Membuat atau memperbarui kluster terkelola.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}?api-version=2026-03-01
Parameter URI
| Nama |
Dalam |
Diperlukan |
Jenis |
Deskripsi |
|
resourceGroupName
|
path |
True
|
string
minLength: 1
maxLength: 90
|
Nama grup sumber daya. Nama tidak sensitif terhadap penggunaan huruf besar atau kecil.
|
|
resourceName
|
path |
True
|
string
minLength: 1
maxLength: 63
pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$
|
Nama sumber daya kluster terkelola.
|
|
subscriptionId
|
path |
True
|
string
(uuid)
|
ID langganan target. Nilainya harus sebuah UUID.
|
|
api-version
|
query |
True
|
string
minLength: 1
|
Versi API yang akan digunakan untuk operasi ini.
|
| Nama |
Diperlukan |
Jenis |
Deskripsi |
|
if-match
|
|
string
|
Permintaan hanya boleh dilanjutkan jika entitas cocok dengan string ini.
|
|
if-none-match
|
|
string
|
Permintaan hanya boleh dilanjutkan jika tidak ada entitas yang cocok dengan string ini.
|
Isi Permintaan
| Nama |
Diperlukan |
Jenis |
Deskripsi |
|
location
|
True
|
string
|
Lokasi geografis tempat sumber daya berada
|
|
extendedLocation
|
|
ExtendedLocation
|
Lokasi Komputer Virtual yang diperluas.
|
|
identity
|
|
ManagedClusterIdentity
|
Identitas kluster terkelola, jika dikonfigurasi.
|
|
kind
|
|
string
|
Ini terutama digunakan untuk mengekspos pengalaman UI yang berbeda di portal untuk berbagai jenis
|
|
properties.aadProfile
|
|
ManagedClusterAADProfile
|
Konfigurasi Azure Active Directory.
|
|
properties.addonProfiles
|
|
<string,
ManagedClusterAddonProfile>
|
Profil add-on kluster terkelola.
|
|
properties.agentPoolProfiles
|
|
ManagedClusterAgentPoolProfile[]
|
Properti kumpulan agen.
|
|
properties.aiToolchainOperatorProfile
|
|
ManagedClusterAIToolchainOperatorProfile
|
Pengaturan operator toolchain AI yang berlaku untuk seluruh kluster.
|
|
properties.apiServerAccessProfile
|
|
ManagedClusterAPIServerAccessProfile
|
Profil akses untuk server API kluster terkelola.
|
|
properties.autoScalerProfile
|
|
ManagedClusterPropertiesAutoScalerProfile
|
Parameter yang akan diterapkan ke penskala otomatis kluster saat diaktifkan
|
|
properties.autoUpgradeProfile
|
|
ManagedClusterAutoUpgradeProfile
|
Konfigurasi peningkatan otomatis.
|
|
properties.azureMonitorProfile
|
|
ManagedClusterAzureMonitorProfile
|
Profil addon Azure Monitor untuk memantau kluster terkelola.
|
|
properties.bootstrapProfile
|
|
ManagedClusterBootstrapProfile
|
Profil konfigurasi bootstrap kluster.
|
|
properties.disableLocalAccounts
|
|
boolean
|
Jika akun lokal harus dinonaktifkan pada Kluster Terkelola. Jika diatur ke true, mendapatkan kredensial statis akan dinonaktifkan untuk kluster ini. Ini hanya boleh digunakan pada Kluster Terkelola yang diaktifkan AAD. Untuk detail selengkapnya, lihat menonaktifkan akun lokal.
|
|
properties.diskEncryptionSetID
|
|
string
(arm-id)
|
ID Sumber Daya dari enkripsi disk yang diatur untuk digunakan untuk mengaktifkan enkripsi saat tidak aktif. Ini berbentuk: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft. Compute/diskEncryptionSets/{encryptionSetName}'
|
|
properties.dnsPrefix
|
|
string
|
Awalan DNS Dari Kluster Terkelola. Ini tidak dapat diperbarui setelah Kluster Terkelola dibuat.
|
|
properties.enableRBAC
|
|
boolean
|
Apakah akan mengaktifkan Role-Based Access Control Kubernetes.
|
|
properties.fqdnSubdomain
|
|
string
|
Subdomain FQDN dari kluster privat dengan zona dns privat kustom. Ini tidak dapat diperbarui setelah Kluster Terkelola dibuat.
|
|
properties.hostedSystemProfile
|
|
ManagedClusterHostedSystemProfile
|
Pengaturan untuk add-on sistem yang dihosting. Untuk informasi selengkapnya, lihat https://aka.ms/aks/automatic/systemcomponents .
|
|
properties.httpProxyConfig
|
|
ManagedClusterHTTPProxyConfig
|
Konfigurasi untuk menyediakan kluster dengan server proksi HTTP.
|
|
properties.identityProfile
|
|
<string,
UserAssignedIdentity>
|
Identitas pengguna yang terkait dengan kluster terkelola. Identitas ini akan digunakan oleh kubelet. Hanya satu identitas yang ditetapkan pengguna yang diizinkan. Satu-satunya kunci yang diterima adalah "kubeletidentity", dengan nilai "resourceId": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft. ManagedIdentity/userAssignedIdentities/{identityName}".
|
|
properties.ingressProfile
|
|
ManagedClusterIngressProfile
|
Profil Ingress untuk kluster terkelola.
|
|
properties.kubernetesVersion
|
|
string
|
Versi Kubernetes yang ditentukan oleh pengguna. Kedua versi patch <> major.minor.patch (misalnya 1.20.13) dan <> major.minor (misalnya 1,20) didukung. Ketika <> major.minor ditentukan, versi patch GA terbaru yang didukung dipilih secara otomatis. Memperbarui kluster dengan <> major.minor yang sama setelah dibuat (misalnya 1.14.x -> 1.14) tidak akan memicu peningkatan, bahkan jika versi patch yang lebih baru tersedia. Saat Anda meningkatkan kluster AKS yang didukung, versi minor Kubernetes tidak dapat dilewati. Semua peningkatan harus dilakukan secara berurutan dengan nomor versi utama. Misalnya, peningkatan antara 1.14.x -> 1.15.x atau 1.15.x -> 1.16.x diizinkan, namun 1.14.x -> 1.16.x tidak diizinkan. Lihat meningkatkan kluster AKS untuk detail selengkapnya.
|
|
properties.linuxProfile
|
|
ContainerServiceLinuxProfile
|
Profil untuk VM Linux di Kluster Terkelola.
|
|
properties.metricsProfile
|
|
ManagedClusterMetricsProfile
|
Konfigurasi metrik kluster opsional.
|
|
properties.networkProfile
|
|
ContainerServiceNetworkProfile
|
Profil konfigurasi jaringan.
|
|
properties.nodeProvisioningProfile
|
|
ManagedClusterNodeProvisioningProfile
|
Pengaturan provisi node yang berlaku untuk seluruh kluster.
|
|
properties.nodeResourceGroup
|
|
string
|
Nama grup sumber daya yang berisi simpul kumpulan agen.
|
|
properties.nodeResourceGroupProfile
|
|
ManagedClusterNodeResourceGroupProfile
|
Profil konfigurasi grup sumber daya simpul.
|
|
properties.oidcIssuerProfile
|
|
ManagedClusterOIDCIssuerProfile
|
Profil penerbit OIDC dari Kluster Terkelola.
|
|
properties.podIdentityProfile
|
|
ManagedClusterPodIdentityProfile
|
Profil identitas pod dari Kluster Terkelola. Lihat menggunakan identitas pod AAD untuk detail selengkapnya tentang integrasi identitas pod AAD.
|
|
properties.privateLinkResources
|
|
PrivateLinkResource[]
|
Sumber daya tautan privat yang terkait dengan kluster.
|
|
properties.publicNetworkAccess
|
|
PublicNetworkAccess
|
PublicNetworkAccess dari managedCluster. Mengizinkan atau menolak access jaringan publik untuk AKS
|
|
properties.securityProfile
|
|
ManagedClusterSecurityProfile
|
Profil keamanan untuk kluster terkelola.
|
|
properties.serviceMeshProfile
|
|
ServiceMeshProfile
|
Profil jala layanan untuk kluster terkelola.
|
|
properties.servicePrincipalProfile
|
|
ManagedClusterServicePrincipalProfile
|
Informasi tentang identitas perwakilan layanan untuk kluster yang akan digunakan untuk memanipulasi API Azure.
|
|
properties.status
|
|
ManagedClusterStatus
|
Berisi informasi baca-saja tentang Kluster Terkelola.
|
|
properties.storageProfile
|
|
ManagedClusterStorageProfile
|
Profil penyimpanan untuk kluster terkelola.
|
|
properties.supportPlan
|
|
KubernetesSupportPlan
|
Rencana dukungan untuk Kluster Terkelola. Jika tidak ditentukan, defaultnya adalah 'KubernetesOfficial'.
|
|
properties.upgradeSettings
|
|
ClusterUpgradeSettings
|
Pengaturan untuk memutakhirkan kluster.
|
|
properties.windowsProfile
|
|
ManagedClusterWindowsProfile
|
Profil untuk VM Windows di Kluster Terkelola.
|
|
properties.workloadAutoScalerProfile
|
|
ManagedClusterWorkloadAutoScalerProfile
|
Profil Auto-scaler beban kerja untuk kluster terkelola.
|
|
sku
|
|
ManagedClusterSKU
|
SKU kluster terkelola.
|
|
tags
|
|
object
|
Tag sumber daya.
|
Respons
| Nama |
Jenis |
Deskripsi |
|
200 OK
|
ManagedCluster
|
Operasi pembaruan 'ManagedCluster' sumber daya berhasil
|
|
201 Created
|
ManagedCluster
|
Operasi pembuatan 'ManagedCluster' sumber daya berhasil
Header
- Azure-AsyncOperation: string
- Retry-After: integer
|
|
Other Status Codes
|
ErrorResponse
|
Respons kesalahan tak terduga.
|
Keamanan
azure_auth
Alur OAuth2 Azure Active Directory.
