              to.Ptr[int32](3),
					EnableNodePublicIP: to.Ptr(false),
					Mode:               to.Ptr(armcontainerservice.AgentPoolModeSystem),
					OSType:             to.Ptr(armcontainerservice.OSTypeLinux),
					VMSize:             to.Ptr("Standard_DS2_v2"),
					Name:               to.Ptr("nodepool1"),
				}},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				ScaleDownDelayAfterAdd: to.Ptr("15m"),
				ScanInterval:           to.Ptr("20s"),
			},
			DiskEncryptionSetID:     to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
			DNSPrefix:               to.Ptr("dnsprefix1"),
			EnablePodSecurityPolicy: to.Ptr(true),
			EnableRBAC:              to.Ptr(true),
			KubernetesVersion:       to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeUserAssignedNATGateway),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				Count: to.Ptr[int32](3),
	// 				CurrentOrchestratorVersion: to.Ptr("1.9.6"),
	// 				EnableNodePublicIP: to.Ptr(false),
	// 				MaxPods: to.Ptr[int32](110),
	// 				Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 				NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 				OrchestratorVersion: to.Ptr("1.9.6"),
	// 				OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 				ProvisioningState: to.Ptr("Succeeded"),
	// 				VMSize: to.Ptr("Standard_DS2_v2"),
	// 				Name: to.Ptr("nodepool1"),
	// 		}},
	// 		AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 			ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 			ScanInterval: to.Ptr("20s"),
	// 		},
	// 		CurrentKubernetesVersion: to.Ptr("1.9.6"),
	// 		DiskEncryptionSetID: to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
	// 		DNSPrefix: to.Ptr("dnsprefix1"),
	// 		EnablePodSecurityPolicy: to.Ptr(true),
	// 		EnableRBAC: to.Ptr(true),
	// 		Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
	// 		KubernetesVersion: to.Ptr("1.9.6"),
	// 		LinuxProfile: &armcontainerservice.LinuxProfile{
	// 			AdminUsername: to.Ptr("azureuser"),
	// 			SSH: &armcontainerservice.SSHConfiguration{
	// 				PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 					{
	// 						KeyData: to.Ptr("keydata"),
	// 				}},
	// 			},
	// 		},
	// 		MaxAgentPools: to.Ptr[int32](1),
	// 		NetworkProfile: &armcontainerservice.NetworkProfile{
	// 			DNSServiceIP: to.Ptr("10.0.0.10"),
	// 			LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 			NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 			OutboundType: to.Ptr(armcontainerservice.OutboundTypeUserAssignedNATGateway),
	// 			PodCidr: to.Ptr("10.244.0.0/16"),
	// 			ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 		},
	// 		NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 		ProvisioningState: to.Ptr("Succeeded"),
	// 		ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 			ClientID: to.Ptr("clientid"),
	// 		},
	// 		WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 			AdminUsername: to.Ptr("azureuser"),
	// 		},
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_UserAssignedNATGateway.json
 */
async function createManagedClusterWithUserAssignedNatGatewayAsOutboundType() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    addonProfiles: {},
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        count: 3,
        enableNodePublicIP: false,
        mode: "System",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
      },
    ],
    autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
    diskEncryptionSetID:
      "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    dnsPrefix: "dnsprefix1",
    enablePodSecurityPolicy: true,
    enableRbac: true,
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerSku: "standard",
      outboundType: "userAssignedNATGateway",
    },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": false,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "userAssignedNATGateway"
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": false,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "userAssignedNATGateway"
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create Managed Private Cluster with fqdn subdomain specified

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "fqdnSubdomain": "domain1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "apiServerAccessProfile": {
      "enablePrivateCluster": true,
      "privateDNSZone": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "enablePodSecurityPolicy": true
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterApiServerAccessProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_PrivateClusterFQDNSubdomain.json
     */
    /**
     * Sample code: Create Managed Private Cluster with fqdn subdomain specified.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createManagedPrivateClusterWithFqdnSubdomainSpecified(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withKubernetesVersion("")
                    .withFqdnSubdomain("domain1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS2_v2")
                                    .withOsType(OSType.LINUX)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withEnableNodePublicIp(true)
                                    .withEnableEncryptionAtHost(true)
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder"))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(mapOf())
                    .withEnableRbac(true)
                    .withEnablePodSecurityPolicy(true)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.LOAD_BALANCER)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withLoadBalancerProfile(
                                new ManagedClusterLoadBalancerProfile()
                                    .withManagedOutboundIPs(
                                        new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m"))
                    .withApiServerAccessProfile(
                        new ManagedClusterApiServerAccessProfile()
                            .withEnablePrivateCluster(true)
                            .withPrivateDnsZone(
                                "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io")),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_private_cluster_fqdn_subdomain.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "location": "location1",
            "properties": {
                "addonProfiles": {},
                "agentPoolProfiles": [
                    {
                        "count": 3,
                        "enableEncryptionAtHost": True,
                        "enableNodePublicIP": True,
                        "mode": "System",
                        "name": "nodepool1",
                        "osType": "Linux",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS2_v2",
                    }
                ],
                "apiServerAccessProfile": {
                    "enablePrivateCluster": True,
                    "privateDNSZone": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io",
                },
                "autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
                "enablePodSecurityPolicy": True,
                "enableRBAC": True,
                "fqdnSubdomain": "domain1",
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
                    "loadBalancerSku": "standard",
                    "outboundType": "loadBalancer",
                },
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_PrivateClusterFQDNSubdomain.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_PrivateClusterFQDNSubdomain.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedPrivateClusterWithFqdnSubdomainSpecified() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type:                   to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					Count:                  to.Ptr[int32](3),
					EnableEncryptionAtHost: to.Ptr(true),
					EnableNodePublicIP:     to.Ptr(true),
					Mode:                   to.Ptr(armcontainerservice.AgentPoolModeSystem),
					OSType:                 to.Ptr(armcontainerservice.OSTypeLinux),
					VMSize:                 to.Ptr("Standard_DS2_v2"),
					Name:                   to.Ptr("nodepool1"),
				}},
			APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
				EnablePrivateCluster: to.Ptr(true),
				PrivateDNSZone:       to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"),
			},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				ScaleDownDelayAfterAdd: to.Ptr("15m"),
				ScanInterval:           to.Ptr("20s"),
			},
			EnablePodSecurityPolicy: to.Ptr(true),
			EnableRBAC:              to.Ptr(true),
			FqdnSubdomain:           to.Ptr("domain1"),
			KubernetesVersion:       to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
						Count: to.Ptr[int32](2),
					},
				},
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				Count: to.Ptr[int32](3),
	// 				CurrentOrchestratorVersion: to.Ptr("1.9.6"),
	// 				EnableEncryptionAtHost: to.Ptr(true),
	// 				EnableNodePublicIP: to.Ptr(true),
	// 				MaxPods: to.Ptr[int32](110),
	// 				Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 				NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 				OrchestratorVersion: to.Ptr("1.9.6"),
	// 				OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 				ProvisioningState: to.Ptr("Succeeded"),
	// 				VMSize: to.Ptr("Standard_DS2_v2"),
	// 				Name: to.Ptr("nodepool1"),
	// 		}},
	// 		APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
	// 			EnablePrivateCluster: to.Ptr(true),
	// 			PrivateDNSZone: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"),
	// 		},
	// 		AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 			ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 			ScanInterval: to.Ptr("20s"),
	// 		},
	// 		CurrentKubernetesVersion: to.Ptr("1.9.6"),
	// 		EnablePodSecurityPolicy: to.Ptr(true),
	// 		EnableRBAC: to.Ptr(true),
	// 		FqdnSubdomain: to.Ptr("domain1"),
	// 		KubernetesVersion: to.Ptr("1.9.6"),
	// 		LinuxProfile: &armcontainerservice.LinuxProfile{
	// 			AdminUsername: to.Ptr("azureuser"),
	// 			SSH: &armcontainerservice.SSHConfiguration{
	// 				PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 					{
	// 						KeyData: to.Ptr("keydata"),
	// 				}},
	// 			},
	// 		},
	// 		MaxAgentPools: to.Ptr[int32](1),
	// 		NetworkProfile: &armcontainerservice.NetworkProfile{
	// 			DNSServiceIP: to.Ptr("10.0.0.10"),
	// 			IPFamilies: []*armcontainerservice.IPFamily{
	// 				to.Ptr(armcontainerservice.IPFamilyIPv4)},
	// 				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
	// 					AllocatedOutboundPorts: to.Ptr[int32](2000),
	// 					EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 						},
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 					}},
	// 					IdleTimeoutInMinutes: to.Ptr[int32](10),
	// 					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
	// 						Count: to.Ptr[int32](2),
	// 					},
	// 				},
	// 				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 				NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 				OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
	// 				PodCidr: to.Ptr("10.244.0.0/16"),
	// 				PodCidrs: []*string{
	// 					to.Ptr("10.244.0.0/16")},
	// 					ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 					ServiceCidrs: []*string{
	// 						to.Ptr("10.0.0.0/16")},
	// 					},
	// 					NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 					PrivateFQDN: to.Ptr("domain1.privatelink.location1.azmk8s.io"),
	// 					ProvisioningState: to.Ptr("Succeeded"),
	// 					ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 						ClientID: to.Ptr("clientid"),
	// 					},
	// 					WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 						AdminUsername: to.Ptr("azureuser"),
	// 					},
	// 				},
	// 			}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_PrivateClusterFQDNSubdomain.json
 */
async function createManagedPrivateClusterWithFqdnSubdomainSpecified() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    addonProfiles: {},
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        count: 3,
        enableEncryptionAtHost: true,
        enableNodePublicIP: true,
        mode: "System",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
      },
    ],
    apiServerAccessProfile: {
      enablePrivateCluster: true,
      privateDNSZone:
        "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io",
    },
    autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
    enablePodSecurityPolicy: true,
    enableRbac: true,
    fqdnSubdomain: "domain1",
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
      loadBalancerSku: "standard",
      outboundType: "loadBalancer",
    },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "fqdnSubdomain": "domain1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "apiServerAccessProfile": {
      "enablePrivateCluster": true,
      "privateDNSZone": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "enablePodSecurityPolicy": true,
    "privateFQDN": "domain1.privatelink.location1.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "fqdnSubdomain": "domain1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "apiServerAccessProfile": {
      "enablePrivateCluster": true,
      "privateDNSZone": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "privateFQDN": "domain1.privatelink.location1.azmk8s.io",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create Managed Private Cluster with Public FQDN specified