Jenis:
oauth2
Alur:
implicit
URL Otorisasi:
https://login.microsoftonline.com/common/oauth2/authorize
Cakupan
| Nama |
Deskripsi |
|
user_impersonation
|
meniru akun pengguna Anda
|
Contoh
Create Managed Cluster using an agent pool snapshot
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"creationData": {
"sourceResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"
},
"enableFIPS": true,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.CreationData;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_Snapshot.json
*/
/**
* Sample code: Create Managed Cluster using an agent pool snapshot.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createManagedClusterUsingAnAgentPoolSnapshot(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1", new ManagedClusterInner()
.withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableFips(true)
.withCreationData(new CreationData().withSourceResourceId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"))
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(
new ManagedClusterServicePrincipalProfile().withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_snapshot.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"creationData": {
"sourceResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"
},
"enableFIPS": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_Snapshot.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_Snapshot.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterUsingAnAgentPoolSnapshot() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
CreationData: &armcontainerservice.CreationData{
SourceResourceID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"),
},
EnableFIPS: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
},
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CreationData: &armcontainerservice.CreationData{
// SourceResourceID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"),
// },
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableFIPS: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// },
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_Snapshot.json
*/
async function createManagedClusterUsingAnAgentPoolSnapshot() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
creationData: {
sourceResourceId:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1",
},
enableFips: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"creationData": {
"sourceResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"
},
"currentOrchestratorVersion": "1.9.6",
"enableFIPS": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"creationData": {
"sourceResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"
},
"currentOrchestratorVersion": "1.9.6",
"enableFIPS": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with Advanced Networking Transit Encryption
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"advancedNetworking": {
"enabled": true,
"observability": {
"enabled": false
},
"security": {
"advancedNetworkPolicies": "FQDN",
"enabled": true,
"transitEncryption": {
"type": "WireGuard"
}
}
},
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkDataplane": "cilium",
"networkPlugin": "azure",
"networkPluginMode": "overlay",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AdvancedNetworkPolicies;
import com.azure.resourcemanager.containerservice.models.AdvancedNetworking;
import com.azure.resourcemanager.containerservice.models.AdvancedNetworkingObservability;
import com.azure.resourcemanager.containerservice.models.AdvancedNetworkingSecurity;
import com.azure.resourcemanager.containerservice.models.AdvancedNetworkingSecurityTransitEncryption;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.NetworkDataplane;
import com.azure.resourcemanager.containerservice.models.NetworkPlugin;
import com.azure.resourcemanager.containerservice.models.NetworkPluginMode;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.TransitEncryptionType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/AdvancedNetworkingTransitEncryption.json
*/
/**
* Sample code: Create Managed Cluster with Advanced Networking Transit Encryption.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createManagedClusterWithAdvancedNetworkingTransitEncryption(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withNetworkPlugin(NetworkPlugin.AZURE)
.withNetworkPluginMode(NetworkPluginMode.OVERLAY).withNetworkDataplane(NetworkDataplane.CILIUM)
.withAdvancedNetworking(new AdvancedNetworking().withEnabled(true)
.withObservability(new AdvancedNetworkingObservability().withEnabled(false))
.withSecurity(new AdvancedNetworkingSecurity().withEnabled(true)
.withAdvancedNetworkPolicies(AdvancedNetworkPolicies.FQDN)
.withTransitEncryption(new AdvancedNetworkingSecurityTransitEncryption()
.withType(TransitEncryptionType.WIRE_GUARD))))
.withOutboundType(OutboundType.LOAD_BALANCER).withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2)))),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python advanced_networking_transit_encryption.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"advancedNetworking": {
"enabled": True,
"observability": {"enabled": False},
"security": {
"advancedNetworkPolicies": "FQDN",
"enabled": True,
"transitEncryption": {"type": "WireGuard"},
},
},
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"networkDataplane": "cilium",
"networkPlugin": "azure",
"networkPluginMode": "overlay",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/AdvancedNetworkingTransitEncryption.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/AdvancedNetworkingTransitEncryption.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithAdvancedNetworkingTransitEncryption() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
},
},
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
AdvancedNetworking: &armcontainerservice.AdvancedNetworking{
Enabled: to.Ptr(true),
Observability: &armcontainerservice.AdvancedNetworkingObservability{
Enabled: to.Ptr(false),
},
Security: &armcontainerservice.AdvancedNetworkingSecurity{
AdvancedNetworkPolicies: to.Ptr(armcontainerservice.AdvancedNetworkPoliciesFQDN),
Enabled: to.Ptr(true),
TransitEncryption: &armcontainerservice.AdvancedNetworkingSecurityTransitEncryption{
Type: to.Ptr(armcontainerservice.TransitEncryptionTypeWireGuard),
},
},
},
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
NetworkDataplane: to.Ptr(armcontainerservice.NetworkDataplaneCilium),
NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginAzure),
NetworkPluginMode: to.Ptr(armcontainerservice.NetworkPluginModeOverlay),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// },
// },
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// AdvancedNetworking: &armcontainerservice.AdvancedNetworking{
// Enabled: to.Ptr(true),
// Observability: &armcontainerservice.AdvancedNetworkingObservability{
// Enabled: to.Ptr(false),
// },
// Security: &armcontainerservice.AdvancedNetworkingSecurity{
// AdvancedNetworkPolicies: to.Ptr(armcontainerservice.AdvancedNetworkPoliciesFQDN),
// Enabled: to.Ptr(true),
// TransitEncryption: &armcontainerservice.AdvancedNetworkingSecurityTransitEncryption{
// Type: to.Ptr(armcontainerservice.TransitEncryptionTypeWireGuard),
// },
// },
// },
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
// NetworkDataplane: to.Ptr(armcontainerservice.NetworkDataplaneCilium),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginAzure),
// NetworkPluginMode: to.Ptr(armcontainerservice.NetworkPluginModeOverlay),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/AdvancedNetworkingTransitEncryption.json
*/
async function createManagedClusterWithAdvancedNetworkingTransitEncryption() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
advancedNetworking: {
enabled: true,
observability: { enabled: false },
security: {
advancedNetworkPolicies: "FQDN",
enabled: true,
transitEncryption: { type: "WireGuard" },
},
},
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
networkDataplane: "cilium",
networkPlugin: "azure",
networkPluginMode: "overlay",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"advancedNetworking": {
"enabled": true,
"observability": {
"enabled": false
},
"security": {
"advancedNetworkPolicies": "FQDN",
"enabled": true,
"transitEncryption": {
"type": "WireGuard"
}
}
},
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkDataplane": "cilium",
"networkPlugin": "azure",
"networkPluginMode": "overlay",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"advancedNetworking": {
"enabled": true,
"observability": {
"enabled": false
},
"security": {
"advancedNetworkPolicies": "FQDN",
"enabled": true,
"transitEncryption": {
"type": "WireGuard"
}
}
},
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkDataplane": "cilium",
"networkPlugin": "azure",
"networkPluginMode": "overlay",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with AKS-managed NAT gateway as outbound type
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": false,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"natGatewayProfile": {
"managedOutboundIPProfile": {
"count": 2
}
},
"outboundType": "managedNATGateway"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterManagedOutboundIpProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterNatGatewayProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_ManagedNATGateway.json
*/
/**
* Sample code: Create Managed Cluster with AKS-managed NAT gateway as outbound type.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createManagedClusterWithAKSManagedNATGatewayAsOutboundType(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(false).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile()
.withOutboundType(OutboundType.MANAGED_NATGATEWAY).withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withNatGatewayProfile(new ManagedClusterNatGatewayProfile()
.withManagedOutboundIpProfile(new ManagedClusterManagedOutboundIpProfile().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_managed_nat_gateway.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": False,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerSku": "standard",
"natGatewayProfile": {"managedOutboundIPProfile": {"count": 2}},
"outboundType": "managedNATGateway",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_ManagedNATGateway.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_ManagedNATGateway.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithAksManagedNatGatewayAsOutboundType() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(false),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
},
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
NatGatewayProfile: &armcontainerservice.ManagedClusterNATGatewayProfile{
ManagedOutboundIPProfile: &armcontainerservice.ManagedClusterManagedOutboundIPProfile{
Count: to.Ptr[int32](2),
},
},
OutboundType: to.Ptr(armcontainerservice.OutboundTypeManagedNATGateway),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(false),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// },
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NatGatewayProfile: &armcontainerservice.ManagedClusterNATGatewayProfile{
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](4),
// ManagedOutboundIPProfile: &armcontainerservice.ManagedClusterManagedOutboundIPProfile{
// Count: to.Ptr[int32](2),
// },
// },
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeManagedNATGateway),
// PodCidr: to.Ptr("10.244.0.0/16"),
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_ManagedNATGateway.json
*/
async function createManagedClusterWithAKSManagedNATGatewayAsOutboundType() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: false,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerSku: "standard",
natGatewayProfile: { managedOutboundIPProfile: { count: 2 } },
outboundType: "managedNATGateway",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": false,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "basic",
"natGatewayProfile": {
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 4,
"managedOutboundIPProfile": {
"count": 2
}
},
"networkPlugin": "kubenet",
"outboundType": "managedNATGateway",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": false,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"natGatewayProfile": {
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 4,
"managedOutboundIPProfile": {
"count": 2
}
},
"networkPlugin": "kubenet",
"outboundType": "managedNATGateway",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with Azure KeyVault Secrets Provider Addon
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
},
"enabled": true
}
},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAddonProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_AzureKeyvaultSecretsProvider.json
*/
/**
* Sample code: Create Managed Cluster with Azure KeyVault Secrets Provider Addon.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createManagedClusterWithAzureKeyVaultSecretsProviderAddon(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile().withClientId("clientid")
.withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf("azureKeyvaultSecretsProvider",
new ManagedClusterAddonProfile().withEnabled(true).withConfig(
mapOf("enableSecretRotation", "fakeTokenPlaceholder", "rotationPollInterval", "2m"))))
.withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile()
.withOutboundType(OutboundType.LOAD_BALANCER).withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_azure_keyvault_secrets_provider.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"config": {"enableSecretRotation": "true", "rotationPollInterval": "2m"},
"enabled": True,
}
},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_AzureKeyvaultSecretsProvider.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_AzureKeyvaultSecretsProvider.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithAzureKeyVaultSecretsProviderAddon() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{
"azureKeyvaultSecretsProvider": {
Config: map[string]*string{
"enableSecretRotation": to.Ptr("true"),
"rotationPollInterval": to.Ptr("2m"),
},
Enabled: to.Ptr(true),
},
},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
},
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{
// "azureKeyvaultSecretsProvider": &armcontainerservice.ManagedClusterAddonProfile{
// Config: map[string]*string{
// "enableSecretRotation": to.Ptr("true"),
// "rotationPollInterval": to.Ptr("2m"),
// },
// Enabled: to.Ptr(true),
// },
// },
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// },
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_AzureKeyvaultSecretsProvider.json
*/
async function createManagedClusterWithAzureKeyVaultSecretsProviderAddon() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
addonProfiles: {
azureKeyvaultSecretsProvider: {
config: { enableSecretRotation: "true", rotationPollInterval: "2m" },
enabled: true,
},
},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
},
"enabled": true
}
},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
},
"enabled": true
}
},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with Capacity Reservation Group
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"capacityReservationGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1",
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_CRG.json
*/
/**
* Sample code: Create Managed Cluster with Capacity Reservation Group.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createManagedClusterWithCapacityReservationGroup(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1", new ManagedClusterInner()
.withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true)
.withCapacityReservationGroupId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1")
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(