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "apiServerAccessProfile": {
      "enablePrivateCluster": true,
      "enablePrivateClusterPublicFQDN": true
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "enablePodSecurityPolicy": true
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterApiServerAccessProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_PrivateClusterPublicFQDN.json
     */
    /**
     * Sample code: Create Managed Private Cluster with Public FQDN specified.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createManagedPrivateClusterWithPublicFQDNSpecified(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS2_v2")
                                    .withOsType(OSType.LINUX)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withEnableNodePublicIp(true)
                                    .withEnableEncryptionAtHost(true)
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder"))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(mapOf())
                    .withEnableRbac(true)
                    .withEnablePodSecurityPolicy(true)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.LOAD_BALANCER)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withLoadBalancerProfile(
                                new ManagedClusterLoadBalancerProfile()
                                    .withManagedOutboundIPs(
                                        new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m"))
                    .withApiServerAccessProfile(
                        new ManagedClusterApiServerAccessProfile()
                            .withEnablePrivateCluster(true)
                            .withEnablePrivateClusterPublicFqdn(true)),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_private_cluster_public_fqdn.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "location": "location1",
            "properties": {
                "addonProfiles": {},
                "agentPoolProfiles": [
                    {
                        "count": 3,
                        "enableEncryptionAtHost": True,
                        "enableNodePublicIP": True,
                        "mode": "System",
                        "name": "nodepool1",
                        "osType": "Linux",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS2_v2",
                    }
                ],
                "apiServerAccessProfile": {"enablePrivateCluster": True, "enablePrivateClusterPublicFQDN": True},
                "autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
                "dnsPrefix": "dnsprefix1",
                "enablePodSecurityPolicy": True,
                "enableRBAC": True,
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
                    "loadBalancerSku": "standard",
                    "outboundType": "loadBalancer",
                },
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_PrivateClusterPublicFQDN.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_PrivateClusterPublicFQDN.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedPrivateClusterWithPublicFqdnSpecified() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type:                   to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					Count:                  to.Ptr[int32](3),
					EnableEncryptionAtHost: to.Ptr(true),
					EnableNodePublicIP:     to.Ptr(true),
					Mode:                   to.Ptr(armcontainerservice.AgentPoolModeSystem),
					OSType:                 to.Ptr(armcontainerservice.OSTypeLinux),
					VMSize:                 to.Ptr("Standard_DS2_v2"),
					Name:                   to.Ptr("nodepool1"),
				}},
			APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
				EnablePrivateCluster:           to.Ptr(true),
				EnablePrivateClusterPublicFQDN: to.Ptr(true),
			},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				ScaleDownDelayAfterAdd: to.Ptr("15m"),
				ScanInterval:           to.Ptr("20s"),
			},
			DNSPrefix:               to.Ptr("dnsprefix1"),
			EnablePodSecurityPolicy: to.Ptr(true),
			EnableRBAC:              to.Ptr(true),
			KubernetesVersion:       to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
						Count: to.Ptr[int32](2),
					},
				},
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				Count: to.Ptr[int32](3),
	// 				CurrentOrchestratorVersion: to.Ptr("1.9.6"),
	// 				EnableEncryptionAtHost: to.Ptr(true),
	// 				EnableNodePublicIP: to.Ptr(true),
	// 				MaxPods: to.Ptr[int32](110),
	// 				Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 				NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 				OrchestratorVersion: to.Ptr("1.9.6"),
	// 				OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 				ProvisioningState: to.Ptr("Succeeded"),
	// 				VMSize: to.Ptr("Standard_DS2_v2"),
	// 				Name: to.Ptr("nodepool1"),
	// 		}},
	// 		APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
	// 			EnablePrivateCluster: to.Ptr(true),
	// 			EnablePrivateClusterPublicFQDN: to.Ptr(true),
	// 			PrivateDNSZone: to.Ptr("system"),
	// 		},
	// 		AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 			ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 			ScanInterval: to.Ptr("20s"),
	// 		},
	// 		CurrentKubernetesVersion: to.Ptr("1.9.6"),
	// 		DNSPrefix: to.Ptr("dnsprefix1"),
	// 		EnablePodSecurityPolicy: to.Ptr(true),
	// 		EnableRBAC: to.Ptr(true),
	// 		Fqdn: to.Ptr("dnsprefix1-ee788a1f.hcp.location1.azmk8s.io"),
	// 		KubernetesVersion: to.Ptr("1.9.6"),
	// 		LinuxProfile: &armcontainerservice.LinuxProfile{
	// 			AdminUsername: to.Ptr("azureuser"),
	// 			SSH: &armcontainerservice.SSHConfiguration{
	// 				PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 					{
	// 						KeyData: to.Ptr("keydata"),
	// 				}},
	// 			},
	// 		},
	// 		MaxAgentPools: to.Ptr[int32](1),
	// 		NetworkProfile: &armcontainerservice.NetworkProfile{
	// 			DNSServiceIP: to.Ptr("10.0.0.10"),
	// 			IPFamilies: []*armcontainerservice.IPFamily{
	// 				to.Ptr(armcontainerservice.IPFamilyIPv4)},
	// 				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
	// 					AllocatedOutboundPorts: to.Ptr[int32](2000),
	// 					EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 						},
	// 						{
	// 							ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 					}},
	// 					IdleTimeoutInMinutes: to.Ptr[int32](10),
	// 					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
	// 						Count: to.Ptr[int32](2),
	// 					},
	// 				},
	// 				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 				NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 				OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
	// 				PodCidr: to.Ptr("10.244.0.0/16"),
	// 				PodCidrs: []*string{
	// 					to.Ptr("10.244.0.0/16")},
	// 					ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 					ServiceCidrs: []*string{
	// 						to.Ptr("10.0.0.0/16")},
	// 					},
	// 					NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 					PrivateFQDN: to.Ptr("dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io"),
	// 					ProvisioningState: to.Ptr("Succeeded"),
	// 					ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 						ClientID: to.Ptr("clientid"),
	// 					},
	// 					WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 						AdminUsername: to.Ptr("azureuser"),
	// 					},
	// 				},
	// 			}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_PrivateClusterPublicFQDN.json
 */
async function createManagedPrivateClusterWithPublicFqdnSpecified() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    addonProfiles: {},
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        count: 3,
        enableEncryptionAtHost: true,
        enableNodePublicIP: true,
        mode: "System",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
      },
    ],
    apiServerAccessProfile: {
      enablePrivateCluster: true,
      enablePrivateClusterPublicFqdn: true,
    },
    autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
    dnsPrefix: "dnsprefix1",
    enablePodSecurityPolicy: true,
    enableRbac: true,
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
      loadBalancerSku: "standard",
      outboundType: "loadBalancer",
    },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "apiServerAccessProfile": {
      "enablePrivateCluster": true,
      "enablePrivateClusterPublicFQDN": true,
      "privateDNSZone": "system"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
    "privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "apiServerAccessProfile": {
      "enablePrivateCluster": true,
      "enablePrivateClusterPublicFQDN": true,
      "privateDNSZone": "system"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
    "privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create/Update AAD Managed Cluster with EnableAzureRBAC

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "aadProfile": {
      "managed": true,
      "enableAzureRBAC": true
    },
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAadProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_UpdateWithEnableAzureRBAC.json
     */
    /**
     * Sample code: Create/Update AAD Managed Cluster with EnableAzureRBAC.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createUpdateAADManagedClusterWithEnableAzureRBAC(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS1_v2")
                                    .withOsType(OSType.LINUX)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withAvailabilityZones(Arrays.asList("1", "2", "3"))
                                    .withEnableNodePublicIp(true)
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder"))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(mapOf())
                    .withEnableRbac(true)
                    .withEnablePodSecurityPolicy(true)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.LOAD_BALANCER)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withLoadBalancerProfile(
                                new ManagedClusterLoadBalancerProfile()
                                    .withManagedOutboundIPs(
                                        new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
                    .withAadProfile(new ManagedClusterAadProfile().withManaged(true).withEnableAzureRbac(true))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m"))
                    .withDiskEncryptionSetId(
                        "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_update_with_enable_azure_rbac.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "location": "location1",
            "properties": {
                "aadProfile": {"enableAzureRBAC": True, "managed": True},
                "addonProfiles": {},
                "agentPoolProfiles": [
                    {
                        "availabilityZones": ["1", "2", "3"],
                        "count": 3,
                        "enableNodePublicIP": True,
                        "mode": "System",
                        "name": "nodepool1",
                        "osType": "Linux",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS1_v2",
                    }
                ],
                "autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
                "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
                "dnsPrefix": "dnsprefix1",
                "enablePodSecurityPolicy": True,
                "enableRBAC": True,
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
                    "loadBalancerSku": "standard",
                    "outboundType": "loadBalancer",
                },
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_UpdateWithEnableAzureRBAC.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_UpdateWithEnableAzureRBAC.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateAadManagedClusterWithEnableAzureRbac() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AADProfile: &armcontainerservice.ManagedClusterAADProfile{
				EnableAzureRBAC: to.Ptr(true),
				Managed:         to.Ptr(true),
			},
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					AvailabilityZones: []*string{
						to.Ptr("1"),
						to.Ptr("2"),
						to.Ptr("3")},
					Count:              to.Ptr[int32](3),
					EnableNodePublicIP: to.Ptr(true),
					Mode:               to.Ptr(armcontainerservice.AgentPoolModeSystem),
					OSType:             to.Ptr(armcontainerservice.OSTypeLinux),
					VMSize:             to.Ptr("Standard_DS1_v2"),
					Name:               to.Ptr("nodepool1"),
				}},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				ScaleDownDelayAfterAdd: to.Ptr("15m"),
				ScanInterval:           to.Ptr("20s"),
			},
			DiskEncryptionSetID:     to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
			DNSPrefix:               to.Ptr("dnsprefix1"),
			EnablePodSecurityPolicy: to.Ptr(true),
			EnableRBAC:              to.Ptr(true),
			KubernetesVersion:       to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
						Count: to.Ptr[int32](2),
					},
				},
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AADProfile: &armcontainerservice.ManagedClusterAADProfile{
	// 			EnableAzureRBAC: to.Ptr(true),
	// 			Managed: to.Ptr(true),
	// 			TenantID: to.Ptr("tenantID"),
	// 		},
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				AvailabilityZones: []*string{
	// 					to.Ptr("1"),
	// 					to.Ptr("2"),
	// 					to.Ptr("3")},
	// 					Count: to.Ptr[int32](3),
	// 					CurrentOrchestratorVersion: to.Ptr("1.9.6"),
	// 					EnableNodePublicIP: to.Ptr(true),
	// 					MaxPods: to.Ptr[int32](110),
	// 					Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 					NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 					OrchestratorVersion: to.Ptr("1.9.6"),
	// 					OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 					ProvisioningState: to.Ptr("Succeeded"),
	// 					VMSize: to.Ptr("Standard_DS1_v2"),
	// 					Name: to.Ptr("nodepool1"),
	// 			}},
	// 			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 				ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 				ScanInterval: to.Ptr("20s"),
	// 			},
	// 			CurrentKubernetesVersion: to.Ptr("1.9.6"),
	// 			DiskEncryptionSetID: to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
	// 			DNSPrefix: to.Ptr("dnsprefix1"),
	// 			EnablePodSecurityPolicy: to.Ptr(true),
	// 			EnableRBAC: to.Ptr(true),
	// 			Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
	// 			KubernetesVersion: to.Ptr("1.9.6"),
	// 			LinuxProfile: &armcontainerservice.LinuxProfile{
	// 				AdminUsername: to.Ptr("azureuser"),
	// 				SSH: &armcontainerservice.SSHConfiguration{
	// 					PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 						{
	// 							KeyData: to.Ptr("keydata"),
	// 					}},
	// 				},
	// 			},
	// 			MaxAgentPools: to.Ptr[int32](1),
	// 			NetworkProfile: &armcontainerservice.NetworkProfile{
	// 				DNSServiceIP: to.Ptr("10.0.0.10"),
	// 				IPFamilies: []*armcontainerservice.IPFamily{
	// 					to.Ptr(armcontainerservice.IPFamilyIPv4)},
	// 					LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
	// 						AllocatedOutboundPorts: to.Ptr[int32](2000),
	// 						EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 							{
	// 								ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 							},
	// 							{
	// 								ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 						}},
	// 						IdleTimeoutInMinutes: to.Ptr[int32](10),
	// 						ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
	// 							Count: to.Ptr[int32](2),
	// 						},
	// 					},
	// 					LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 					NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 					OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
	// 					PodCidr: to.Ptr("10.244.0.0/16"),
	// 					PodCidrs: []*string{
	// 						to.Ptr("10.244.0.0/16")},
	// 						ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 						ServiceCidrs: []*string{
	// 							to.Ptr("10.0.0.0/16")},
	// 						},
	// 						NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 						ProvisioningState: to.Ptr("Succeeded"),
	// 						ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 							ClientID: to.Ptr("clientid"),
	// 						},
	// 						WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 							AdminUsername: to.Ptr("azureuser"),
	// 						},
	// 					},
	// 				}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_UpdateWithEnableAzureRBAC.json
 */
async function createOrUpdateAadManagedClusterWithEnableAzureRbac() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    aadProfile: { enableAzureRbac: true, managed: true },
    addonProfiles: {},
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        availabilityZones: ["1", "2", "3"],
        count: 3,
        enableNodePublicIP: true,
        mode: "System",
        osType: "Linux",
        vmSize: "Standard_DS1_v2",
      },
    ],
    autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
    diskEncryptionSetID:
      "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    dnsPrefix: "dnsprefix1",
    enablePodSecurityPolicy: true,
    enableRbac: true,
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
      loadBalancerSku: "standard",
      outboundType: "loadBalancer",
    },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "aadProfile": {
      "managed": true,
      "adminGroupObjectIDs": null,
      "enableAzureRBAC": true,
      "tenantID": "tenantID"
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "aadProfile": {
      "managed": true,
      "adminGroupObjectIDs": null,
      "enableAzureRBAC": true,
      "tenantID": "tenantID"
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  }
}