new ManagedClusterServicePrincipalProfile().withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_crg.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"capacityReservationGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1",
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_CRG.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_CRG.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithCapacityReservationGroup() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
CapacityReservationGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1"),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
},
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// CapacityReservationGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1"),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// },
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_CRG.json
*/
async function createManagedClusterWithCapacityReservationGroup() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
capacityReservationGroupID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"capacityReservationGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"capacityReservationGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with Custom CA Trust Certificates
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"securityProfile": {
"customCATrustCertificates": [
"ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ="
]
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_CustomCATrustCertificates.json
*/
/**
* Sample code: Create Managed Cluster with Custom CA Trust Certificates.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createManagedClusterWithCustomCATrustCertificates(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile()
.withOutboundType(OutboundType.LOAD_BALANCER).withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
.withSecurityProfile(new ManagedClusterSecurityProfile().withCustomCATrustCertificates(
Arrays.asList("ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ=".getBytes()))),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_custom_ca_trust_certificates.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"securityProfile": {
"customCATrustCertificates": ["ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ="]
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_CustomCATrustCertificates.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_CustomCATrustCertificates.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithCustomCaTrustCertificates() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
},
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
SecurityProfile: &armcontainerservice.ManagedClusterSecurityProfile{
CustomCATrustCertificates: [][]byte{
[]byte("ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ="),
},
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// },
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// SecurityProfile: &armcontainerservice.ManagedClusterSecurityProfile{
// CustomCATrustCertificates: [][]byte{
// []byte("ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ="),
// },
// },
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_CustomCATrustCertificates.json
*/
async function createManagedClusterWithCustomCATrustCertificates() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
securityProfile: {
customCATrustCertificates: [
Buffer.from("ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ=", "base64"),
],
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"securityProfile": {
"customCATrustCertificates": [
"ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ="
]
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"securityProfile": {
"customCATrustCertificates": [
"ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ="
]
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with Dedicated Host Group
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"hostGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_DedicatedHostGroup.json
*/
/**
* Sample code: Create Managed Cluster with Dedicated Host Group.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createManagedClusterWithDedicatedHostGroup(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1", new ManagedClusterInner()
.withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withEnableNodePublicIp(true)
.withHostGroupId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1")
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(
new ManagedClusterServicePrincipalProfile().withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_dedicated_host_group.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"hostGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_DedicatedHostGroup.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_DedicatedHostGroup.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithDedicatedHostGroup() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
HostGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1"),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
},
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// EnableNodePublicIP: to.Ptr(true),
// HostGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1"),
// MaxPods: to.Ptr[int32](110),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// },
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_DedicatedHostGroup.json
*/
async function createManagedClusterWithDedicatedHostGroup() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
hostGroupID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"hostGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1",
"maxPods": 110,
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"hostGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1",
"maxPods": 110,
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with EncryptionAtHost enabled
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_EnableEncryptionAtHost.json
*/
/**
* Sample code: Create Managed Cluster with EncryptionAtHost enabled.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createManagedClusterWithEncryptionAtHostEnabled(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableEncryptionAtHost(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile()
.withOutboundType(OutboundType.LOAD_BALANCER).withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_enable_encryption_at_host.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableEncryptionAtHost": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_EnableEncryptionAtHost.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_EnableEncryptionAtHost.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithEncryptionAtHostEnabled() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableEncryptionAtHost: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
},
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// },
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_EnableEncryptionAtHost.json
*/
async function createManagedClusterWithEncryptionAtHostEnabled() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableEncryptionAtHost: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with FIPS enabled OS
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableFIPS": true,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_EnabledFIPS.json
*/
/**
* Sample code: Create Managed Cluster with FIPS enabled OS.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createManagedClusterWithFIPSEnabledOS(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableFips(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile()
.withOutboundType(OutboundType.LOAD_BALANCER).withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_enabled_fips.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableFIPS": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_EnabledFIPS.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_EnabledFIPS.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithFipsEnabledOS() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableFIPS: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
},
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableFIPS: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// },
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_EnabledFIPS.json
*/
async function createManagedClusterWithFipsEnabledOS() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableFips: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableFIPS": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableFIPS": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with GPUMIG
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"gpuInstanceProfile": "MIG3g",
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_ND96asr_v4"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
},
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.GpuInstanceProfile;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterHttpProxyConfig;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_GPUMIG.json
*/
/**
* Sample code: Create Managed Cluster with GPUMIG.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void
createManagedClusterWithGPUMIG(com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1", new ManagedClusterInner()
.withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_ND96asr_v4").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withGpuInstanceProfile(GpuInstanceProfile.MIG3G).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(
new ManagedClusterServicePrincipalProfile().withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
.withHttpProxyConfig(new ManagedClusterHttpProxyConfig().withHttpProxy("http://myproxy.server.com:8080")
.withHttpsProxy("https://myproxy.server.com:8080").withNoProxy(Arrays.asList("localhost", "127.0.0.1"))
.withTrustedCa("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=")),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_gpumig.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"gpuInstanceProfile": "MIG3g",
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_ND96asr_v4",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": ["localhost", "127.0.0.1"],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_GPUMIG.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_GPUMIG.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithGpumig() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
GpuInstanceProfile: to.Ptr(armcontainerservice.GPUInstanceProfileMIG3G),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_ND96asr_v4"),
},
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
NoProxy: []*string{
to.Ptr("localhost"),
to.Ptr("127.0.0.1"),
},
TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
},
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// GpuInstanceProfile: to.Ptr(armcontainerservice.GPUInstanceProfileMIG3G),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_ND96asr_v4"),
// },
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
// HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
// HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
// NoProxy: []*string{
// to.Ptr("localhost"),
// to.Ptr("127.0.0.1"),
// },
// TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
// },
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_GPUMIG.json
*/
async function createManagedClusterWithGpumig() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
gpuInstanceProfile: "MIG3g",
mode: "System",
osType: "Linux",
vmSize: "Standard_ND96asr_v4",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
httpProxyConfig: {
httpProxy: "http://myproxy.server.com:8080",
httpsProxy: "https://myproxy.server.com:8080",
noProxy: ["localhost", "127.0.0.1"],
trustedCa: "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"gpuInstanceProfile": "MIG3g",
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_ND96asr_v4"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
},
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"gpuInstanceProfile": "MIG3g",
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_ND96asr_v4"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
},
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
},
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterHttpProxyConfig;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_HTTPProxy.json
*/
/**
* Sample code: Create Managed Cluster with HTTP proxy configured.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createManagedClusterWithHTTPProxyConfigured(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile()
.withOutboundType(OutboundType.LOAD_BALANCER).withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
.withHttpProxyConfig(new ManagedClusterHttpProxyConfig().withHttpProxy("http://myproxy.server.com:8080")
.withHttpsProxy("https://myproxy.server.com:8080")
.withNoProxy(Arrays.asList("localhost", "127.0.0.1"))
.withTrustedCa("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=")),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_httpproxy.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": ["localhost", "127.0.0.1"],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_HTTPProxy.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_HTTPProxy.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithHttpProxyConfigured() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
},
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
NoProxy: []*string{
to.Ptr("localhost"),
to.Ptr("127.0.0.1"),
},
TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
},
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// },
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
// HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
// HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
// NoProxy: []*string{
// to.Ptr("localhost"),
// to.Ptr("127.0.0.1"),
// },
// TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
// },
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_HTTPProxy.json
*/
async function createManagedClusterWithHttpProxyConfigured() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
httpProxyConfig: {
httpProxy: "http://myproxy.server.com:8080",
httpsProxy: "https://myproxy.server.com:8080",
noProxy: ["localhost", "127.0.0.1"],
trustedCa: "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
},
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
},
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with LongTermSupport
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"disableRunCommand": true
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"supportPlan": "AKSLongTermSupport",
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Base",
"tier": "Premium"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.KubernetesSupportPlan;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterApiServerAccessProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_Premium.json
*/
/**
* Sample code: Create Managed Cluster with LongTermSupport.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createManagedClusterWithLongTermSupport(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1", new ManagedClusterInner()
.withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(
new ManagedClusterSku().withName(ManagedClusterSkuName.BASE).withTier(ManagedClusterSkuTier.PREMIUM))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(
new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableEncryptionAtHost(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(
new ManagedClusterServicePrincipalProfile().withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true).withSupportPlan(KubernetesSupportPlan.AKSLONG_TERM_SUPPORT)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withApiServerAccessProfile(new ManagedClusterApiServerAccessProfile().withDisableRunCommand(true)), null,
null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_premium.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableEncryptionAtHost": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"apiServerAccessProfile": {"disableRunCommand": True},
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"supportPlan": "AKSLongTermSupport",
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Base", "tier": "Premium"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_Premium.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_Premium.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithLongTermSupport() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableEncryptionAtHost: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
},
},
APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
DisableRunCommand: to.Ptr(true),
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
SupportPlan: to.Ptr(armcontainerservice.KubernetesSupportPlanAKSLongTermSupport),
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUNameBase),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierPremium),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// },
// },
// APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
// DisableRunCommand: to.Ptr(true),
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-ee788a1f.hcp.location1.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// PrivateFQDN: to.Ptr("dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// SupportPlan: to.Ptr(armcontainerservice.KubernetesSupportPlanAKSLongTermSupport),
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// SKU: &armcontainerservice.ManagedClusterSKU{
// Name: to.Ptr(armcontainerservice.ManagedClusterSKUNameBase),
// Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierPremium),
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_Premium.json
*/
async function createManagedClusterWithLongTermSupport() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableEncryptionAtHost: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
apiServerAccessProfile: { disableRunCommand: true },
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
supportPlan: "AKSLongTermSupport",
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Base", tier: "Premium" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"disableRunCommand": true
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"supportPlan": "AKSLongTermSupport",
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Base",
"tier": "Premium"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"disableRunCommand": true
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"supportPlan": "AKSLongTermSupport",
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Base",
"tier": "Premium"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with Node Public IP Prefix
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"nodePublicIPPrefixID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_NodePublicIPPrefix.json
*/
/**
* Sample code: Create Managed Cluster with Node Public IP Prefix.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createManagedClusterWithNodePublicIPPrefix(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1", new ManagedClusterInner()
.withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true)
.withNodePublicIpPrefixId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix")
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(
new ManagedClusterServicePrincipalProfile().withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_node_public_ip_prefix.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"nodePublicIPPrefixID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_NodePublicIPPrefix.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_NodePublicIPPrefix.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithNodePublicIPPrefix() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
NodePublicIPPrefixID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
},
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// NodePublicIPPrefixID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// },
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_NodePublicIPPrefix.json
*/
async function createManagedClusterWithNodePublicIPPrefix() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
nodePublicIPPrefixID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"nodePublicIPPrefixID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodePublicIPPrefixID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with OSSKU
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osSKU": "AzureLinux",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
},
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterHttpProxyConfig;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSSku;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_OSSKU.json
*/
/**
* Sample code: Create Managed Cluster with OSSKU.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void
createManagedClusterWithOSSKU(com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX).withOsSku(OSSku.AZURE_LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile()
.withOutboundType(OutboundType.LOAD_BALANCER).withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
.withHttpProxyConfig(new ManagedClusterHttpProxyConfig().withHttpProxy("http://myproxy.server.com:8080")
.withHttpsProxy("https://myproxy.server.com:8080")
.withNoProxy(Arrays.asList("localhost", "127.0.0.1"))
.withTrustedCa("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=")),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_ossku.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osSKU": "AzureLinux",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": ["localhost", "127.0.0.1"],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_OSSKU.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_OSSKU.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithOssku() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSSKU: to.Ptr(armcontainerservice.OSSKUAzureLinux),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
},
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
NoProxy: []*string{
to.Ptr("localhost"),
to.Ptr("127.0.0.1"),
},
TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
},
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSSKU: to.Ptr(armcontainerservice.OSSKUAzureLinux),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// },
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
// HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
// HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
// NoProxy: []*string{
// to.Ptr("localhost"),
// to.Ptr("127.0.0.1"),
// },
// TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
// },
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_OSSKU.json
*/
async function createManagedClusterWithOssku() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osSKU: "AzureLinux",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
httpProxyConfig: {
httpProxy: "http://myproxy.server.com:8080",
httpsProxy: "https://myproxy.server.com:8080",
noProxy: ["localhost", "127.0.0.1"],
trustedCa: "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osSKU": "AzureLinux",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
},
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osSKU": "AzureLinux",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
},
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with PodIdentity enabled
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"podIdentityProfile": {
"allowNetworkPluginKubenet": true,
"enabled": true
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPodIdentityProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_PodIdentity.json
*/
/**
* Sample code: Create Managed Cluster with PodIdentity enabled.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createManagedClusterWithPodIdentityEnabled(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile().withClientId("clientid")
.withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf())
.withPodIdentityProfile(
new ManagedClusterPodIdentityProfile().withEnabled(true).withAllowNetworkPluginKubenet(true))
.withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile()
.withOutboundType(OutboundType.LOAD_BALANCER).withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_pod_identity.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"podIdentityProfile": {"allowNetworkPluginKubenet": True, "enabled": True},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_PodIdentity.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_PodIdentity.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithPodIdentityEnabled() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
},
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
PodIdentityProfile: &armcontainerservice.ManagedClusterPodIdentityProfile{
AllowNetworkPluginKubenet: to.Ptr(true),
Enabled: to.Ptr(true),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// },
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// PodIdentityProfile: &armcontainerservice.ManagedClusterPodIdentityProfile{
// AllowNetworkPluginKubenet: to.Ptr(true),
// Enabled: to.Ptr(true),
// },
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_PodIdentity.json
*/
async function createManagedClusterWithPodIdentityEnabled() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
podIdentityProfile: { allowNetworkPluginKubenet: true, enabled: true },
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"podIdentityProfile": {
"allowNetworkPluginKubenet": true,
"enabled": true
},
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"podIdentityProfile": {
"allowNetworkPluginKubenet": true,
"enabled": true
},
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with PPG
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"proximityPlacementGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_PPG.json
*/
/**
* Sample code: Create Managed Cluster with PPG.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void
createManagedClusterWithPPG(com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1", new ManagedClusterInner()
.withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true)
.withProximityPlacementGroupId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1")
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(
new ManagedClusterServicePrincipalProfile().withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_ppg.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"proximityPlacementGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_PPG.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_PPG.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithPpg() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
ProximityPlacementGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1"),
VMSize: to.Ptr("Standard_DS2_v2"),
},
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// ProximityPlacementGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// },
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_PPG.json
*/
async function createManagedClusterWithPPG() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
proximityPlacementGroupID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"proximityPlacementGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"proximityPlacementGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with RunCommand disabled
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"disableRunCommand": true
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterApiServerAccessProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_DisableRunCommand.json
*/
/**
* Sample code: Create Managed Cluster with RunCommand disabled.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createManagedClusterWithRunCommandDisabled(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableEncryptionAtHost(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withApiServerAccessProfile(new ManagedClusterApiServerAccessProfile().withDisableRunCommand(true)),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_disable_run_command.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableEncryptionAtHost": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"apiServerAccessProfile": {"disableRunCommand": True},
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_DisableRunCommand.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_DisableRunCommand.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithRunCommandDisabled() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableEncryptionAtHost: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
},
},
APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
DisableRunCommand: to.Ptr(true),
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// },
// },
// APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
// DisableRunCommand: to.Ptr(true),
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-ee788a1f.hcp.location1.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// PrivateFQDN: to.Ptr("dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// SupportPlan: to.Ptr(armcontainerservice.KubernetesSupportPlanKubernetesOfficial),
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_DisableRunCommand.json
*/
async function createManagedClusterWithRunCommandDisabled() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableEncryptionAtHost: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
apiServerAccessProfile: { disableRunCommand: true },
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"disableRunCommand": true
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"supportPlan": "KubernetesOfficial",
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"disableRunCommand": true
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"supportPlan": "KubernetesOfficial",
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"dnsPrefix": "dnsprefix1",
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"securityProfile": {
"defender": {
"logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
"securityMonitoring": {
"enabled": true
}
},
"workloadIdentity": {
"enabled": true
}
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfileDefender;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfileDefenderSecurityMonitoring;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfileWorkloadIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_SecurityProfile.json
*/
/**
* Sample code: Create Managed Cluster with Security Profile configured.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createManagedClusterWithSecurityProfileConfigured(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withNetworkProfile(new ContainerServiceNetworkProfile()
.withOutboundType(OutboundType.LOAD_BALANCER).withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withSecurityProfile(new ManagedClusterSecurityProfile()
.withDefender(new ManagedClusterSecurityProfileDefender().withLogAnalyticsWorkspaceResourceId(
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME")
.withSecurityMonitoring(
new ManagedClusterSecurityProfileDefenderSecurityMonitoring().withEnabled(true)))
.withWorkloadIdentity(new ManagedClusterSecurityProfileWorkloadIdentity().withEnabled(true))),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_security_profile.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"dnsPrefix": "dnsprefix1",
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"securityProfile": {
"defender": {
"logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
"securityMonitoring": {"enabled": True},
},
"workloadIdentity": {"enabled": True},
},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_SecurityProfile.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_SecurityProfile.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithSecurityProfileConfigured() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
},
},
DNSPrefix: to.Ptr("dnsprefix1"),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