Create/Update Managed Cluster

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "scaleDownMode": "Deallocate",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "upgradeSettings": {
      "overrideSettings": {
        "forceUpgrade": false,
        "until": "2022-11-01T13:00:00Z"
      }
    },
    "autoScalerProfile": {
      "balance-similar-node-groups": "true",
      "expander": "priority",
      "max-node-provision-time": "15m",
      "new-pod-scale-up-delay": "1m",
      "scale-down-delay-after-add": "15m",
      "scan-interval": "20s",
      "skip-nodes-with-system-pods": "false"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
    }
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ClusterUpgradeSettings;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.Expander;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.ManagedServiceIdentityUserAssignedIdentitiesValue;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ResourceIdentityType;
import com.azure.resourcemanager.containerservice.models.ScaleDownMode;
import com.azure.resourcemanager.containerservice.models.UpgradeOverrideSettings;
import java.time.OffsetDateTime;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_Update.json
     */
    /**
     * Sample code: Create/Update Managed Cluster.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createUpdateManagedCluster(com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withIdentity(
                        new ManagedClusterIdentity()
                            .withType(ResourceIdentityType.USER_ASSIGNED)
                            .withUserAssignedIdentities(
                                mapOf(
                                    "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1",
                                    new ManagedServiceIdentityUserAssignedIdentitiesValue())))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS1_v2")
                                    .withOsType(OSType.LINUX)
                                    .withScaleDownMode(ScaleDownMode.DEALLOCATE)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withAvailabilityZones(Arrays.asList("1", "2", "3"))
                                    .withEnableNodePublicIp(true)
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder"))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(mapOf())
                    .withEnableRbac(true)
                    .withEnablePodSecurityPolicy(true)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.LOAD_BALANCER)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withLoadBalancerProfile(
                                new ManagedClusterLoadBalancerProfile()
                                    .withManagedOutboundIPs(
                                        new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
                    .withUpgradeSettings(
                        new ClusterUpgradeSettings()
                            .withOverrideSettings(
                                new UpgradeOverrideSettings()
                                    .withForceUpgrade(false)
                                    .withUntil(OffsetDateTime.parse("2022-11-01T13:00:00Z"))))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withBalanceSimilarNodeGroups("true")
                            .withExpander(Expander.PRIORITY)
                            .withMaxNodeProvisionTime("15m")
                            .withNewPodScaleUpDelay("1m")
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m")
                            .withSkipNodesWithSystemPods("false"))
                    .withDiskEncryptionSetId(
                        "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_update.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "identity": {
                "type": "UserAssigned",
                "userAssignedIdentities": {
                    "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
                },
            },
            "location": "location1",
            "properties": {
                "addonProfiles": {},
                "agentPoolProfiles": [
                    {
                        "availabilityZones": ["1", "2", "3"],
                        "count": 3,
                        "enableNodePublicIP": True,
                        "mode": "System",
                        "name": "nodepool1",
                        "osType": "Linux",
                        "scaleDownMode": "Deallocate",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS1_v2",
                    }
                ],
                "autoScalerProfile": {
                    "balance-similar-node-groups": "true",
                    "expander": "priority",
                    "max-node-provision-time": "15m",
                    "new-pod-scale-up-delay": "1m",
                    "scale-down-delay-after-add": "15m",
                    "scan-interval": "20s",
                    "skip-nodes-with-system-pods": "false",
                },
                "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
                "dnsPrefix": "dnsprefix1",
                "enablePodSecurityPolicy": True,
                "enableRBAC": True,
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
                    "loadBalancerSku": "standard",
                    "outboundType": "loadBalancer",
                },
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "upgradeSettings": {"overrideSettings": {"forceUpgrade": False, "until": "2022-11-01T13:00:00Z"}},
                "windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_Update.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"time"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_Update.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedCluster() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Identity: &armcontainerservice.ManagedClusterIdentity{
			Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
			UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
				"/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {},
			},
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					AvailabilityZones: []*string{
						to.Ptr("1"),
						to.Ptr("2"),
						to.Ptr("3")},
					Count:              to.Ptr[int32](3),
					EnableNodePublicIP: to.Ptr(true),
					Mode:               to.Ptr(armcontainerservice.AgentPoolModeSystem),
					OSType:             to.Ptr(armcontainerservice.OSTypeLinux),
					ScaleDownMode:      to.Ptr(armcontainerservice.ScaleDownModeDeallocate),
					VMSize:             to.Ptr("Standard_DS1_v2"),
					Name:               to.Ptr("nodepool1"),
				}},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				BalanceSimilarNodeGroups: to.Ptr("true"),
				Expander:                 to.Ptr(armcontainerservice.ExpanderPriority),
				MaxNodeProvisionTime:     to.Ptr("15m"),
				NewPodScaleUpDelay:       to.Ptr("1m"),
				ScaleDownDelayAfterAdd:   to.Ptr("15m"),
				ScanInterval:             to.Ptr("20s"),
				SkipNodesWithSystemPods:  to.Ptr("false"),
			},
			DiskEncryptionSetID:     to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
			DNSPrefix:               to.Ptr("dnsprefix1"),
			EnablePodSecurityPolicy: to.Ptr(true),
			EnableRBAC:              to.Ptr(true),
			KubernetesVersion:       to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
						Count: to.Ptr[int32](2),
					},
				},
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			UpgradeSettings: &armcontainerservice.ClusterUpgradeSettings{
				OverrideSettings: &armcontainerservice.UpgradeOverrideSettings{
					ForceUpgrade: to.Ptr(false),
					Until:        to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-01T13:00:00Z"); return t }()),
				},
			},
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Identity: &armcontainerservice.ManagedClusterIdentity{
	// 		Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
	// 		UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
	// 			"/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": &armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
	// 				ClientID: to.Ptr("clientId1"),
	// 				PrincipalID: to.Ptr("principalId1"),
	// 			},
	// 		},
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				AvailabilityZones: []*string{
	// 					to.Ptr("1"),
	// 					to.Ptr("2"),
	// 					to.Ptr("3")},
	// 					Count: to.Ptr[int32](3),
	// 					CurrentOrchestratorVersion: to.Ptr("1.9.6"),
	// 					EnableNodePublicIP: to.Ptr(true),
	// 					MaxPods: to.Ptr[int32](110),
	// 					Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 					NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 					OrchestratorVersion: to.Ptr("1.9.6"),
	// 					OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 					ProvisioningState: to.Ptr("Succeeded"),
	// 					ScaleDownMode: to.Ptr(armcontainerservice.ScaleDownModeDeallocate),
	// 					VMSize: to.Ptr("Standard_DS1_v2"),
	// 					Name: to.Ptr("nodepool1"),
	// 			}},
	// 			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 				BalanceSimilarNodeGroups: to.Ptr("true"),
	// 				Expander: to.Ptr(armcontainerservice.ExpanderPriority),
	// 				MaxNodeProvisionTime: to.Ptr("15m"),
	// 				NewPodScaleUpDelay: to.Ptr("1m"),
	// 				ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 				ScanInterval: to.Ptr("20s"),
	// 				SkipNodesWithSystemPods: to.Ptr("false"),
	// 			},
	// 			CurrentKubernetesVersion: to.Ptr("1.9.6"),
	// 			DiskEncryptionSetID: to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
	// 			DNSPrefix: to.Ptr("dnsprefix1"),
	// 			EnablePodSecurityPolicy: to.Ptr(true),
	// 			EnableRBAC: to.Ptr(true),
	// 			Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
	// 			KubernetesVersion: to.Ptr("1.9.6"),
	// 			LinuxProfile: &armcontainerservice.LinuxProfile{
	// 				AdminUsername: to.Ptr("azureuser"),
	// 				SSH: &armcontainerservice.SSHConfiguration{
	// 					PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 						{
	// 							KeyData: to.Ptr("keydata"),
	// 					}},
	// 				},
	// 			},
	// 			MaxAgentPools: to.Ptr[int32](1),
	// 			NetworkProfile: &armcontainerservice.NetworkProfile{
	// 				DNSServiceIP: to.Ptr("10.0.0.10"),
	// 				IPFamilies: []*armcontainerservice.IPFamily{
	// 					to.Ptr(armcontainerservice.IPFamilyIPv4)},
	// 					LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
	// 						AllocatedOutboundPorts: to.Ptr[int32](2000),
	// 						EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 							{
	// 								ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 							},
	// 							{
	// 								ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 						}},
	// 						IdleTimeoutInMinutes: to.Ptr[int32](10),
	// 						ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
	// 							Count: to.Ptr[int32](2),
	// 						},
	// 					},
	// 					LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 					NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 					OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
	// 					PodCidr: to.Ptr("10.244.0.0/16"),
	// 					PodCidrs: []*string{
	// 						to.Ptr("10.244.0.0/16")},
	// 						ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 						ServiceCidrs: []*string{
	// 							to.Ptr("10.0.0.0/16")},
	// 						},
	// 						NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 						ProvisioningState: to.Ptr("Succeeded"),
	// 						ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 							ClientID: to.Ptr("clientid"),
	// 						},
	// 						UpgradeSettings: &armcontainerservice.ClusterUpgradeSettings{
	// 							OverrideSettings: &armcontainerservice.UpgradeOverrideSettings{
	// 								ForceUpgrade: to.Ptr(false),
	// 								Until: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-01T13:00:00Z"); return t}()),
	// 							},
	// 						},
	// 						WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 							AdminUsername: to.Ptr("azureuser"),
	// 						},
	// 					},
	// 				}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_Update.json
 */
async function createOrUpdateManagedCluster() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    addonProfiles: {},
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        availabilityZones: ["1", "2", "3"],
        count: 3,
        enableNodePublicIP: true,
        mode: "System",
        osType: "Linux",
        scaleDownMode: "Deallocate",
        vmSize: "Standard_DS1_v2",
      },
    ],
    autoScalerProfile: {
      balanceSimilarNodeGroups: "true",
      expander: "priority",
      maxNodeProvisionTime: "15m",
      newPodScaleUpDelay: "1m",
      scaleDownDelayAfterAdd: "15m",
      scanInterval: "20s",
      skipNodesWithSystemPods: "false",
    },
    diskEncryptionSetID:
      "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    dnsPrefix: "dnsprefix1",
    enablePodSecurityPolicy: true,
    enableRbac: true,
    identity: {
      type: "UserAssigned",
      userAssignedIdentities: {
        "/subscriptions/subid1/resourceGroups/rgName1/providers/MicrosoftManagedIdentity/userAssignedIdentities/identity1":
          {},
      },
    },
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
      loadBalancerSku: "standard",
      outboundType: "loadBalancer",
    },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
    upgradeSettings: {
      overrideSettings: {
        forceUpgrade: false,
        until: new Date("2022-11-01T13:00:00Z"),
      },
    },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "scaleDownMode": "Deallocate",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "upgradeSettings": {
      "overrideSettings": {
        "forceUpgrade": false,
        "until": "2022-11-01T13:00:00Z"
      }
    },
    "autoScalerProfile": {
      "balance-similar-node-groups": "true",
      "expander": "priority",
      "max-node-provision-time": "15m",
      "new-pod-scale-up-delay": "1m",
      "scale-down-delay-after-add": "15m",
      "scan-interval": "20s",
      "skip-nodes-with-system-pods": "false"
    }
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
        "principalId": "principalId1",
        "clientId": "clientId1"
      }
    }
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "scaleDownMode": "Deallocate",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
        "principalId": "principalId1",
        "clientId": "clientId1"
      }
    }
  }
}