SecurityProfile: &armcontainerservice.ManagedClusterSecurityProfile{
Defender: &armcontainerservice.ManagedClusterSecurityProfileDefender{
LogAnalyticsWorkspaceResourceID: to.Ptr("/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME"),
SecurityMonitoring: &armcontainerservice.ManagedClusterSecurityProfileDefenderSecurityMonitoring{
Enabled: to.Ptr(true),
},
},
WorkloadIdentity: &armcontainerservice.ManagedClusterSecurityProfileWorkloadIdentity{
Enabled: to.Ptr(true),
},
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// },
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// SecurityProfile: &armcontainerservice.ManagedClusterSecurityProfile{
// Defender: &armcontainerservice.ManagedClusterSecurityProfileDefender{
// LogAnalyticsWorkspaceResourceID: to.Ptr("/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME"),
// SecurityMonitoring: &armcontainerservice.ManagedClusterSecurityProfileDefenderSecurityMonitoring{
// Enabled: to.Ptr(true),
// },
// },
// WorkloadIdentity: &armcontainerservice.ManagedClusterSecurityProfileWorkloadIdentity{
// Enabled: to.Ptr(true),
// },
// },
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_SecurityProfile.json
*/
async function createManagedClusterWithSecurityProfileConfigured() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
dnsPrefix: "dnsprefix1",
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
securityProfile: {
defender: {
logAnalyticsWorkspaceResourceId:
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
securityMonitoring: { enabled: true },
},
workloadIdentity: { enabled: true },
},
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"securityProfile": {
"defender": {
"logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
"securityMonitoring": {
"enabled": true
}
},
"workloadIdentity": {
"enabled": true
}
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"securityProfile": {
"defender": {
"logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
"securityMonitoring": {
"enabled": true
}
},
"workloadIdentity": {
"enabled": true
}
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with UltraSSD enabled
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"enableUltraSSD": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_EnableUltraSSD.json
*/
/**
* Sample code: Create Managed Cluster with UltraSSD enabled.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createManagedClusterWithUltraSSDEnabled(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableUltraSsd(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile()
.withOutboundType(OutboundType.LOAD_BALANCER).withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_enable_ultra_ssd.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"enableUltraSSD": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_EnableUltraSSD.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_EnableUltraSSD.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithUltraSsdEnabled() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
EnableUltraSSD: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
},
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// EnableUltraSSD: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// },
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_EnableUltraSSD.json
*/
async function createManagedClusterWithUltraSSDEnabled() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
enableUltraSSD: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"enableUltraSSD": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"enableUltraSSD": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with user-assigned NAT gateway as outbound type
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": false,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "userAssignedNATGateway"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_UserAssignedNATGateway.json
*/
/**
* Sample code: Create Managed Cluster with user-assigned NAT gateway as outbound type.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createManagedClusterWithUserAssignedNATGatewayAsOutboundType(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(false).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile()
.withOutboundType(OutboundType.USER_ASSIGNED_NATGATEWAY)
.withLoadBalancerSku(LoadBalancerSku.STANDARD))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_user_assigned_nat_gateway.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": False,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {"loadBalancerSku": "standard", "outboundType": "userAssignedNATGateway"},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_UserAssignedNATGateway.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_UserAssignedNATGateway.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithUserAssignedNatGatewayAsOutboundType() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(false),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
},
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeUserAssignedNATGateway),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(false),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// },
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeUserAssignedNATGateway),
// PodCidr: to.Ptr("10.244.0.0/16"),
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_UserAssignedNATGateway.json
*/
async function createManagedClusterWithUserAssignedNATGatewayAsOutboundType() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: false,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: { loadBalancerSku: "standard", outboundType: "userAssignedNATGateway" },
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": false,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "userAssignedNATGateway",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": false,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "userAssignedNATGateway",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"dnsPrefix": "dnsprefix1",
"ingressProfile": {
"webAppRouting": {
"dnsZoneResourceIds": [
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME"
],
"enabled": true
}
},
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIngressProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIngressProfileWebAppRouting;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_IngressProfile_WebAppRouting.json
*/
/**
* Sample code: Create Managed Cluster with Web App Routing Ingress Profile configured.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createManagedClusterWithWebAppRoutingIngressProfileConfigured(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withNetworkProfile(new ContainerServiceNetworkProfile()
.withOutboundType(OutboundType.LOAD_BALANCER).withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withIngressProfile(new ManagedClusterIngressProfile()
.withWebAppRouting(new ManagedClusterIngressProfileWebAppRouting().withEnabled(true)
.withDnsZoneResourceIds(Arrays.asList(
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME")))),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_ingress_profile_web_app_routing.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"dnsPrefix": "dnsprefix1",
"ingressProfile": {
"webAppRouting": {
"dnsZoneResourceIds": [
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME"
],
"enabled": True,
}
},
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_IngressProfile_WebAppRouting.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_IngressProfile_WebAppRouting.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithWebAppRoutingIngressProfileConfigured() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
},
},
DNSPrefix: to.Ptr("dnsprefix1"),
IngressProfile: &armcontainerservice.ManagedClusterIngressProfile{
WebAppRouting: &armcontainerservice.ManagedClusterIngressProfileWebAppRouting{
DNSZoneResourceIDs: []*string{
to.Ptr("/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME"),
},
Enabled: to.Ptr(true),
},
},
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// },
// },
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// IngressProfile: &armcontainerservice.ManagedClusterIngressProfile{
// WebAppRouting: &armcontainerservice.ManagedClusterIngressProfileWebAppRouting{
// DNSZoneResourceIDs: []*string{
// to.Ptr("/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME"),
// },
// Enabled: to.Ptr(true),
// },
// },
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_IngressProfile_WebAppRouting.json
*/
async function createManagedClusterWithWebAppRoutingIngressProfileConfigured() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
dnsPrefix: "dnsprefix1",
ingressProfile: {
webAppRouting: {
dnsZoneResourceIds: [
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME",
],
enabled: true,
},
},
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"ingressProfile": {
"webAppRouting": {
"dnsZoneResourceIds": [
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME"
],
"enabled": true
}
},
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"ingressProfile": {
"webAppRouting": {
"dnsZoneResourceIds": [
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME"
],
"enabled": true
}
},
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Private Cluster with fqdn subdomain specified
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"privateDNSZone": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"enableRBAC": true,
"fqdnSubdomain": "domain1",
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterApiServerAccessProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_PrivateClusterFQDNSubdomain.json
*/
/**
* Sample code: Create Managed Private Cluster with fqdn subdomain specified.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createManagedPrivateClusterWithFqdnSubdomainSpecified(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withFqdnSubdomain("domain1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableEncryptionAtHost(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile()
.withOutboundType(OutboundType.LOAD_BALANCER).withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withApiServerAccessProfile(
new ManagedClusterApiServerAccessProfile().withEnablePrivateCluster(true).withPrivateDnsZone(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io")),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_private_cluster_fqdn_subdomain.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableEncryptionAtHost": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"apiServerAccessProfile": {
"enablePrivateCluster": True,
"privateDNSZone": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io",
},
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"enableRBAC": True,
"fqdnSubdomain": "domain1",
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_PrivateClusterFQDNSubdomain.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_PrivateClusterFQDNSubdomain.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedPrivateClusterWithFqdnSubdomainSpecified() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableEncryptionAtHost: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
},
},
APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
EnablePrivateCluster: to.Ptr(true),
PrivateDNSZone: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"),
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
EnableRBAC: to.Ptr(true),
FqdnSubdomain: to.Ptr("domain1"),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// },
// },
// APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
// EnablePrivateCluster: to.Ptr(true),
// PrivateDNSZone: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"),
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// EnableRBAC: to.Ptr(true),
// FqdnSubdomain: to.Ptr("domain1"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// PrivateFQDN: to.Ptr("domain1.privatelink.location1.azmk8s.io"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_PrivateClusterFQDNSubdomain.json
*/
async function createManagedPrivateClusterWithFqdnSubdomainSpecified() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableEncryptionAtHost: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
apiServerAccessProfile: {
enablePrivateCluster: true,
privateDNSZone:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io",
},
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
enableRbac: true,
fqdnSubdomain: "domain1",
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"privateDNSZone": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"enableRBAC": true,
"fqdnSubdomain": "domain1",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"privateFQDN": "domain1.privatelink.location1.azmk8s.io",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"privateDNSZone": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"enableRBAC": true,
"fqdnSubdomain": "domain1",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"privateFQDN": "domain1.privatelink.location1.azmk8s.io",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Private Cluster with Public FQDN specified
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"enablePrivateClusterPublicFQDN": true
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterApiServerAccessProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_PrivateClusterPublicFQDN.json
*/
/**
* Sample code: Create Managed Private Cluster with Public FQDN specified.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createManagedPrivateClusterWithPublicFQDNSpecified(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableEncryptionAtHost(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withApiServerAccessProfile(new ManagedClusterApiServerAccessProfile().withEnablePrivateCluster(true)
.withEnablePrivateClusterPublicFqdn(true)),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_private_cluster_public_fqdn.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableEncryptionAtHost": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"apiServerAccessProfile": {"enablePrivateCluster": True, "enablePrivateClusterPublicFQDN": True},
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_PrivateClusterPublicFQDN.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_PrivateClusterPublicFQDN.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedPrivateClusterWithPublicFqdnSpecified() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableEncryptionAtHost: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
},
},
APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
EnablePrivateCluster: to.Ptr(true),
EnablePrivateClusterPublicFQDN: to.Ptr(true),
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// },
// },
// APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
// EnablePrivateCluster: to.Ptr(true),
// EnablePrivateClusterPublicFQDN: to.Ptr(true),
// PrivateDNSZone: to.Ptr("system"),
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-ee788a1f.hcp.location1.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// PrivateFQDN: to.Ptr("dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_PrivateClusterPublicFQDN.json
*/
async function createManagedPrivateClusterWithPublicFqdnSpecified() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableEncryptionAtHost: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
apiServerAccessProfile: { enablePrivateCluster: true, enablePrivateClusterPublicFqdn: true },
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"enablePrivateClusterPublicFQDN": true,
"privateDNSZone": "system"
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"enablePrivateClusterPublicFQDN": true,
"privateDNSZone": "system"
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create/Update AAD Managed Cluster with EnableAzureRBAC
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"aadProfile": {
"enableAzureRBAC": true,
"managed": true
},
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAadProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_UpdateWithEnableAzureRBAC.json
*/
/**
* Sample code: Create/Update AAD Managed Cluster with EnableAzureRBAC.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createUpdateAADManagedClusterWithEnableAzureRBAC(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS1_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withAvailabilityZones(Arrays.asList("1", "2", "3"))
.withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile()
.withOutboundType(OutboundType.LOAD_BALANCER).withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAadProfile(new ManagedClusterAadProfile().withManaged(true).withEnableAzureRbac(true))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_update_with_enable_azure_rbac.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"aadProfile": {"enableAzureRBAC": True, "managed": True},
"addonProfiles": {},
"agentPoolProfiles": [
{
"availabilityZones": ["1", "2", "3"],
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS1_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_UpdateWithEnableAzureRBAC.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_UpdateWithEnableAzureRBAC.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateAadManagedClusterWithEnableAzureRbac() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AADProfile: &armcontainerservice.ManagedClusterAADProfile{
EnableAzureRBAC: to.Ptr(true),
Managed: to.Ptr(true),
},
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
AvailabilityZones: []*string{
to.Ptr("1"),
to.Ptr("2"),
to.Ptr("3"),
},
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS1_v2"),
},
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AADProfile: &armcontainerservice.ManagedClusterAADProfile{
// EnableAzureRBAC: to.Ptr(true),
// Managed: to.Ptr(true),
// TenantID: to.Ptr("tenantID"),
// },
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// AvailabilityZones: []*string{
// to.Ptr("1"),
// to.Ptr("2"),
// to.Ptr("3"),
// },
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS1_v2"),
// },
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_UpdateWithEnableAzureRBAC.json
*/
async function createOrUpdateAADManagedClusterWithEnableAzureRbac() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
aadProfile: { enableAzureRbac: true, managed: true },
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
availabilityZones: ["1", "2", "3"],
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS1_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"aadProfile": {
"adminGroupObjectIDs": null,
"enableAzureRBAC": true,
"managed": true,
"tenantID": "tenantID"
},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"aadProfile": {
"adminGroupObjectIDs": null,
"enableAzureRBAC": true,
"managed": true,
"tenantID": "tenantID"
},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create/Update Managed Cluster
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
}
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"scaleDownMode": "Deallocate",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"upgradeSettings": {
"overrideSettings": {
"forceUpgrade": false,
"until": "2022-11-01T13:00:00Z"
}
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ClusterUpgradeSettings;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.Expander;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.ManagedServiceIdentityUserAssignedIdentitiesValue;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ResourceIdentityType;
import com.azure.resourcemanager.containerservice.models.ScaleDownMode;
import com.azure.resourcemanager.containerservice.models.UpgradeOverrideSettings;
import java.time.OffsetDateTime;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_Update.json
*/
/**
* Sample code: Create/Update Managed Cluster.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void
createUpdateManagedCluster(com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1", new ManagedClusterInner()
.withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku().withName(ManagedClusterSkuName.fromString("Basic"))
.withTier(ManagedClusterSkuTier.FREE))
.withIdentity(new ManagedClusterIdentity().withType(ResourceIdentityType.USER_ASSIGNED)
.withUserAssignedIdentities(mapOf(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1",
new ManagedServiceIdentityUserAssignedIdentitiesValue())))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(
new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS1_v2").withOsType(OSType.LINUX)
.withScaleDownMode(ScaleDownMode.DEALLOCATE).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withAvailabilityZones(Arrays.asList("1", "2", "3"))
.withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(
new ManagedClusterServicePrincipalProfile().withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withUpgradeSettings(new ClusterUpgradeSettings().withOverrideSettings(new UpgradeOverrideSettings()
.withForceUpgrade(false).withUntil(OffsetDateTime.parse("2022-11-01T13:00:00Z"))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withBalanceSimilarNodeGroups("true")
.withExpander(Expander.PRIORITY).withMaxNodeProvisionTime("15m").withNewPodScaleUpDelay("1m")
.withScanInterval("20s").withScaleDownDelayAfterAdd("15m").withSkipNodesWithSystemPods("false"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_update.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
},
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"availabilityZones": ["1", "2", "3"],
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"scaleDownMode": "Deallocate",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS1_v2",
}
],
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false",
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"upgradeSettings": {"overrideSettings": {"forceUpgrade": False, "until": "2022-11-01T13:00:00Z"}},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_Update.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"time"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_Update.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedCluster() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Identity: &armcontainerservice.ManagedClusterIdentity{
Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {},
},
},
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
AvailabilityZones: []*string{
to.Ptr("1"),
to.Ptr("2"),
to.Ptr("3"),
},
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
ScaleDownMode: to.Ptr(armcontainerservice.ScaleDownModeDeallocate),
VMSize: to.Ptr("Standard_DS1_v2"),
},
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
BalanceSimilarNodeGroups: to.Ptr("true"),
Expander: to.Ptr(armcontainerservice.ExpanderPriority),
MaxNodeProvisionTime: to.Ptr("15m"),
NewPodScaleUpDelay: to.Ptr("1m"),
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
SkipNodesWithSystemPods: to.Ptr("false"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
UpgradeSettings: &armcontainerservice.ClusterUpgradeSettings{
OverrideSettings: &armcontainerservice.UpgradeOverrideSettings{
ForceUpgrade: to.Ptr(false),
Until: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-01T13:00:00Z"); return t }()),
},
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Identity: &armcontainerservice.ManagedClusterIdentity{
// Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": &armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// ClientID: to.Ptr("clientId1"),
// PrincipalID: to.Ptr("principalId1"),
// },
// },
// },
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// AvailabilityZones: []*string{
// to.Ptr("1"),
// to.Ptr("2"),
// to.Ptr("3"),
// },
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// ScaleDownMode: to.Ptr(armcontainerservice.ScaleDownModeDeallocate),
// VMSize: to.Ptr("Standard_DS1_v2"),
// },
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// BalanceSimilarNodeGroups: to.Ptr("true"),
// Expander: to.Ptr(armcontainerservice.ExpanderPriority),
// MaxNodeProvisionTime: to.Ptr("15m"),
// NewPodScaleUpDelay: to.Ptr("1m"),
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// SkipNodesWithSystemPods: to.Ptr("false"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// UpgradeSettings: &armcontainerservice.ClusterUpgradeSettings{
// OverrideSettings: &armcontainerservice.UpgradeOverrideSettings{
// ForceUpgrade: to.Ptr(false),
// Until: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-01T13:00:00Z"); return t}()),
// },
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_Update.json
*/
async function createOrUpdateManagedCluster() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1":
{},
},
},
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
availabilityZones: ["1", "2", "3"],
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
scaleDownMode: "Deallocate",
vmSize: "Standard_DS1_v2",
},
],
autoScalerProfile: {
balanceSimilarNodeGroups: "true",
expander: "priority",
maxNodeProvisionTime: "15m",
newPodScaleUpDelay: "1m",
scaleDownDelayAfterAdd: "15m",
scanInterval: "20s",
skipNodesWithSystemPods: "false",
},
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
upgradeSettings: {
overrideSettings: { forceUpgrade: false, until: new Date("2022-11-01T13:00:00Z") },
},
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"clientId": "clientId1",
"principalId": "principalId1"
}
}
},
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"scaleDownMode": "Deallocate",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"upgradeSettings": {
"overrideSettings": {
"forceUpgrade": false,
"until": "2022-11-01T13:00:00Z"
}
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"clientId": "clientId1",
"principalId": "principalId1"
}
}
},
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"scaleDownMode": "Deallocate",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create/Update Managed Cluster with Azure Service Mesh
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"location": "location1",
"properties": {
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
},
"enabled": true
}
},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"serviceMeshProfile": {
"istio": {
"certificateAuthority": {
"plugin": {
"certChainObjectName": "cert-chain",
"certObjectName": "ca-cert",
"keyObjectName": "ca-key",
"keyVaultId": "/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
"rootCertObjectName": "root-cert"
}
},
"components": {
"egressGateways": [
{
"name": "test-istio-egress",
"enabled": true,
"gatewayConfigurationName": "test-gateway-configuration"
}
],
"ingressGateways": [
{
"enabled": true,
"mode": "Internal"
}
]
}
},
"mode": "Istio"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.IstioCertificateAuthority;
import com.azure.resourcemanager.containerservice.models.IstioComponents;
import com.azure.resourcemanager.containerservice.models.IstioEgressGateway;
import com.azure.resourcemanager.containerservice.models.IstioIngressGateway;
import com.azure.resourcemanager.containerservice.models.IstioIngressGatewayMode;
import com.azure.resourcemanager.containerservice.models.IstioPluginCertificateAuthority;
import com.azure.resourcemanager.containerservice.models.IstioServiceMesh;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAddonProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ServiceMeshMode;
import com.azure.resourcemanager.containerservice.models.ServiceMeshProfile;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_AzureServiceMesh.json
*/
/**
* Sample code: Create/Update Managed Cluster with Azure Service Mesh.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createUpdateManagedClusterWithAzureServiceMesh(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile().withClientId("clientid")
.withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf("azureKeyvaultSecretsProvider",
new ManagedClusterAddonProfile().withEnabled(true).withConfig(
mapOf("enableSecretRotation", "fakeTokenPlaceholder", "rotationPollInterval", "2m"))))
.withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile()
.withOutboundType(OutboundType.LOAD_BALANCER).withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
.withServiceMeshProfile(
new ServiceMeshProfile().withMode(ServiceMeshMode.ISTIO)
.withIstio(new IstioServiceMesh()
.withComponents(new IstioComponents()
.withIngressGateways(Arrays.asList(new IstioIngressGateway()
.withMode(IstioIngressGatewayMode.INTERNAL).withEnabled(true)))
.withEgressGateways(Arrays
.asList(new IstioEgressGateway().withEnabled(true).withName("test-istio-egress")
.withGatewayConfigurationName("test-gateway-configuration"))))
.withCertificateAuthority(new IstioCertificateAuthority()
.withPlugin(new IstioPluginCertificateAuthority().withKeyVaultId("fakeTokenPlaceholder")
.withCertObjectName("ca-cert").withKeyObjectName("fakeTokenPlaceholder")
.withRootCertObjectName("root-cert").withCertChainObjectName("cert-chain"))))),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_azure_service_mesh.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"config": {"enableSecretRotation": "true", "rotationPollInterval": "2m"},
"enabled": True,
}
},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"serviceMeshProfile": {
"istio": {
"certificateAuthority": {
"plugin": {
"certChainObjectName": "cert-chain",
"certObjectName": "ca-cert",
"keyObjectName": "ca-key",
"keyVaultId": "/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
"rootCertObjectName": "root-cert",
}
},
"components": {
"egressGateways": [
{
"enabled": True,
"gatewayConfigurationName": "test-gateway-configuration",
"name": "test-istio-egress",
}
],
"ingressGateways": [{"enabled": True, "mode": "Internal"}],
},
},
"mode": "Istio",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_AzureServiceMesh.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_AzureServiceMesh.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedClusterWithAzureServiceMesh() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{
"azureKeyvaultSecretsProvider": {
Config: map[string]*string{
"enableSecretRotation": to.Ptr("true"),
"rotationPollInterval": to.Ptr("2m"),
},
Enabled: to.Ptr(true),
},
},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
},
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServiceMeshProfile: &armcontainerservice.ServiceMeshProfile{
Istio: &armcontainerservice.IstioServiceMesh{
CertificateAuthority: &armcontainerservice.IstioCertificateAuthority{
Plugin: &armcontainerservice.IstioPluginCertificateAuthority{
CertChainObjectName: to.Ptr("cert-chain"),
CertObjectName: to.Ptr("ca-cert"),
KeyObjectName: to.Ptr("ca-key"),
KeyVaultID: to.Ptr("/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv"),
RootCertObjectName: to.Ptr("root-cert"),
},
},
Components: &armcontainerservice.IstioComponents{
EgressGateways: []*armcontainerservice.IstioEgressGateway{
{
Name: to.Ptr("test-istio-egress"),
Enabled: to.Ptr(true),
GatewayConfigurationName: to.Ptr("test-gateway-configuration"),
},
},
IngressGateways: []*armcontainerservice.IstioIngressGateway{
{
Enabled: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.IstioIngressGatewayModeInternal),
},
},
},
},
Mode: to.Ptr(armcontainerservice.ServiceMeshModeIstio),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{
// "azureKeyvaultSecretsProvider": &armcontainerservice.ManagedClusterAddonProfile{
// Config: map[string]*string{
// "enableSecretRotation": to.Ptr("true"),
// "rotationPollInterval": to.Ptr("2m"),
// },
// Enabled: to.Ptr(true),
// },
// },
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// },
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServiceMeshProfile: &armcontainerservice.ServiceMeshProfile{
// Istio: &armcontainerservice.IstioServiceMesh{
// CertificateAuthority: &armcontainerservice.IstioCertificateAuthority{
// Plugin: &armcontainerservice.IstioPluginCertificateAuthority{
// CertChainObjectName: to.Ptr("cert-chain"),
// CertObjectName: to.Ptr("ca-cert"),
// KeyObjectName: to.Ptr("ca-key"),