Create/Update Managed Cluster with Azure Service Mesh

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "serviceMeshProfile": {
      "mode": "Istio",
      "istio": {
        "components": {
          "ingressGateways": [
            {
              "enabled": true,
              "mode": "Internal"
            }
          ],
          "egressGateways": [
            {
              "enabled": true,
              "nodeSelector": {
                "istio": "egress"
              }
            }
          ]
        },
        "certificateAuthority": {
          "plugin": {
            "keyVaultId": "/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
            "certObjectName": "ca-cert",
            "keyObjectName": "ca-key",
            "rootCertObjectName": "root-cert",
            "certChainObjectName": "cert-chain"
          }
        }
      }
    },
    "addonProfiles": {
      "azureKeyvaultSecretsProvider": {
        "enabled": true,
        "config": {
          "enableSecretRotation": "true",
          "rotationPollInterval": "2m"
        }
      }
    },
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.IstioCertificateAuthority;
import com.azure.resourcemanager.containerservice.models.IstioComponents;
import com.azure.resourcemanager.containerservice.models.IstioEgressGateway;
import com.azure.resourcemanager.containerservice.models.IstioIngressGateway;
import com.azure.resourcemanager.containerservice.models.IstioIngressGatewayMode;
import com.azure.resourcemanager.containerservice.models.IstioPluginCertificateAuthority;
import com.azure.resourcemanager.containerservice.models.IstioServiceMesh;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAddonProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ServiceMeshMode;
import com.azure.resourcemanager.containerservice.models.ServiceMeshProfile;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_AzureServiceMesh.json
     */
    /**
     * Sample code: Create/Update Managed Cluster with Azure Service Mesh.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createUpdateManagedClusterWithAzureServiceMesh(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS2_v2")
                                    .withOsType(OSType.LINUX)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withEnableNodePublicIp(true)
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder"))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(
                        mapOf(
                            "azureKeyvaultSecretsProvider",
                            new ManagedClusterAddonProfile()
                                .withEnabled(true)
                                .withConfig(
                                    mapOf(
                                        "enableSecretRotation", "fakeTokenPlaceholder", "rotationPollInterval", "2m"))))
                    .withEnableRbac(true)
                    .withEnablePodSecurityPolicy(true)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.LOAD_BALANCER)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withLoadBalancerProfile(
                                new ManagedClusterLoadBalancerProfile()
                                    .withManagedOutboundIPs(
                                        new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m"))
                    .withDiskEncryptionSetId(
                        "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
                    .withServiceMeshProfile(
                        new ServiceMeshProfile()
                            .withMode(ServiceMeshMode.ISTIO)
                            .withIstio(
                                new IstioServiceMesh()
                                    .withComponents(
                                        new IstioComponents()
                                            .withIngressGateways(
                                                Arrays
                                                    .asList(
                                                        new IstioIngressGateway()
                                                            .withMode(IstioIngressGatewayMode.INTERNAL)
                                                            .withEnabled(true)))
                                            .withEgressGateways(
                                                Arrays
                                                    .asList(
                                                        new IstioEgressGateway()
                                                            .withEnabled(true)
                                                            .withNodeSelector(mapOf("istio", "egress")))))
                                    .withCertificateAuthority(
                                        new IstioCertificateAuthority()
                                            .withPlugin(
                                                new IstioPluginCertificateAuthority()
                                                    .withKeyVaultId("fakeTokenPlaceholder")
                                                    .withCertObjectName("ca-cert")
                                                    .withKeyObjectName("fakeTokenPlaceholder")
                                                    .withRootCertObjectName("root-cert")
                                                    .withCertChainObjectName("cert-chain"))))),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_azure_service_mesh.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "location": "location1",
            "properties": {
                "addonProfiles": {
                    "azureKeyvaultSecretsProvider": {
                        "config": {"enableSecretRotation": "true", "rotationPollInterval": "2m"},
                        "enabled": True,
                    }
                },
                "agentPoolProfiles": [
                    {
                        "count": 3,
                        "enableNodePublicIP": True,
                        "mode": "System",
                        "name": "nodepool1",
                        "osType": "Linux",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS2_v2",
                    }
                ],
                "autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
                "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
                "dnsPrefix": "dnsprefix1",
                "enablePodSecurityPolicy": True,
                "enableRBAC": True,
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
                    "loadBalancerSku": "standard",
                    "outboundType": "loadBalancer",
                },
                "serviceMeshProfile": {
                    "istio": {
                        "certificateAuthority": {
                            "plugin": {
                                "certChainObjectName": "cert-chain",
                                "certObjectName": "ca-cert",
                                "keyObjectName": "ca-key",
                                "keyVaultId": "/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
                                "rootCertObjectName": "root-cert",
                            }
                        },
                        "components": {
                            "egressGateways": [{"enabled": True, "nodeSelector": {"istio": "egress"}}],
                            "ingressGateways": [{"enabled": True, "mode": "Internal"}],
                        },
                    },
                    "mode": "Istio",
                },
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_AzureServiceMesh.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_AzureServiceMesh.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedClusterWithAzureServiceMesh() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{
				"azureKeyvaultSecretsProvider": {
					Config: map[string]*string{
						"enableSecretRotation": to.Ptr("true"),
						"rotationPollInterval": to.Ptr("2m"),
					},
					Enabled: to.Ptr(true),
				},
			},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type:               to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					Count:              to.Ptr[int32](3),
					EnableNodePublicIP: to.Ptr(true),
					Mode:               to.Ptr(armcontainerservice.AgentPoolModeSystem),
					OSType:             to.Ptr(armcontainerservice.OSTypeLinux),
					VMSize:             to.Ptr("Standard_DS2_v2"),
					Name:               to.Ptr("nodepool1"),
				}},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				ScaleDownDelayAfterAdd: to.Ptr("15m"),
				ScanInterval:           to.Ptr("20s"),
			},
			DiskEncryptionSetID:     to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
			DNSPrefix:               to.Ptr("dnsprefix1"),
			EnablePodSecurityPolicy: to.Ptr(true),
			EnableRBAC:              to.Ptr(true),
			KubernetesVersion:       to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
						Count: to.Ptr[int32](2),
					},
				},
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
			},
			ServiceMeshProfile: &armcontainerservice.ServiceMeshProfile{
				Istio: &armcontainerservice.IstioServiceMesh{
					CertificateAuthority: &armcontainerservice.IstioCertificateAuthority{
						Plugin: &armcontainerservice.IstioPluginCertificateAuthority{
							CertChainObjectName: to.Ptr("cert-chain"),
							CertObjectName:      to.Ptr("ca-cert"),
							KeyObjectName:       to.Ptr("ca-key"),
							KeyVaultID:          to.Ptr("/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv"),
							RootCertObjectName:  to.Ptr("root-cert"),
						},
					},
					Components: &armcontainerservice.IstioComponents{
						EgressGateways: []*armcontainerservice.IstioEgressGateway{
							{
								Enabled: to.Ptr(true),
								NodeSelector: map[string]*string{
									"istio": to.Ptr("egress"),
								},
							}},
						IngressGateways: []*armcontainerservice.IstioIngressGateway{
							{
								Enabled: to.Ptr(true),
								Mode:    to.Ptr(armcontainerservice.IstioIngressGatewayModeInternal),
							}},
					},
				},
				Mode: to.Ptr(armcontainerservice.ServiceMeshModeIstio),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{
	// 			"azureKeyvaultSecretsProvider": &armcontainerservice.ManagedClusterAddonProfile{
	// 				Config: map[string]*string{
	// 					"enableSecretRotation": to.Ptr("true"),
	// 					"rotationPollInterval": to.Ptr("2m"),
	// 				},
	// 				Enabled: to.Ptr(true),
	// 			},
	// 		},
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				Count: to.Ptr[int32](3),
	// 				EnableEncryptionAtHost: to.Ptr(true),
	// 				EnableNodePublicIP: to.Ptr(true),
	// 				MaxPods: to.Ptr[int32](110),
	// 				Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 				NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 				OrchestratorVersion: to.Ptr("1.9.6"),
	// 				OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 				ProvisioningState: to.Ptr("Succeeded"),
	// 				VMSize: to.Ptr("Standard_DS2_v2"),
	// 				Name: to.Ptr("nodepool1"),
	// 		}},
	// 		AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 			ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 			ScanInterval: to.Ptr("20s"),
	// 		},
	// 		DiskEncryptionSetID: to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
	// 		DNSPrefix: to.Ptr("dnsprefix1"),
	// 		EnablePodSecurityPolicy: to.Ptr(true),
	// 		EnableRBAC: to.Ptr(true),
	// 		Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
	// 		KubernetesVersion: to.Ptr("1.9.6"),
	// 		LinuxProfile: &armcontainerservice.LinuxProfile{
	// 			AdminUsername: to.Ptr("azureuser"),
	// 			SSH: &armcontainerservice.SSHConfiguration{
	// 				PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 					{
	// 						KeyData: to.Ptr("keydata"),
	// 				}},
	// 			},
	// 		},
	// 		MaxAgentPools: to.Ptr[int32](1),
	// 		NetworkProfile: &armcontainerservice.NetworkProfile{
	// 			DNSServiceIP: to.Ptr("10.0.0.10"),
	// 			LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
	// 				AllocatedOutboundPorts: to.Ptr[int32](2000),
	// 				EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 					{
	// 						ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 					},
	// 					{
	// 						ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 				}},
	// 				IdleTimeoutInMinutes: to.Ptr[int32](10),
	// 				ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
	// 					Count: to.Ptr[int32](2),
	// 				},
	// 			},
	// 			LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 			NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 			OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
	// 			PodCidr: to.Ptr("10.244.0.0/16"),
	// 			ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 		},
	// 		NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 		ProvisioningState: to.Ptr("Succeeded"),
	// 		ServiceMeshProfile: &armcontainerservice.ServiceMeshProfile{
	// 			Istio: &armcontainerservice.IstioServiceMesh{
	// 				CertificateAuthority: &armcontainerservice.IstioCertificateAuthority{
	// 					Plugin: &armcontainerservice.IstioPluginCertificateAuthority{
	// 						CertChainObjectName: to.Ptr("cert-chain"),
	// 						CertObjectName: to.Ptr("ca-cert"),
	// 						KeyObjectName: to.Ptr("ca-key"),
	// 						KeyVaultID: to.Ptr("/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv"),
	// 						RootCertObjectName: to.Ptr("root-cert"),
	// 					},
	// 				},
	// 				Components: &armcontainerservice.IstioComponents{
	// 					EgressGateways: []*armcontainerservice.IstioEgressGateway{
	// 						{
	// 							Enabled: to.Ptr(true),
	// 							NodeSelector: map[string]*string{
	// 								"istio": to.Ptr("egress"),
	// 							},
	// 					}},
	// 					IngressGateways: []*armcontainerservice.IstioIngressGateway{
	// 						{
	// 							Enabled: to.Ptr(true),
	// 							Mode: to.Ptr(armcontainerservice.IstioIngressGatewayModeInternal),
	// 					}},
	// 				},
	// 				Revisions: []*string{
	// 					to.Ptr("asm-1-17")},
	// 				},
	// 				Mode: to.Ptr(armcontainerservice.ServiceMeshModeIstio),
	// 			},
	// 			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 				ClientID: to.Ptr("clientid"),
	// 			},
	// 			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 				AdminUsername: to.Ptr("azureuser"),
	// 			},
	// 		},
	// 	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_AzureServiceMesh.json
 */
async function createOrUpdateManagedClusterWithAzureServiceMesh() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    addonProfiles: {
      azureKeyvaultSecretsProvider: {
        config: { enableSecretRotation: "true", rotationPollInterval: "2m" },
        enabled: true,
      },
    },
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        count: 3,
        enableNodePublicIP: true,
        mode: "System",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
      },
    ],
    autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
    diskEncryptionSetID:
      "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    dnsPrefix: "dnsprefix1",
    enablePodSecurityPolicy: true,
    enableRbac: true,
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
      loadBalancerSku: "standard",
      outboundType: "loadBalancer",
    },
    serviceMeshProfile: {
      istio: {
        certificateAuthority: {
          plugin: {
            certChainObjectName: "cert-chain",
            certObjectName: "ca-cert",
            keyObjectName: "ca-key",
            keyVaultId:
              "/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
            rootCertObjectName: "root-cert",
          },
        },
        components: {
          egressGateways: [{ enabled: true, nodeSelector: { istio: "egress" } }],
          ingressGateways: [{ enabled: true, mode: "Internal" }],
        },
      },
      mode: "Istio",
    },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "addonProfiles": {
      "azureKeyvaultSecretsProvider": {
        "enabled": true,
        "config": {
          "enableSecretRotation": "true",
          "rotationPollInterval": "2m"
        }
      }
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "serviceMeshProfile": {
      "mode": "Istio",
      "istio": {
        "components": {
          "ingressGateways": [
            {
              "enabled": true,
              "mode": "Internal"
            }
          ],
          "egressGateways": [
            {
              "enabled": true,
              "nodeSelector": {
                "istio": "egress"
              }
            }
          ]
        },
        "certificateAuthority": {
          "plugin": {
            "keyVaultId": "/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
            "certObjectName": "ca-cert",
            "keyObjectName": "ca-key",
            "rootCertObjectName": "root-cert",
            "certChainObjectName": "cert-chain"
          }
        },
        "revisions": [
          "asm-1-17"
        ]
      }
    }
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS2_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "enableNodePublicIP": true,
        "mode": "System",
        "enableEncryptionAtHost": true
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "addonProfiles": {
      "azureKeyvaultSecretsProvider": {
        "enabled": true,
        "config": {
          "enableSecretRotation": "true",
          "rotationPollInterval": "2m"
        }
      }
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "serviceMeshProfile": {
      "mode": "Istio",
      "istio": {
        "components": {
          "ingressGateways": [
            {
              "enabled": true,
              "mode": "Internal"
            }
          ],
          "egressGateways": [
            {
              "enabled": true,
              "nodeSelector": {
                "istio": "egress"
              }
            }
          ]
        },
        "certificateAuthority": {
          "plugin": {
            "keyVaultId": "/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
            "certObjectName": "ca-cert",
            "keyObjectName": "ca-key",
            "rootCertObjectName": "root-cert",
            "certChainObjectName": "cert-chain"
          }
        },
        "revisions": [
          "asm-1-17"
        ]
      }
    }
  }
}

Create/Update Managed Cluster with dual-stack networking

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "scaleDownMode": "Deallocate",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      },
      "ipFamilies": [
        "IPv4",
        "IPv6"
      ]
    },
    "autoScalerProfile": {
      "balance-similar-node-groups": "true",
      "expander": "priority",
      "max-node-provision-time": "15m",
      "new-pod-scale-up-delay": "1m",
      "scale-down-delay-after-add": "15m",
      "scan-interval": "20s",
      "skip-nodes-with-system-pods": "false"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
    }
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.Expander;
import com.azure.resourcemanager.containerservice.models.IpFamily;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.ManagedServiceIdentityUserAssignedIdentitiesValue;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ResourceIdentityType;
import com.azure.resourcemanager.containerservice.models.ScaleDownMode;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_DualStackNetworking.json
     */
    /**
     * Sample code: Create/Update Managed Cluster with dual-stack networking.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createUpdateManagedClusterWithDualStackNetworking(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withIdentity(
                        new ManagedClusterIdentity()
                            .withType(ResourceIdentityType.USER_ASSIGNED)
                            .withUserAssignedIdentities(
                                mapOf(
                                    "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1",
                                    new ManagedServiceIdentityUserAssignedIdentitiesValue())))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS1_v2")
                                    .withOsType(OSType.LINUX)
                                    .withScaleDownMode(ScaleDownMode.DEALLOCATE)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withAvailabilityZones(Arrays.asList("1", "2", "3"))
                                    .withEnableNodePublicIp(true)
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder"))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(mapOf())
                    .withEnableRbac(true)
                    .withEnablePodSecurityPolicy(true)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.LOAD_BALANCER)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withLoadBalancerProfile(
                                new ManagedClusterLoadBalancerProfile()
                                    .withManagedOutboundIPs(
                                        new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2)))
                            .withIpFamilies(Arrays.asList(IpFamily.IPV4, IpFamily.IPV6)))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withBalanceSimilarNodeGroups("true")
                            .withExpander(Expander.PRIORITY)
                            .withMaxNodeProvisionTime("15m")
                            .withNewPodScaleUpDelay("1m")
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m")
                            .withSkipNodesWithSystemPods("false"))
                    .withDiskEncryptionSetId(
                        "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_dual_stack_networking.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "identity": {
                "type": "UserAssigned",
                "userAssignedIdentities": {
                    "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
                },
            },
            "location": "location1",
            "properties": {
                "addonProfiles": {},
                "agentPoolProfiles": [
                    {
                        "availabilityZones": ["1", "2", "3"],
                        "count": 3,
                        "enableNodePublicIP": True,
                        "mode": "System",
                        "name": "nodepool1",
                        "osType": "Linux",
                        "scaleDownMode": "Deallocate",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS1_v2",
                    }
                ],
                "autoScalerProfile": {
                    "balance-similar-node-groups": "true",
                    "expander": "priority",
                    "max-node-provision-time": "15m",
                    "new-pod-scale-up-delay": "1m",
                    "scale-down-delay-after-add": "15m",
                    "scan-interval": "20s",
                    "skip-nodes-with-system-pods": "false",
                },
                "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
                "dnsPrefix": "dnsprefix1",
                "enablePodSecurityPolicy": True,
                "enableRBAC": True,
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "ipFamilies": ["IPv4", "IPv6"],
                    "loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
                    "loadBalancerSku": "standard",
                    "outboundType": "loadBalancer",
                },
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_DualStackNetworking.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_DualStackNetworking.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedClusterWithDualStackNetworking() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Identity: &armcontainerservice.ManagedClusterIdentity{
			Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
			UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
				"/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {},
			},
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					AvailabilityZones: []*string{
						to.Ptr("1"),
						to.Ptr("2"),
						to.Ptr("3")},
					Count:              to.Ptr[int32](3),
					EnableNodePublicIP: to.Ptr(true),
					Mode:               to.Ptr(armcontainerservice.AgentPoolModeSystem),
					OSType:             to.Ptr(armcontainerservice.OSTypeLinux),
					ScaleDownMode:      to.Ptr(armcontainerservice.ScaleDownModeDeallocate),
					VMSize:             to.Ptr("Standard_DS1_v2"),
					Name:               to.Ptr("nodepool1"),
				}},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				BalanceSimilarNodeGroups: to.Ptr("true"),
				Expander:                 to.Ptr(armcontainerservice.ExpanderPriority),
				MaxNodeProvisionTime:     to.Ptr("15m"),
				NewPodScaleUpDelay:       to.Ptr("1m"),
				ScaleDownDelayAfterAdd:   to.Ptr("15m"),
				ScanInterval:             to.Ptr("20s"),
				SkipNodesWithSystemPods:  to.Ptr("false"),
			},
			DiskEncryptionSetID:     to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
			DNSPrefix:               to.Ptr("dnsprefix1"),
			EnablePodSecurityPolicy: to.Ptr(true),
			EnableRBAC:              to.Ptr(true),
			KubernetesVersion:       to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				IPFamilies: []*armcontainerservice.IPFamily{
					to.Ptr(armcontainerservice.IPFamilyIPv4),
					to.Ptr(armcontainerservice.IPFamilyIPv6)},
				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
						Count: to.Ptr[int32](2),
					},
				},
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Identity: &armcontainerservice.ManagedClusterIdentity{
	// 		Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
	// 		UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
	// 			"/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": &armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
	// 				ClientID: to.Ptr("clientId1"),
	// 				PrincipalID: to.Ptr("principalId1"),
	// 			},
	// 		},
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				AvailabilityZones: []*string{
	// 					to.Ptr("1"),
	// 					to.Ptr("2"),
	// 					to.Ptr("3")},
	// 					Count: to.Ptr[int32](3),
	// 					CurrentOrchestratorVersion: to.Ptr("1.22.1"),
	// 					EnableNodePublicIP: to.Ptr(true),
	// 					MaxPods: to.Ptr[int32](110),
	// 					Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 					NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 					OrchestratorVersion: to.Ptr("1.22.1"),
	// 					OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 					ProvisioningState: to.Ptr("Succeeded"),
	// 					ScaleDownMode: to.Ptr(armcontainerservice.ScaleDownModeDeallocate),
	// 					VMSize: to.Ptr("Standard_DS1_v2"),
	// 					Name: to.Ptr("nodepool1"),
	// 			}},
	// 			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 				BalanceSimilarNodeGroups: to.Ptr("true"),
	// 				Expander: to.Ptr(armcontainerservice.ExpanderPriority),
	// 				MaxNodeProvisionTime: to.Ptr("15m"),
	// 				NewPodScaleUpDelay: to.Ptr("1m"),
	// 				ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 				ScanInterval: to.Ptr("20s"),
	// 				SkipNodesWithSystemPods: to.Ptr("false"),
	// 			},
	// 			CurrentKubernetesVersion: to.Ptr("1.22.1"),
	// 			DiskEncryptionSetID: to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
	// 			DNSPrefix: to.Ptr("dnsprefix1"),
	// 			EnablePodSecurityPolicy: to.Ptr(true),
	// 			EnableRBAC: to.Ptr(true),
	// 			Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
	// 			KubernetesVersion: to.Ptr("1.22.1"),
	// 			LinuxProfile: &armcontainerservice.LinuxProfile{
	// 				AdminUsername: to.Ptr("azureuser"),
	// 				SSH: &armcontainerservice.SSHConfiguration{
	// 					PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 						{
	// 							KeyData: to.Ptr("keydata"),
	// 					}},
	// 				},
	// 			},
	// 			MaxAgentPools: to.Ptr[int32](1),
	// 			NetworkProfile: &armcontainerservice.NetworkProfile{
	// 				DNSServiceIP: to.Ptr("10.0.0.10"),
	// 				IPFamilies: []*armcontainerservice.IPFamily{
	// 					to.Ptr(armcontainerservice.IPFamilyIPv4),
	// 					to.Ptr(armcontainerservice.IPFamilyIPv6)},
	// 					LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
	// 						AllocatedOutboundPorts: to.Ptr[int32](2000),
	// 						EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 							{
	// 								ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 							},
	// 							{
	// 								ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 							},
	// 							{
	// 								ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip3-ipv6"),
	// 						}},
	// 						IdleTimeoutInMinutes: to.Ptr[int32](10),
	// 						ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
	// 							Count: to.Ptr[int32](2),
	// 							CountIPv6: to.Ptr[int32](1),
	// 						},
	// 					},
	// 					LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 					NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 					OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
	// 					PodCidr: to.Ptr("10.244.0.0/16"),
	// 					PodCidrs: []*string{
	// 						to.Ptr("10.244.0.0/16"),
	// 						to.Ptr("fd11:1234::/64")},
	// 						ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 						ServiceCidrs: []*string{
	// 							to.Ptr("10.0.0.0/16"),
	// 							to.Ptr("fd00:1234::/108")},
	// 						},
	// 						NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 						ProvisioningState: to.Ptr("Succeeded"),
	// 						ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 							ClientID: to.Ptr("clientid"),
	// 						},
	// 						WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 							AdminUsername: to.Ptr("azureuser"),
	// 						},
	// 					},
	// 				}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_DualStackNetworking.json
 */
async function createOrUpdateManagedClusterWithDualStackNetworking() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    addonProfiles: {},
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        availabilityZones: ["1", "2", "3"],
        count: 3,
        enableNodePublicIP: true,
        mode: "System",
        osType: "Linux",
        scaleDownMode: "Deallocate",
        vmSize: "Standard_DS1_v2",
      },
    ],
    autoScalerProfile: {
      balanceSimilarNodeGroups: "true",
      expander: "priority",
      maxNodeProvisionTime: "15m",
      newPodScaleUpDelay: "1m",
      scaleDownDelayAfterAdd: "15m",
      scanInterval: "20s",
      skipNodesWithSystemPods: "false",
    },
    diskEncryptionSetID:
      "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    dnsPrefix: "dnsprefix1",
    enablePodSecurityPolicy: true,
    enableRbac: true,
    identity: {
      type: "UserAssigned",
      userAssignedIdentities: {
        "/subscriptions/subid1/resourceGroups/rgName1/providers/MicrosoftManagedIdentity/userAssignedIdentities/identity1":
          {},
      },
    },
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      ipFamilies: ["IPv4", "IPv6"],
      loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
      loadBalancerSku: "standard",
      outboundType: "loadBalancer",
    },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.22.1",
    "currentKubernetesVersion": "1.22.1",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.22.1",
        "currentOrchestratorVersion": "1.22.1",
        "type": "VirtualMachineScaleSets",
        "scaleDownMode": "Deallocate",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16",
        "fd11:1234::/64"
      ],
      "serviceCidrs": [
        "10.0.0.0/16",
        "fd00:1234::/108"
      ],
      "ipFamilies": [
        "IPv4",
        "IPv6"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2,
          "countIPv6": 1
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip3-ipv6"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "balance-similar-node-groups": "true",
      "expander": "priority",
      "max-node-provision-time": "15m",
      "new-pod-scale-up-delay": "1m",
      "scale-down-delay-after-add": "15m",
      "scan-interval": "20s",
      "skip-nodes-with-system-pods": "false"
    }
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
        "principalId": "principalId1",
        "clientId": "clientId1"
      }
    }
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.22.1",
    "currentKubernetesVersion": "1.22.1",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.22.1",
        "currentOrchestratorVersion": "1.22.1",
        "type": "VirtualMachineScaleSets",
        "scaleDownMode": "Deallocate",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16",
        "fd11:1234::/64"
      ],
      "serviceCidrs": [
        "10.0.0.0/16",
        "fd00:1234::/108"
      ],
      "ipFamilies": [
        "IPv4",
        "IPv6"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2,
          "countIPv6": 1
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip3-ipv6"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
        "principalId": "principalId1",
        "clientId": "clientId1"
      }
    }
  }
}

Create/Update Managed Cluster with EnableAHUB

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$",
      "licenseType": "Windows_Server"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
    }
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LicenseType;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.ManagedServiceIdentityUserAssignedIdentitiesValue;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ResourceIdentityType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_UpdateWithAHUB.json
     */
    /**
     * Sample code: Create/Update Managed Cluster with EnableAHUB.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createUpdateManagedClusterWithEnableAHUB(com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withIdentity(
                        new ManagedClusterIdentity()
                            .withType(ResourceIdentityType.USER_ASSIGNED)
                            .withUserAssignedIdentities(
                                mapOf(
                                    "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1",
                                    new ManagedServiceIdentityUserAssignedIdentitiesValue())))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS1_v2")
                                    .withOsType(OSType.LINUX)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withAvailabilityZones(Arrays.asList("1", "2", "3"))
                                    .withEnableNodePublicIp(true)
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder")
                            .withLicenseType(LicenseType.WINDOWS_SERVER))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(mapOf())
                    .withEnableRbac(true)
                    .withEnablePodSecurityPolicy(true)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.LOAD_BALANCER)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withLoadBalancerProfile(
                                new ManagedClusterLoadBalancerProfile()
                                    .withManagedOutboundIPs(
                                        new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m"))
                    .withDiskEncryptionSetId(
                        "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_update_with_ahub.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "identity": {
                "type": "UserAssigned",
                "userAssignedIdentities": {
                    "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
                },
            },
            "location": "location1",
            "properties": {
                "addonProfiles": {},
                "agentPoolProfiles": [
                    {
                        "availabilityZones": ["1", "2", "3"],
                        "count": 3,
                        "enableNodePublicIP": True,
                        "mode": "System",
                        "name": "nodepool1",
                        "osType": "Linux",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS1_v2",
                    }
                ],
                "autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
                "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
                "dnsPrefix": "dnsprefix1",
                "enablePodSecurityPolicy": True,
                "enableRBAC": True,
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
                    "loadBalancerSku": "standard",
                    "outboundType": "loadBalancer",
                },
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "windowsProfile": {
                    "adminPassword": "replacePassword1234$",
                    "adminUsername": "azureuser",
                    "licenseType": "Windows_Server",
                },
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_UpdateWithAHUB.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_UpdateWithAHUB.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedClusterWithEnableAhub() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Identity: &armcontainerservice.ManagedClusterIdentity{
			Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
			UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
				"/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {},
			},
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					AvailabilityZones: []*string{
						to.Ptr("1"),
						to.Ptr("2"),
						to.Ptr("3")},
					Count:              to.Ptr[int32](3),
					EnableNodePublicIP: to.Ptr(true),
					Mode:               to.Ptr(armcontainerservice.AgentPoolModeSystem),
					OSType:             to.Ptr(armcontainerservice.OSTypeLinux),
					VMSize:             to.Ptr("Standard_DS1_v2"),
					Name:               to.Ptr("nodepool1"),
				}},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				ScaleDownDelayAfterAdd: to.Ptr("15m"),
				ScanInterval:           to.Ptr("20s"),
			},
			DiskEncryptionSetID:     to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
			DNSPrefix:               to.Ptr("dnsprefix1"),
			EnablePodSecurityPolicy: to.Ptr(true),
			EnableRBAC:              to.Ptr(true),
			KubernetesVersion:       to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
						Count: to.Ptr[int32](2),
					},
				},
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
				LicenseType:   to.Ptr(armcontainerservice.LicenseTypeWindowsServer),
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Identity: &armcontainerservice.ManagedClusterIdentity{
	// 		Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
	// 		UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
	// 			"/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": &armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
	// 				ClientID: to.Ptr("clientId1"),
	// 				PrincipalID: to.Ptr("principalId1"),
	// 			},
	// 		},
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				AvailabilityZones: []*string{
	// 					to.Ptr("1"),
	// 					to.Ptr("2"),
	// 					to.Ptr("3")},
	// 					Count: to.Ptr[int32](3),
	// 					CurrentOrchestratorVersion: to.Ptr("1.9.6"),
	// 					EnableNodePublicIP: to.Ptr(true),
	// 					MaxPods: to.Ptr[int32](110),
	// 					Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 					NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 					OrchestratorVersion: to.Ptr("1.9.6"),
	// 					OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 					ProvisioningState: to.Ptr("Succeeded"),
	// 					VMSize: to.Ptr("Standard_DS1_v2"),
	// 					Name: to.Ptr("nodepool1"),
	// 			}},
	// 			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 				ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 				ScanInterval: to.Ptr("20s"),
	// 			},
	// 			CurrentKubernetesVersion: to.Ptr("1.9.6"),
	// 			DiskEncryptionSetID: to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
	// 			DNSPrefix: to.Ptr("dnsprefix1"),
	// 			EnablePodSecurityPolicy: to.Ptr(true),
	// 			EnableRBAC: to.Ptr(true),
	// 			Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
	// 			KubernetesVersion: to.Ptr("1.9.6"),
	// 			LinuxProfile: &armcontainerservice.LinuxProfile{
	// 				AdminUsername: to.Ptr("azureuser"),
	// 				SSH: &armcontainerservice.SSHConfiguration{
	// 					PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 						{
	// 							KeyData: to.Ptr("keydata"),
	// 					}},
	// 				},
	// 			},
	// 			MaxAgentPools: to.Ptr[int32](1),
	// 			NetworkProfile: &armcontainerservice.NetworkProfile{
	// 				DNSServiceIP: to.Ptr("10.0.0.10"),
	// 				IPFamilies: []*armcontainerservice.IPFamily{
	// 					to.Ptr(armcontainerservice.IPFamilyIPv4)},
	// 					LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
	// 						AllocatedOutboundPorts: to.Ptr[int32](2000),
	// 						EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 							{
	// 								ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 							},
	// 							{
	// 								ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 						}},
	// 						IdleTimeoutInMinutes: to.Ptr[int32](10),
	// 						ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
	// 							Count: to.Ptr[int32](2),
	// 						},
	// 					},
	// 					LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 					NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 					OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
	// 					PodCidr: to.Ptr("10.244.0.0/16"),
	// 					PodCidrs: []*string{
	// 						to.Ptr("10.244.0.0/16")},
	// 						ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 						ServiceCidrs: []*string{
	// 							to.Ptr("10.0.0.0/16")},
	// 						},
	// 						NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 						ProvisioningState: to.Ptr("Succeeded"),
	// 						ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 							ClientID: to.Ptr("clientid"),
	// 						},
	// 						WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 							AdminUsername: to.Ptr("azureuser"),
	// 							LicenseType: to.Ptr(armcontainerservice.LicenseTypeWindowsServer),
	// 						},
	// 					},
	// 				}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_UpdateWithAHUB.json
 */
async function createOrUpdateManagedClusterWithEnableAhub() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    addonProfiles: {},
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        availabilityZones: ["1", "2", "3"],
        count: 3,
        enableNodePublicIP: true,
        mode: "System",
        osType: "Linux",
        vmSize: "Standard_DS1_v2",
      },
    ],
    autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
    diskEncryptionSetID:
      "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    dnsPrefix: "dnsprefix1",
    enablePodSecurityPolicy: true,
    enableRbac: true,
    identity: {
      type: "UserAssigned",
      userAssignedIdentities: {
        "/subscriptions/subid1/resourceGroups/rgName1/providers/MicrosoftManagedIdentity/userAssignedIdentities/identity1":
          {},
      },
    },
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
      loadBalancerSku: "standard",
      outboundType: "loadBalancer",
    },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
      licenseType: "Windows_Server",
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "licenseType": "Windows_Server"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
        "principalId": "principalId1",
        "clientId": "clientId1"
      }
    }
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "licenseType": "Windows_Server"
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
        "principalId": "principalId1",
        "clientId": "clientId1"
      }
    }
  }
}