// KeyVaultID: to.Ptr("/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv"),
// RootCertObjectName: to.Ptr("root-cert"),
// },
// },
// Components: &armcontainerservice.IstioComponents{
// EgressGateways: []*armcontainerservice.IstioEgressGateway{
// {
// Name: to.Ptr("test-istio-egress"),
// Enabled: to.Ptr(true),
// GatewayConfigurationName: to.Ptr("test-gateway-configuration"),
// },
// },
// IngressGateways: []*armcontainerservice.IstioIngressGateway{
// {
// Enabled: to.Ptr(true),
// Mode: to.Ptr(armcontainerservice.IstioIngressGatewayModeInternal),
// },
// },
// },
// Revisions: []*string{
// to.Ptr("asm-1-17"),
// },
// },
// Mode: to.Ptr(armcontainerservice.ServiceMeshModeIstio),
// },
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_AzureServiceMesh.json
*/
async function createOrUpdateManagedClusterWithAzureServiceMesh() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
location: "location1",
addonProfiles: {
azureKeyvaultSecretsProvider: {
config: { enableSecretRotation: "true", rotationPollInterval: "2m" },
enabled: true,
},
},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
serviceMeshProfile: {
istio: {
certificateAuthority: {
plugin: {
certChainObjectName: "cert-chain",
certObjectName: "ca-cert",
keyObjectName: "ca-key",
keyVaultId:
"/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
rootCertObjectName: "root-cert",
},
},
components: {
egressGateways: [
{
name: "test-istio-egress",
enabled: true,
gatewayConfigurationName: "test-gateway-configuration",
},
],
ingressGateways: [{ enabled: true, mode: "Internal" }],
},
},
mode: "Istio",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
},
"enabled": true
}
},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"serviceMeshProfile": {
"istio": {
"certificateAuthority": {
"plugin": {
"certChainObjectName": "cert-chain",
"certObjectName": "ca-cert",
"keyObjectName": "ca-key",
"keyVaultId": "/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
"rootCertObjectName": "root-cert"
}
},
"components": {
"egressGateways": [
{
"name": "test-istio-egress",
"enabled": true,
"gatewayConfigurationName": "test-gateway-configuration"
}
],
"ingressGateways": [
{
"enabled": true,
"mode": "Internal"
}
]
},
"revisions": [
"asm-1-17"
]
},
"mode": "Istio"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
},
"enabled": true
}
},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"serviceMeshProfile": {
"istio": {
"certificateAuthority": {
"plugin": {
"certChainObjectName": "cert-chain",
"certObjectName": "ca-cert",
"keyObjectName": "ca-key",
"keyVaultId": "/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
"rootCertObjectName": "root-cert"
}
},
"components": {
"egressGateways": [
{
"name": "test-istio-egress",
"enabled": true,
"gatewayConfigurationName": "test-gateway-configuration"
}
],
"ingressGateways": [
{
"enabled": true,
"mode": "Internal"
}
]
},
"revisions": [
"asm-1-17"
]
},
"mode": "Istio"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create/Update Managed Cluster with dual-stack networking
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
}
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"scaleDownMode": "Deallocate",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"ipFamilies": [
"IPv4",
"IPv6"
],
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.Expander;
import com.azure.resourcemanager.containerservice.models.IpFamily;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.ManagedServiceIdentityUserAssignedIdentitiesValue;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ResourceIdentityType;
import com.azure.resourcemanager.containerservice.models.ScaleDownMode;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_DualStackNetworking.json
*/
/**
* Sample code: Create/Update Managed Cluster with dual-stack networking.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createUpdateManagedClusterWithDualStackNetworking(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1", new ManagedClusterInner()
.withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku().withName(ManagedClusterSkuName.fromString("Basic"))
.withTier(ManagedClusterSkuTier.FREE))
.withIdentity(new ManagedClusterIdentity().withType(ResourceIdentityType.USER_ASSIGNED)
.withUserAssignedIdentities(mapOf(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1",
new ManagedServiceIdentityUserAssignedIdentitiesValue())))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(
new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS1_v2").withOsType(OSType.LINUX)
.withScaleDownMode(ScaleDownMode.DEALLOCATE).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withAvailabilityZones(Arrays.asList("1", "2", "3"))
.withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(
new ManagedClusterServicePrincipalProfile().withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2)))
.withIpFamilies(Arrays.asList(IpFamily.IPV4, IpFamily.IPV6)))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withBalanceSimilarNodeGroups("true")
.withExpander(Expander.PRIORITY).withMaxNodeProvisionTime("15m").withNewPodScaleUpDelay("1m")
.withScanInterval("20s").withScaleDownDelayAfterAdd("15m").withSkipNodesWithSystemPods("false"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_dual_stack_networking.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
},
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"availabilityZones": ["1", "2", "3"],
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"scaleDownMode": "Deallocate",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS1_v2",
}
],
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false",
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"ipFamilies": ["IPv4", "IPv6"],
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_DualStackNetworking.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_DualStackNetworking.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedClusterWithDualStackNetworking() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Identity: &armcontainerservice.ManagedClusterIdentity{
Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {},
},
},
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
AvailabilityZones: []*string{
to.Ptr("1"),
to.Ptr("2"),
to.Ptr("3"),
},
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
ScaleDownMode: to.Ptr(armcontainerservice.ScaleDownModeDeallocate),
VMSize: to.Ptr("Standard_DS1_v2"),
},
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
BalanceSimilarNodeGroups: to.Ptr("true"),
Expander: to.Ptr(armcontainerservice.ExpanderPriority),
MaxNodeProvisionTime: to.Ptr("15m"),
NewPodScaleUpDelay: to.Ptr("1m"),
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
SkipNodesWithSystemPods: to.Ptr("false"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
IPFamilies: []*armcontainerservice.IPFamily{
to.Ptr(armcontainerservice.IPFamilyIPv4),
to.Ptr(armcontainerservice.IPFamilyIPv6),
},
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Identity: &armcontainerservice.ManagedClusterIdentity{
// Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": &armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// ClientID: to.Ptr("clientId1"),
// PrincipalID: to.Ptr("principalId1"),
// },
// },
// },
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// AvailabilityZones: []*string{
// to.Ptr("1"),
// to.Ptr("2"),
// to.Ptr("3"),
// },
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.22.1"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.22.1"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// ScaleDownMode: to.Ptr(armcontainerservice.ScaleDownModeDeallocate),
// VMSize: to.Ptr("Standard_DS1_v2"),
// },
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// BalanceSimilarNodeGroups: to.Ptr("true"),
// Expander: to.Ptr(armcontainerservice.ExpanderPriority),
// MaxNodeProvisionTime: to.Ptr("15m"),
// NewPodScaleUpDelay: to.Ptr("1m"),
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// SkipNodesWithSystemPods: to.Ptr("false"),
// },
// CurrentKubernetesVersion: to.Ptr("1.22.1"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.22.1"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// to.Ptr(armcontainerservice.IPFamilyIPv6),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip3-ipv6"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// CountIPv6: to.Ptr[int32](1),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// to.Ptr("fd11:1234::/64"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// to.Ptr("fd00:1234::/108"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_DualStackNetworking.json
*/
async function createOrUpdateManagedClusterWithDualStackNetworking() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1":
{},
},
},
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
availabilityZones: ["1", "2", "3"],
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
scaleDownMode: "Deallocate",
vmSize: "Standard_DS1_v2",
},
],
autoScalerProfile: {
balanceSimilarNodeGroups: "true",
expander: "priority",
maxNodeProvisionTime: "15m",
newPodScaleUpDelay: "1m",
scaleDownDelayAfterAdd: "15m",
scanInterval: "20s",
skipNodesWithSystemPods: "false",
},
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
ipFamilies: ["IPv4", "IPv6"],
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: { adminPassword: "replacePassword1234$", adminUsername: "azureuser" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"clientId": "clientId1",
"principalId": "principalId1"
}
}
},
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"currentOrchestratorVersion": "1.22.1",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.22.1",
"osType": "Linux",
"provisioningState": "Succeeded",
"scaleDownMode": "Deallocate",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false"
},
"currentKubernetesVersion": "1.22.1",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.22.1",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4",
"IPv6"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip3-ipv6"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2,
"countIPv6": 1
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16",
"fd11:1234::/64"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16",
"fd00:1234::/108"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"clientId": "clientId1",
"principalId": "principalId1"
}
}
},
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"currentOrchestratorVersion": "1.22.1",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.22.1",
"osType": "Linux",
"provisioningState": "Creating",
"scaleDownMode": "Deallocate",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.22.1",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.22.1",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4",
"IPv6"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip3-ipv6"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2,
"countIPv6": 1
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16",
"fd11:1234::/64"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16",
"fd00:1234::/108"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create/Update Managed Cluster with EnableAHUB
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
}
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser",
"licenseType": "Windows_Server"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LicenseType;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.ManagedServiceIdentityUserAssignedIdentitiesValue;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ResourceIdentityType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_UpdateWithAHUB.json
*/
/**
* Sample code: Create/Update Managed Cluster with EnableAHUB.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createUpdateManagedClusterWithEnableAHUB(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1", new ManagedClusterInner()
.withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku().withName(ManagedClusterSkuName.fromString("Basic"))
.withTier(ManagedClusterSkuTier.FREE))
.withIdentity(new ManagedClusterIdentity().withType(ResourceIdentityType.USER_ASSIGNED)
.withUserAssignedIdentities(mapOf(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1",
new ManagedServiceIdentityUserAssignedIdentitiesValue())))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS1_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withAvailabilityZones(Arrays.asList("1", "2", "3"))
.withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder").withLicenseType(LicenseType.WINDOWS_SERVER))
.withServicePrincipalProfile(
new ManagedClusterServicePrincipalProfile().withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_update_with_ahub.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
},
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"availabilityZones": ["1", "2", "3"],
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS1_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser",
"licenseType": "Windows_Server",
},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_UpdateWithAHUB.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_UpdateWithAHUB.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedClusterWithEnableAhub() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Identity: &armcontainerservice.ManagedClusterIdentity{
Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {},
},
},
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
AvailabilityZones: []*string{
to.Ptr("1"),
to.Ptr("2"),
to.Ptr("3"),
},
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS1_v2"),
},
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
LicenseType: to.Ptr(armcontainerservice.LicenseTypeWindowsServer),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Identity: &armcontainerservice.ManagedClusterIdentity{
// Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": &armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// ClientID: to.Ptr("clientId1"),
// PrincipalID: to.Ptr("principalId1"),
// },
// },
// },
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// AvailabilityZones: []*string{
// to.Ptr("1"),
// to.Ptr("2"),
// to.Ptr("3"),
// },
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS1_v2"),
// },
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// LicenseType: to.Ptr(armcontainerservice.LicenseTypeWindowsServer),
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_UpdateWithAHUB.json
*/
async function createOrUpdateManagedClusterWithEnableAhub() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1":
{},
},
},
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
availabilityZones: ["1", "2", "3"],
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS1_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
licenseType: "Windows_Server",
},
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"clientId": "clientId1",
"principalId": "principalId1"
}
}
},
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser",
"licenseType": "Windows_Server"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"clientId": "clientId1",
"principalId": "principalId1"
}
}
},
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser",
"licenseType": "Windows_Server"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create/Update Managed Cluster with Windows gMSA enabled
Permintaan sampel
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2026-03-01
{
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
}
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser",
"gmsaProfile": {
"enabled": true
}
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.ManagedServiceIdentityUserAssignedIdentitiesValue;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ResourceIdentityType;
import com.azure.resourcemanager.containerservice.models.WindowsGmsaProfile;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_UpdateWindowsGmsa.json
*/
/**
* Sample code: Create/Update Managed Cluster with Windows gMSA enabled.