Create/Update Managed Cluster with Windows gMSA enabled

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2023-08-01

{
  "location": "location1",
  "tags": {
    "tier": "production",
    "archv2": ""
  },
  "sku": {
    "name": "Basic",
    "tier": "Free"
  },
  "properties": {
    "kubernetesVersion": "",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "osType": "Linux",
        "type": "VirtualMachineScaleSets",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "networkProfile": {
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "loadBalancerProfile": {
        "managedOutboundIPs": {
          "count": 2
        }
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "adminPassword": "replacePassword1234$",
      "gmsaProfile": {
        "enabled": true
      }
    },
    "servicePrincipalProfile": {
      "clientId": "clientid",
      "secret": "secret"
    },
    "addonProfiles": {},
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
    }
  }
}

Java

import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.ManagedServiceIdentityUserAssignedIdentitiesValue;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ResourceIdentityType;
import com.azure.resourcemanager.containerservice.models.WindowsGmsaProfile;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/** Samples for ManagedClusters CreateOrUpdate. */
public final class Main {
    /*
     * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_UpdateWindowsGmsa.json
     */
    /**
     * Sample code: Create/Update Managed Cluster with Windows gMSA enabled.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createUpdateManagedClusterWithWindowsGMSAEnabled(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure
            .kubernetesClusters()
            .manager()
            .serviceClient()
            .getManagedClusters()
            .createOrUpdate(
                "rg1",
                "clustername1",
                new ManagedClusterInner()
                    .withLocation("location1")
                    .withTags(mapOf("archv2", "", "tier", "production"))
                    .withSku(
                        new ManagedClusterSku()
                            .withName(ManagedClusterSkuName.fromString("Basic"))
                            .withTier(ManagedClusterSkuTier.FREE))
                    .withIdentity(
                        new ManagedClusterIdentity()
                            .withType(ResourceIdentityType.USER_ASSIGNED)
                            .withUserAssignedIdentities(
                                mapOf(
                                    "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1",
                                    new ManagedServiceIdentityUserAssignedIdentitiesValue())))
                    .withKubernetesVersion("")
                    .withDnsPrefix("dnsprefix1")
                    .withAgentPoolProfiles(
                        Arrays
                            .asList(
                                new ManagedClusterAgentPoolProfile()
                                    .withCount(3)
                                    .withVmSize("Standard_DS1_v2")
                                    .withOsType(OSType.LINUX)
                                    .withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
                                    .withMode(AgentPoolMode.SYSTEM)
                                    .withAvailabilityZones(Arrays.asList("1", "2", "3"))
                                    .withEnableNodePublicIp(true)
                                    .withName("nodepool1")))
                    .withLinuxProfile(
                        new ContainerServiceLinuxProfile()
                            .withAdminUsername("azureuser")
                            .withSsh(
                                new ContainerServiceSshConfiguration()
                                    .withPublicKeys(
                                        Arrays
                                            .asList(
                                                new ContainerServiceSshPublicKey()
                                                    .withKeyData("fakeTokenPlaceholder")))))
                    .withWindowsProfile(
                        new ManagedClusterWindowsProfile()
                            .withAdminUsername("azureuser")
                            .withAdminPassword("fakeTokenPlaceholder")
                            .withGmsaProfile(new WindowsGmsaProfile().withEnabled(true)))
                    .withServicePrincipalProfile(
                        new ManagedClusterServicePrincipalProfile()
                            .withClientId("clientid")
                            .withSecret("fakeTokenPlaceholder"))
                    .withAddonProfiles(mapOf())
                    .withEnableRbac(true)
                    .withEnablePodSecurityPolicy(true)
                    .withNetworkProfile(
                        new ContainerServiceNetworkProfile()
                            .withOutboundType(OutboundType.LOAD_BALANCER)
                            .withLoadBalancerSku(LoadBalancerSku.STANDARD)
                            .withLoadBalancerProfile(
                                new ManagedClusterLoadBalancerProfile()
                                    .withManagedOutboundIPs(
                                        new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
                    .withAutoScalerProfile(
                        new ManagedClusterPropertiesAutoScalerProfile()
                            .withScanInterval("20s")
                            .withScaleDownDelayAfterAdd("15m"))
                    .withDiskEncryptionSetId(
                        "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
                com.azure.core.util.Context.NONE);
    }

    // Use "Map.of" if available
    @SuppressWarnings("unchecked")
    private static <T> Map<String, T> mapOf(Object... inputs) {
        Map<String, T> map = new HashMap<>();
        for (int i = 0; i < inputs.length; i += 2) {
            String key = (String) inputs[i];
            T value = (T) inputs[i + 1];
            map.put(key, value);
        }
        return map;
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-containerservice
# USAGE
    python managed_clusters_create_update_windows_gmsa.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ContainerServiceClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid1",
    )

    response = client.managed_clusters.begin_create_or_update(
        resource_group_name="rg1",
        resource_name="clustername1",
        parameters={
            "identity": {
                "type": "UserAssigned",
                "userAssignedIdentities": {
                    "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
                },
            },
            "location": "location1",
            "properties": {
                "addonProfiles": {},
                "agentPoolProfiles": [
                    {
                        "availabilityZones": ["1", "2", "3"],
                        "count": 3,
                        "enableNodePublicIP": True,
                        "mode": "System",
                        "name": "nodepool1",
                        "osType": "Linux",
                        "type": "VirtualMachineScaleSets",
                        "vmSize": "Standard_DS1_v2",
                    }
                ],
                "autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
                "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
                "dnsPrefix": "dnsprefix1",
                "enablePodSecurityPolicy": True,
                "enableRBAC": True,
                "kubernetesVersion": "",
                "linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
                "networkProfile": {
                    "loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
                    "loadBalancerSku": "standard",
                    "outboundType": "loadBalancer",
                },
                "servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
                "windowsProfile": {
                    "adminPassword": "replacePassword1234$",
                    "adminUsername": "azureuser",
                    "gmsaProfile": {"enabled": True},
                },
            },
            "sku": {"name": "Basic", "tier": "Free"},
            "tags": {"archv2": "", "tier": "production"},
        },
    ).result()
    print(response)


# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_UpdateWindowsGmsa.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armcontainerservice_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/0a25ea9680cf080b7d34e8c5f35f564425c6b1f7/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_UpdateWindowsGmsa.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedClusterWithWindowsGMsaEnabled() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
		Location: to.Ptr("location1"),
		Tags: map[string]*string{
			"archv2": to.Ptr(""),
			"tier":   to.Ptr("production"),
		},
		Identity: &armcontainerservice.ManagedClusterIdentity{
			Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
			UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
				"/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {},
			},
		},
		Properties: &armcontainerservice.ManagedClusterProperties{
			AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
			AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
				{
					Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
					AvailabilityZones: []*string{
						to.Ptr("1"),
						to.Ptr("2"),
						to.Ptr("3")},
					Count:              to.Ptr[int32](3),
					EnableNodePublicIP: to.Ptr(true),
					Mode:               to.Ptr(armcontainerservice.AgentPoolModeSystem),
					OSType:             to.Ptr(armcontainerservice.OSTypeLinux),
					VMSize:             to.Ptr("Standard_DS1_v2"),
					Name:               to.Ptr("nodepool1"),
				}},
			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
				ScaleDownDelayAfterAdd: to.Ptr("15m"),
				ScanInterval:           to.Ptr("20s"),
			},
			DiskEncryptionSetID:     to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
			DNSPrefix:               to.Ptr("dnsprefix1"),
			EnablePodSecurityPolicy: to.Ptr(true),
			EnableRBAC:              to.Ptr(true),
			KubernetesVersion:       to.Ptr(""),
			LinuxProfile: &armcontainerservice.LinuxProfile{
				AdminUsername: to.Ptr("azureuser"),
				SSH: &armcontainerservice.SSHConfiguration{
					PublicKeys: []*armcontainerservice.SSHPublicKey{
						{
							KeyData: to.Ptr("keydata"),
						}},
				},
			},
			NetworkProfile: &armcontainerservice.NetworkProfile{
				LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
					ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
						Count: to.Ptr[int32](2),
					},
				},
				LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
				OutboundType:    to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
			},
			ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
				ClientID: to.Ptr("clientid"),
				Secret:   to.Ptr("secret"),
			},
			WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
				AdminPassword: to.Ptr("replacePassword1234$"),
				AdminUsername: to.Ptr("azureuser"),
				GmsaProfile: &armcontainerservice.WindowsGmsaProfile{
					Enabled: to.Ptr(true),
				},
			},
		},
		SKU: &armcontainerservice.ManagedClusterSKU{
			Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
			Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.ManagedCluster = armcontainerservice.ManagedCluster{
	// 	Name: to.Ptr("clustername1"),
	// 	Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
	// 	ID: to.Ptr("/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
	// 	Location: to.Ptr("location1"),
	// 	Tags: map[string]*string{
	// 		"archv2": to.Ptr(""),
	// 		"tier": to.Ptr("production"),
	// 	},
	// 	Identity: &armcontainerservice.ManagedClusterIdentity{
	// 		Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
	// 		UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
	// 			"/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": &armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
	// 				ClientID: to.Ptr("clientId1"),
	// 				PrincipalID: to.Ptr("principalId1"),
	// 			},
	// 		},
	// 	},
	// 	Properties: &armcontainerservice.ManagedClusterProperties{
	// 		AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
	// 			{
	// 				Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
	// 				AvailabilityZones: []*string{
	// 					to.Ptr("1"),
	// 					to.Ptr("2"),
	// 					to.Ptr("3")},
	// 					Count: to.Ptr[int32](3),
	// 					CurrentOrchestratorVersion: to.Ptr("1.9.6"),
	// 					EnableNodePublicIP: to.Ptr(true),
	// 					MaxPods: to.Ptr[int32](110),
	// 					Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
	// 					NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
	// 					OrchestratorVersion: to.Ptr("1.9.6"),
	// 					OSType: to.Ptr(armcontainerservice.OSTypeLinux),
	// 					ProvisioningState: to.Ptr("Succeeded"),
	// 					VMSize: to.Ptr("Standard_DS1_v2"),
	// 					Name: to.Ptr("nodepool1"),
	// 			}},
	// 			AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
	// 				ScaleDownDelayAfterAdd: to.Ptr("15m"),
	// 				ScanInterval: to.Ptr("20s"),
	// 			},
	// 			CurrentKubernetesVersion: to.Ptr("1.9.6"),
	// 			DiskEncryptionSetID: to.Ptr("/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
	// 			DNSPrefix: to.Ptr("dnsprefix1"),
	// 			EnablePodSecurityPolicy: to.Ptr(true),
	// 			EnableRBAC: to.Ptr(true),
	// 			Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
	// 			KubernetesVersion: to.Ptr("1.9.6"),
	// 			LinuxProfile: &armcontainerservice.LinuxProfile{
	// 				AdminUsername: to.Ptr("azureuser"),
	// 				SSH: &armcontainerservice.SSHConfiguration{
	// 					PublicKeys: []*armcontainerservice.SSHPublicKey{
	// 						{
	// 							KeyData: to.Ptr("keydata"),
	// 					}},
	// 				},
	// 			},
	// 			MaxAgentPools: to.Ptr[int32](1),
	// 			NetworkProfile: &armcontainerservice.NetworkProfile{
	// 				DNSServiceIP: to.Ptr("10.0.0.10"),
	// 				IPFamilies: []*armcontainerservice.IPFamily{
	// 					to.Ptr(armcontainerservice.IPFamilyIPv4)},
	// 					LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
	// 						AllocatedOutboundPorts: to.Ptr[int32](2000),
	// 						EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
	// 							{
	// 								ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
	// 							},
	// 							{
	// 								ID: to.Ptr("/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
	// 						}},
	// 						IdleTimeoutInMinutes: to.Ptr[int32](10),
	// 						ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
	// 							Count: to.Ptr[int32](2),
	// 						},
	// 					},
	// 					LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
	// 					NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
	// 					OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
	// 					PodCidr: to.Ptr("10.244.0.0/16"),
	// 					PodCidrs: []*string{
	// 						to.Ptr("10.244.0.0/16")},
	// 						ServiceCidr: to.Ptr("10.0.0.0/16"),
	// 						ServiceCidrs: []*string{
	// 							to.Ptr("10.0.0.0/16")},
	// 						},
	// 						NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
	// 						ProvisioningState: to.Ptr("Succeeded"),
	// 						ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
	// 							ClientID: to.Ptr("clientid"),
	// 						},
	// 						WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
	// 							AdminUsername: to.Ptr("azureuser"),
	// 							GmsaProfile: &armcontainerservice.WindowsGmsaProfile{
	// 								Enabled: to.Ptr(true),
	// 							},
	// 						},
	// 					},
	// 				}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates a managed cluster.
 *
 * @summary Creates or updates a managed cluster.
 * x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-08-01/examples/ManagedClustersCreate_UpdateWindowsGmsa.json
 */
async function createOrUpdateManagedClusterWithWindowsGMsaEnabled() {
  const subscriptionId = process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "subid1";
  const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
  const resourceName = "clustername1";
  const parameters = {
    addonProfiles: {},
    agentPoolProfiles: [
      {
        name: "nodepool1",
        type: "VirtualMachineScaleSets",
        availabilityZones: ["1", "2", "3"],
        count: 3,
        enableNodePublicIP: true,
        mode: "System",
        osType: "Linux",
        vmSize: "Standard_DS1_v2",
      },
    ],
    autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
    diskEncryptionSetID:
      "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    dnsPrefix: "dnsprefix1",
    enablePodSecurityPolicy: true,
    enableRbac: true,
    identity: {
      type: "UserAssigned",
      userAssignedIdentities: {
        "/subscriptions/subid1/resourceGroups/rgName1/providers/MicrosoftManagedIdentity/userAssignedIdentities/identity1":
          {},
      },
    },
    kubernetesVersion: "",
    linuxProfile: {
      adminUsername: "azureuser",
      ssh: { publicKeys: [{ keyData: "keydata" }] },
    },
    location: "location1",
    networkProfile: {
      loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
      loadBalancerSku: "standard",
      outboundType: "loadBalancer",
    },
    servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
    sku: { name: "Basic", tier: "Free" },
    tags: { archv2: "", tier: "production" },
    windowsProfile: {
      adminPassword: "replacePassword1234$",
      adminUsername: "azureuser",
      gmsaProfile: { enabled: true },
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new ContainerServiceClient(credential, subscriptionId);
  const result = await client.managedClusters.beginCreateOrUpdateAndWait(
    resourceGroupName,
    resourceName,
    parameters
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Succeeded",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Succeeded",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System",
        "nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "gmsaProfile": {
        "enabled": true
      }
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
    "networkProfile": {
      "loadBalancerSku": "basic",
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
        "principalId": "principalId1",
        "clientId": "clientId1"
      }
    }
  }
}

Status code:

201

{
  "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
  "location": "location1",
  "name": "clustername1",
  "tags": {
    "archv2": "",
    "tier": "production"
  },
  "type": "Microsoft.ContainerService/ManagedClusters",
  "properties": {
    "provisioningState": "Creating",
    "maxAgentPools": 1,
    "kubernetesVersion": "1.9.6",
    "currentKubernetesVersion": "1.9.6",
    "dnsPrefix": "dnsprefix1",
    "agentPoolProfiles": [
      {
        "name": "nodepool1",
        "count": 3,
        "vmSize": "Standard_DS1_v2",
        "maxPods": 110,
        "osType": "Linux",
        "provisioningState": "Creating",
        "orchestratorVersion": "1.9.6",
        "currentOrchestratorVersion": "1.9.6",
        "type": "VirtualMachineScaleSets",
        "availabilityZones": [
          "1",
          "2",
          "3"
        ],
        "enableNodePublicIP": true,
        "mode": "System"
      }
    ],
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "keydata"
          }
        ]
      }
    },
    "windowsProfile": {
      "adminUsername": "azureuser",
      "gmsaProfile": {
        "enabled": true
      }
    },
    "servicePrincipalProfile": {
      "clientId": "clientid"
    },
    "nodeResourceGroup": "MC_rg1_clustername1_location1",
    "enableRBAC": true,
    "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
    "enablePodSecurityPolicy": true,
    "networkProfile": {
      "networkPlugin": "kubenet",
      "podCidr": "10.244.0.0/16",
      "serviceCidr": "10.0.0.0/16",
      "dnsServiceIP": "10.0.0.10",
      "loadBalancerSku": "standard",
      "outboundType": "loadBalancer",
      "podCidrs": [
        "10.244.0.0/16"
      ],
      "serviceCidrs": [
        "10.0.0.0/16"
      ],
      "ipFamilies": [
        "IPv4"
      ],
      "loadBalancerProfile": {
        "allocatedOutboundPorts": 2000,
        "idleTimeoutInMinutes": 10,
        "managedOutboundIPs": {
          "count": 2
        },
        "effectiveOutboundIPs": [
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
          },
          {
            "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
          }
        ]
      }
    },
    "autoScalerProfile": {
      "scan-interval": "20s",
      "scale-down-delay-after-add": "15m"
    }
  },
  "identity": {
    "type": "UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/subid1/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
        "principalId": "principalId1",
        "clientId": "clientId1"
      }
    }
  }
}

Definitions

Name	Description
AgentPoolMode	The mode of an agent pool.
AgentPoolType	The type of Agent Pool.
AgentPoolUpgradeSettings	Settings for upgrading an agentpool
AutoScalerProfile	Parameters to be applied to the cluster-autoscaler when enabled
AzureKeyVaultKms	Azure Key Vault key management service settings for the security profile.
CloudError	An error response from the Container service.
CloudErrorBody	An error response from the Container service.
ClusterUpgradeSettings	Settings for upgrading a cluster.
code	Tells whether the cluster is Running or Stopped
ContainerServiceLinuxProfile	Profile for Linux VMs in the container service cluster.
ContainerServiceNetworkProfile	Profile of network configuration.
ContainerServiceSshConfiguration	SSH configuration for Linux-based VMs running on Azure.
ContainerServiceSshPublicKey	Contains information about SSH certificate public key data.
createdByType	The type of identity that created the resource.
CreationData	Data used when creating a target resource from a source resource.
DelegatedResource	Delegated resource properties - internal use only.
expander	The expander to use when scaling up
ExtendedLocation	The complex type of the extended location.
ExtendedLocationTypes	The type of the extended location.
GPUInstanceProfile	GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.
Identity	Identity for the resource.
ipFamily	The IP families used to specify IP versions available to the cluster.
IstioCertificateAuthority	Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described here https://aka.ms/asm-plugin-ca
IstioComponents	Istio components configuration.
IstioEgressGateway	Istio egress gateway configuration.
IstioIngressGateway	Istio ingress gateway configuration. For now, we support up to one external ingress gateway named aks-istio-ingressgateway-external and one internal ingress gateway named aks-istio-ingressgateway-internal.
IstioIngressGatewayMode	Mode of an ingress gateway.
IstioPluginCertificateAuthority	Plugin certificates information for Service Mesh.
IstioServiceMesh	Istio service mesh configuration.
KeyVaultNetworkAccessTypes	Network access of the key vault
KubeletConfig	Kubelet configurations of agent nodes.
KubeletDiskType	Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.
KubernetesSupportPlan	Different support tiers for AKS managed clusters
licenseType	The license type to use for Windows VMs. See Azure Hybrid User Benefits for more details.
LinuxOSConfig	OS configurations of Linux agent nodes.
loadBalancerSku	The load balancer sku for the managed cluster.
ManagedCluster	Managed cluster.
ManagedClusterAADProfile	AADProfile specifies attributes for Azure Active Directory integration.
ManagedClusterAddonProfile	A Kubernetes add-on profile for a managed cluster.
ManagedClusterAgentPoolProfile	Profile for the container service agent pool.
ManagedClusterAPIServerAccessProfile	Access profile for managed cluster API server.
ManagedClusterAutoUpgradeProfile	Auto upgrade profile for a managed cluster.
ManagedClusterAzureMonitorProfile	Azure Monitor addon profiles for monitoring the managed cluster.
ManagedClusterAzureMonitorProfileKubeStateMetrics	Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for details.
ManagedClusterAzureMonitorProfileMetrics	Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus for an overview.
ManagedClusterHTTPProxyConfig	Cluster HTTP proxy configuration.
ManagedClusterIdentity	Identity for the managed cluster.
ManagedClusterLoadBalancerProfile	Profile of the managed cluster load balancer.
ManagedClusterManagedOutboundIPProfile	Profile of the managed outbound IP resources of the managed cluster.
ManagedClusterNATGatewayProfile	Profile of the managed cluster NAT gateway.
ManagedClusterOIDCIssuerProfile	The OIDC issuer profile of the Managed Cluster.
ManagedClusterPodIdentity	Details about the pod identity assigned to the Managed Cluster.
ManagedClusterPodIdentityException	A pod identity exception, which allows pods with certain labels to access the Azure Instance Metadata Service (IMDS) endpoint without being intercepted by the node-managed identity (NMI) server.
ManagedClusterPodIdentityProfile	The pod identity profile of the Managed Cluster.
ManagedClusterPodIdentityProvisioningError	An error response from the pod identity provisioning.
ManagedClusterPodIdentityProvisioningErrorBody	An error response from the pod identity provisioning.
ManagedClusterPodIdentityProvisioningState	The current provisioning state of the pod identity.
ManagedClusterSecurityProfile	Security profile for the container service cluster.
ManagedClusterSecurityProfileDefender	Microsoft Defender settings for the security profile.
ManagedClusterSecurityProfileDefenderSecurityMonitoring	Microsoft Defender settings for the security profile threat detection.
ManagedClusterSecurityProfileImageCleaner	Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here are settings for the security profile.
ManagedClusterSecurityProfileWorkloadIdentity	Workload identity settings for the security profile.
ManagedClusterServicePrincipalProfile	Information about a service principal identity for the cluster to use for manipulating Azure APIs.
ManagedClusterSKU	The SKU of a Managed Cluster.
ManagedClusterSKUName	The name of a managed cluster SKU.
ManagedClusterSKUTier	The tier of a managed cluster SKU.
ManagedClusterStorageProfile	Storage profile for the container service cluster.
ManagedClusterStorageProfileBlobCSIDriver	AzureBlob CSI Driver settings for the storage profile.
ManagedClusterStorageProfileDiskCSIDriver	AzureDisk CSI Driver settings for the storage profile.
ManagedClusterStorageProfileFileCSIDriver	AzureFile CSI Driver settings for the storage profile.
ManagedClusterStorageProfileSnapshotController	Snapshot Controller settings for the storage profile.
ManagedClusterWindowsProfile	Profile for Windows VMs in the managed cluster.
ManagedClusterWorkloadAutoScalerProfile	Workload Auto-scaler profile for the managed cluster.
ManagedClusterWorkloadAutoScalerProfileKeda	KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.
ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler	VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.
ManagedOutboundIPs	Desired managed outbound IPs for the cluster load balancer.
networkDataplane	Network dataplane used in the Kubernetes cluster.
networkMode	The network mode Azure CNI is configured with.
NetworkPlugin	Network plugin used for building the Kubernetes network.
NetworkPluginMode	The mode the network plugin should use.
NetworkPolicy	Network policy used for building the Kubernetes network.
nodeOSUpgradeChannel	Node OS Upgrade Channel
OSDiskType	The OS disk type to be used for machines in the agent pool.
OSSKU	Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows.
OSType	The operating system type. The default is Linux.
OutboundIPPrefixes	Desired outbound IP Prefix resources for the cluster load balancer.
OutboundIPs	Desired outbound IP resources for the cluster load balancer.
outboundType	The outbound (egress) routing method.
PowerState	Describes the Power State of the cluster
PrivateLinkResource	A private link resource
ProvisioningInfo
PublicNetworkAccess	PublicNetworkAccess of the managedCluster
ResourceIdentityType	The type of identity used for the managed cluster.
ResourceReference	A reference to an Azure resource.
ScaleDownMode	Describes how VMs are added to or removed from Agent Pools. See billing states.
ScaleSetEvictionPolicy	The Virtual Machine Scale Set eviction policy.
ScaleSetPriority	The Virtual Machine Scale Set priority.
ServiceMeshMode	Mode of the service mesh.
ServiceMeshProfile	Service mesh profile for a managed cluster.
SysctlConfig	Sysctl settings for Linux agent nodes.
systemData	Metadata pertaining to creation and last modification of the resource.
upgradeChannel	The upgrade channel for auto upgrade. The default is 'none'.
UpgradeOverrideSettings	Settings for overrides when upgrading a cluster.
UserAssignedIdentities	The user identity associated with the managed cluster. This identity will be used in control plane. Only one user assigned identity is allowed.
UserAssignedIdentity	Details about a user assigned identity.
WindowsGmsaProfile	Windows gMSA Profile in the managed cluster.
WorkloadRuntime	Determines the type of workload a node can run.

AgentPoolMode

The mode of an agent pool.

Name	Type	Description
System	string	System agent pools are primarily for hosting critical system pods such as CoreDNS and metrics-server. System agent pools osType must be Linux. System agent pools VM SKU must have at least 2vCPUs and 4GB of memory.
User	string	User agent pools are primarily for hosting your application pods.

AgentPoolType

The type of Agent Pool.

Name	Type	Description
AvailabilitySet	string	Use of this is strongly discouraged.
VirtualMachineScaleSets	string	Create an Agent Pool backed by a Virtual Machine Scale Set.

AgentPoolUpgradeSettings

Settings for upgrading an agentpool

Name	Type	Description
drainTimeoutInMinutes	integer	The drain timeout for a node The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not specified, the default is 30 minutes.
maxSurge	string	The maximum number or percentage of nodes that are surged during upgrade. This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 1. For more information, including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade

AutoScalerProfile

Parameters to be applied to the cluster-autoscaler when enabled

Name	Type	Description
balance-similar-node-groups	string	Detects similar node pools and balances the number of nodes between them. Valid values are 'true' and 'false'
expander	expander	The expander to use when scaling up If not specified, the default is 'random'. See expanders for more information.
max-empty-bulk-delete	string	The maximum number of empty nodes that can be deleted at the same time. This must be a positive integer. The default is 10.
max-graceful-termination-sec	string	The maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. The default is 600.
max-node-provision-time	string	The maximum time the autoscaler waits for a node to be provisioned. The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.
max-total-unready-percentage	string	The maximum percentage of unready nodes in the cluster. After this percentage is exceeded, cluster autoscaler halts operations. The default is 45. The maximum is 100 and the minimum is 0.
new-pod-scale-up-delay	string	Ignore unscheduled pods before they're a certain age. For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc).
ok-total-unready-count	string	The number of allowed unready nodes, irrespective of max-total-unready-percentage. This must be an integer. The default is 3.
scale-down-delay-after-add	string	How long after scale up that scale down evaluation resumes The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.
scale-down-delay-after-delete	string	How long after node deletion that scale down evaluation resumes. The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.
scale-down-delay-after-failure	string	How long after scale down failure that scale down evaluation resumes. The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.
scale-down-unneeded-time	string	How long a node should be unneeded before it is eligible for scale down. The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.
scale-down-unready-time	string	How long an unready node should be unneeded before it is eligible for scale down The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.
scale-down-utilization-threshold	string	Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. The default is '0.5'.
scan-interval	string	How often cluster is reevaluated for scale up or down. The default is '10'. Values must be an integer number of seconds.
skip-nodes-with-local-storage	string	If cluster autoscaler will skip deleting nodes with pods with local storage, for example, EmptyDir or HostPath. The default is true.
skip-nodes-with-system-pods	string	If cluster autoscaler will skip deleting nodes with pods from kube-system (except for DaemonSet or mirror pods) The default is true.

AzureKeyVaultKms

Azure Key Vault key management service settings for the security profile.

Name	Type	Default Value	Description
enabled	boolean		Whether to enable Azure Key Vault key management service. The default is false.
keyId	string		Identifier of Azure Key Vault key. See key identifier format for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key identifier. When Azure Key Vault key management service is disabled, leave the field empty.
keyVaultNetworkAccess	KeyVaultNetworkAccessTypes	Public	Network access of the key vault Network access of key vault. The possible values are Public and Private. Public means the key vault allows public access from all networks. Private means the key vault disables public access and enables private link. The default value is Public.
keyVaultResourceId	string		Resource ID of key vault. When keyVaultNetworkAccess is Private, this field is required and must be a valid resource ID. When keyVaultNetworkAccess is Public, leave the field empty.

CloudError

An error response from the Container service.

Name	Type	Description
error	CloudErrorBody	Details about the error.

CloudErrorBody

An error response from the Container service.

Name	Type	Description
code	string	An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
details	CloudErrorBody[]	A list of additional details about the error.
message	string	A message describing the error, intended to be suitable for display in a user interface.
target	string	The target of the particular error. For example, the name of the property in error.

ClusterUpgradeSettings

Settings for upgrading a cluster.

Name	Type	Description
overrideSettings	UpgradeOverrideSettings	Settings for overrides.

code

Tells whether the cluster is Running or Stopped

Name	Type	Description
Running	string	The cluster is running.
Stopped	string	The cluster is stopped.

ContainerServiceLinuxProfile

Profile for Linux VMs in the container service cluster.

Name	Type	Description
adminUsername	string	The administrator username to use for Linux VMs.
ssh	ContainerServiceSshConfiguration	The SSH configuration for Linux-based VMs running on Azure.

ContainerServiceNetworkProfile

Profile of network configuration.

Name	Type	Default Value	Description
dnsServiceIP	string	10.0.0.10	An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr.
ipFamilies	ipFamily[]		The IP families used to specify IP versions available to the cluster. IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value is IPv4. For dual-stack, the expected values are IPv4 and IPv6.
loadBalancerProfile	ManagedClusterLoadBalancerProfile		Profile of the cluster load balancer.
loadBalancerSku	loadBalancerSku		The load balancer sku for the managed cluster. The default is 'standard'. See Azure Load Balancer SKUs for more information about the differences between load balancer SKUs.
natGatewayProfile	ManagedClusterNATGatewayProfile		Profile of the cluster NAT gateway.
networkDataplane	networkDataplane		Network dataplane used in the Kubernetes cluster.
networkMode	networkMode		The network mode Azure CNI is configured with. This cannot be specified if networkPlugin is anything other than 'azure'.
networkPlugin	NetworkPlugin	kubenet	Network plugin used for building the Kubernetes network.
networkPluginMode	NetworkPluginMode		The mode the network plugin should use.
networkPolicy	NetworkPolicy		Network policy used for building the Kubernetes network.
outboundType	outboundType	loadBalancer	The outbound (egress) routing method. This can only be set at cluster creation time and cannot be changed later. For more information see egress outbound type.
podCidr	string	10.244.0.0/16	A CIDR notation IP range from which to assign pod IPs when kubenet is used.
podCidrs	string[]		The CIDR notation IP ranges from which to assign pod IPs. One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking.
serviceCidr	string	10.0.0.0/16	A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges.
serviceCidrs	string[]		The CIDR notation IP ranges from which to assign service cluster IPs. One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. They must not overlap with any Subnet IP ranges.

ContainerServiceSshConfiguration

SSH configuration for Linux-based VMs running on Azure.

Name	Type	Description
publicKeys	ContainerServiceSshPublicKey[]	The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.

ContainerServiceSshPublicKey

Contains information about SSH certificate public key data.

Name	Type	Description
keyData	string	Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or without headers.

createdByType

The type of identity that created the resource.

Name	Type	Description
Application	string
Key	string
ManagedIdentity	string
User	string

CreationData

Data used when creating a target resource from a source resource.

Name	Type	Description
sourceResourceId	string	This is the ARM ID of the source object to be used to create the target object.

DelegatedResource

Delegated resource properties - internal use only.

Name	Type	Description
location	string	The source resource location - internal use only.
referralResource	string	The delegation id of the referral delegation (optional) - internal use only.
resourceId	string	The ARM resource id of the delegated resource - internal use only.
tenantId	string	The tenant id of the delegated resource - internal use only.

expander

The expander to use when scaling up

Name	Type	Description
least-waste	string	Selects the node group that will have the least idle CPU (if tied, unused memory) after scale-up. This is useful when you have different classes of nodes, for example, high CPU or high memory nodes, and only want to expand those when there are pending pods that need a lot of those resources.
most-pods	string	Selects the node group that would be able to schedule the most pods when scaling up. This is useful when you are using nodeSelector to make sure certain pods land on certain nodes. Note that this won't cause the autoscaler to select bigger nodes vs. smaller, as it can add multiple smaller nodes at once.
priority	string	Selects the node group that has the highest priority assigned by the user. It's configuration is described in more details here.
random	string	Used when you don't have a particular need for the node groups to scale differently.

ExtendedLocation

The complex type of the extended location.

Name	Type	Description
name	string	The name of the extended location.
type	ExtendedLocationTypes	The type of the extended location.

ExtendedLocationTypes

The type of the extended location.

Name	Type	Description
EdgeZone	string

GPUInstanceProfile

GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.

Name	Type	Description
MIG1g	string
MIG2g	string
MIG3g	string
MIG4g	string
MIG7g	string

Identity

Identity for the resource.

Name	Type	Description
principalId	string	The principal ID of resource identity.
tenantId	string	The tenant ID of resource.
type	ResourceIdentityType	The identity type.

ipFamily

The IP families used to specify IP versions available to the cluster.

Name	Type	Description
IPv4	string
IPv6	string

IstioCertificateAuthority

Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described here https://aka.ms/asm-plugin-ca

Name	Type	Description
plugin	IstioPluginCertificateAuthority	Plugin certificates information for Service Mesh.

IstioComponents

Istio components configuration.

Name	Type	Description
egressGateways	IstioEgressGateway[]	Istio egress gateways.
ingressGateways	IstioIngressGateway[]	Istio ingress gateways.

IstioEgressGateway

Istio egress gateway configuration.

Name	Type	Description
enabled	boolean	Whether to enable the egress gateway.
nodeSelector	object	NodeSelector for scheduling the egress gateway.

IstioIngressGateway

Istio ingress gateway configuration. For now, we support up to one external ingress gateway named aks-istio-ingressgateway-external and one internal ingress gateway named aks-istio-ingressgateway-internal.

Name	Type	Description
enabled	boolean	Whether to enable the ingress gateway.
mode	IstioIngressGatewayMode	Mode of an ingress gateway.

IstioIngressGatewayMode

Mode of an ingress gateway.

Name	Type	Description
External	string	The ingress gateway is assigned a public IP address and is publicly accessible.
Internal	string	The ingress gateway is assigned an internal IP address and cannot is accessed publicly.

IstioPluginCertificateAuthority

Plugin certificates information for Service Mesh.

Name	Type	Description
certChainObjectName	string	Certificate chain object name in Azure Key Vault.
certObjectName	string	Intermediate certificate object name in Azure Key Vault.
keyObjectName	string	Intermediate certificate private key object name in Azure Key Vault.
keyVaultId	string	The resource ID of the Key Vault.
rootCertObjectName	string	Root certificate object name in Azure Key Vault.

IstioServiceMesh

Istio service mesh configuration.

Name	Type	Description
certificateAuthority	IstioCertificateAuthority	Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described here https://aka.ms/asm-plugin-ca
components	IstioComponents	Istio components configuration.
revisions	string[]	The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: https://learn.microsoft.com/en-us/azure/aks/istio-upgrade

KeyVaultNetworkAccessTypes

Network access of the key vault

Name	Type	Description
Private	string
Public	string

KubeletConfig

Kubelet configurations of agent nodes.

Name	Type	Description
allowedUnsafeSysctls	string[]	Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in *).
containerLogMaxFiles	integer	The maximum number of container log files that can be present for a container. The number must be ≥ 2.
containerLogMaxSizeMB	integer	The maximum size (e.g. 10Mi) of container log file before it is rotated.
cpuCfsQuota	boolean	If CPU CFS quota enforcement is enabled for containers that specify CPU limits. The default is true.
cpuCfsQuotaPeriod	string	The CPU CFS quota period value. The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'.
cpuManagerPolicy	string	The CPU Manager policy to use. The default is 'none'. See Kubernetes CPU management policies for more information. Allowed values are 'none' and 'static'.
failSwapOn	boolean	If set to true it will make the Kubelet fail to start if swap is enabled on the node.
imageGcHighThreshold	integer	The percent of disk usage after which image garbage collection is always run. To disable image garbage collection, set to 100. The default is 85%
imageGcLowThreshold	integer	The percent of disk usage before which image garbage collection is never run. This cannot be set higher than imageGcHighThreshold. The default is 80%
podMaxPids	integer	The maximum number of processes per pod.
topologyManagerPolicy	string	The Topology Manager policy to use. For more information see Kubernetes Topology Manager. The default is 'none'. Allowed values are 'none', 'best-effort', 'restricted', and 'single-numa-node'.

KubeletDiskType

Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.

Name	Type	Description
OS	string	Kubelet will use the OS disk for its data.
Temporary	string	Kubelet will use the temporary disk for its data.

KubernetesSupportPlan

Different support tiers for AKS managed clusters

Name	Type	Description
AKSLongTermSupport	string	Support for the version extended past the KubernetesOfficial support of 1 year. AKS continues to patch CVEs for another 1 year, for a total of 2 years of support.
KubernetesOfficial	string	Support for the version is the same as for the open source Kubernetes offering. Official Kubernetes open source community support versions for 1 year after release.

licenseType

The license type to use for Windows VMs. See Azure Hybrid User Benefits for more details.

Name	Type	Description
None	string	No additional licensing is applied.
Windows_Server	string	Enables Azure Hybrid User Benefits for Windows VMs.

LinuxOSConfig

OS configurations of Linux agent nodes.

Name	Type	Description
swapFileSizeMB	integer	The size in MB of a swap file that will be created on each node.
sysctls	SysctlConfig	Sysctl settings for Linux agent nodes.
transparentHugePageDefrag	string	Whether the kernel should make aggressive use of memory compaction to make more hugepages available. Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is 'madvise'. For more information see Transparent Hugepages.
transparentHugePageEnabled	string	Whether transparent hugepages are enabled. Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more information see Transparent Hugepages.

loadBalancerSku

The load balancer sku for the managed cluster.

Name	Type	Description
basic	string	Use a basic Load Balancer with limited functionality.
standard	string	Use a a standard Load Balancer. This is the recommended Load Balancer SKU. For more information about on working with the load balancer in the managed cluster, see the standard Load Balancer article.

ManagedCluster

Managed cluster.

Name	Type	Description
extendedLocation	ExtendedLocation	The extended location of the Virtual Machine.
id	string	Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
identity	ManagedClusterIdentity	The identity of the managed cluster, if configured.
location	string	The geo-location where the resource lives
name	string	The name of the resource
properties.aadProfile	ManagedClusterAADProfile	AADProfile specifies attributes for Azure Active Directory integration. The Azure Active Directory configuration.
properties.addonProfiles	<string,  ManagedClusterAddonProfile>	The profile of managed cluster add-on.
properties.agentPoolProfiles	ManagedClusterAgentPoolProfile[]	The agent pool properties.
properties.apiServerAccessProfile	ManagedClusterAPIServerAccessProfile	The access profile for managed cluster API server.
properties.autoScalerProfile	AutoScalerProfi