*
* @param manager Entry point to ContainerServiceManager.
*/
public static void createUpdateManagedClusterWithWindowsGMSAEnabled(
com.azure.resourcemanager.containerservice.ContainerServiceManager manager) {
manager.serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1", new ManagedClusterInner()
.withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku().withName(ManagedClusterSkuName.fromString("Basic"))
.withTier(ManagedClusterSkuTier.FREE))
.withIdentity(new ManagedClusterIdentity().withType(ResourceIdentityType.USER_ASSIGNED)
.withUserAssignedIdentities(mapOf(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1",
new ManagedServiceIdentityUserAssignedIdentitiesValue())))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS1_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withAvailabilityZones(Arrays.asList("1", "2", "3"))
.withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder").withGmsaProfile(new WindowsGmsaProfile().withEnabled(true)))
.withServicePrincipalProfile(
new ManagedClusterServicePrincipalProfile().withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_update_windows_gmsa.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="SUBSCRIPTION_ID",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
},
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"availabilityZones": ["1", "2", "3"],
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS1_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser",
"gmsaProfile": {"enabled": True},
},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: 2026-03-01/ManagedClustersCreate_UpdateWindowsGmsa.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v9"
)
// Generated from example definition: 2026-03-01/ManagedClustersCreate_UpdateWindowsGmsa.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedClusterWithWindowsGMsaEnabled() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("00000000-0000-0000-0000-000000000000", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Identity: &armcontainerservice.ManagedClusterIdentity{
Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {},
},
},
Location: to.Ptr("location1"),
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Name: to.Ptr("nodepool1"),
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
AvailabilityZones: []*string{
to.Ptr("1"),
to.Ptr("2"),
to.Ptr("3"),
},
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS1_v2"),
},
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
},
},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
GmsaProfile: &armcontainerservice.WindowsGmsaProfile{
Enabled: to.Ptr(true),
},
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to poll the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res = armcontainerservice.ManagedClustersClientCreateOrUpdateResponse{
// ManagedCluster: armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/managedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Identity: &armcontainerservice.ManagedClusterIdentity{
// Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": &armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// ClientID: to.Ptr("clientId1"),
// PrincipalID: to.Ptr("principalId1"),
// },
// },
// },
// Location: to.Ptr("location1"),
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Name: to.Ptr("nodepool1"),
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// AvailabilityZones: []*string{
// to.Ptr("1"),
// to.Ptr("2"),
// to.Ptr("3"),
// },
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS1_v2"),
// },
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// },
// },
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// },
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// },
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// },
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// },
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// GmsaProfile: &armcontainerservice.WindowsGmsaProfile{
// Enabled: to.Ptr(true),
// },
// },
// },
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to creates or updates a managed cluster.
*
* @summary creates or updates a managed cluster.
* x-ms-original-file: 2026-03-01/ManagedClustersCreate_UpdateWindowsGmsa.json
*/
async function createOrUpdateManagedClusterWithWindowsGMSAEnabled() {
const credential = new DefaultAzureCredential();
const subscriptionId = "00000000-0000-0000-0000-000000000000";
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.createOrUpdate("rg1", "clustername1", {
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1":
{},
},
},
location: "location1",
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
availabilityZones: ["1", "2", "3"],
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS1_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: { adminUsername: "azureuser", ssh: { publicKeys: [{ keyData: "keydata" }] } },
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
gmsaProfile: { enabled: true },
},
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
});
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Respon sampel
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"clientId": "clientId1",
"principalId": "principalId1"
}
}
},
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser",
"gmsaProfile": {
"enabled": true
}
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/managedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"clientId": "clientId1",
"principalId": "principalId1"
}
}
},
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser",
"gmsaProfile": {
"enabled": true
}
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Definisi
| Nama |
Deskripsi |
|
AccelerationMode
|
Aktifkan opsi akselerasi jaringan lanjutan. Hal ini memungkinkan pengguna untuk mengonfigurasi akselerasi menggunakan perutean host BPF. Ini hanya dapat diaktifkan dengan bidang data Cilium. Jika tidak ditentukan, nilai defaultnya adalah Tidak Ada (tidak ada akselerasi). Mode akselerasi dapat diubah pada kluster yang sudah ada sebelumnya. Lihat https://aka.ms/acnsperformance untuk penjelasan rinci
|
|
AdvancedNetworking
|
Profil Jaringan Tingkat Lanjut untuk mengaktifkan rangkaian fitur pengamatan dan keamanan pada kluster. Untuk informasi selengkapnya, lihat aka.ms/aksadvancednetworking.
|
|
AdvancedNetworkingObservability
|
Profil pengamatan untuk mengaktifkan metrik jaringan tingkat lanjut dan log alur dengan konteks historis.
|
|
AdvancedNetworkingPerformance
|
Profil untuk mengaktifkan fitur peningkatan performa pada kluster yang menggunakan Azure CNI yang didukung oleh Cilium.
|
|
AdvancedNetworkingSecurity
|
Profil keamanan untuk mengaktifkan fitur keamanan pada kluster berbasis cilium.
|
|
AdvancedNetworkingSecurityTransitEncryption
|
Konfigurasi enkripsi untuk kluster berbasis Cilium. Setelah diaktifkan, semua lalu lintas antara pod yang dikelola Cilium akan dienkripsi saat meninggalkan batas node.
|
|
AdvancedNetworkPolicies
|
Aktifkan kebijakan jaringan lanjutan. Ini memungkinkan pengguna untuk mengonfigurasi kebijakan jaringan Lapisan 7 (FQDN, HTTP, Kafka). Kebijakan itu sendiri harus dikonfigurasi melalui sumber daya Kebijakan Jaringan Cilium, lihat https://docs.cilium.io/en/latest/security/policy/index.html. Ini hanya dapat diaktifkan pada kluster berbasis cilium. Jika tidak ditentukan, nilai defaultnya adalah FQDN jika security.enabled diatur ke true.
|
|
AgentPoolArtifactStreamingProfile
|
Profil streaming artefak untuk kumpulan agen.
|
|
AgentPoolGatewayProfile
|
Profil kumpulan agen gateway kluster terkelola.
|
|
AgentPoolMode
|
Mode kumpulan agen. Kluster harus memiliki setidaknya satu Kumpulan Agen 'Sistem' setiap saat. Untuk informasi tambahan tentang pembatasan dan praktik terbaik kumpulan agen, lihat: https://docs.microsoft.com/azure/aks/use-system-pools
|
|
AgentPoolNetworkProfile
|
Pengaturan jaringan kumpulan agen.
|
|
AgentPoolSecurityProfile
|
Pengaturan keamanan kumpulan agen.
|
|
AgentPoolSSHAccess
|
Metode akses SSH dari kumpulan agen.
|
|
AgentPoolStatus
|
Berisi informasi baca-saja tentang Kumpulan Agen.
|
|
AgentPoolType
|
Jenis Kumpulan Agen.
|
|
AgentPoolUpgradeSettings
|
Pengaturan untuk memutakhirkan agentpool
|
|
AgentPoolWindowsProfile
|
Profil spesifik kumpulan agen Windows.
|
|
ArtifactSource
|
Sumber artefak. Sumber tempat artifacts diunduh.
|
|
AzureKeyVaultKms
|
Pengaturan layanan manajemen kunci Azure Key Vault untuk profil keamanan.
|
|
BackendPoolType
|
Jenis BackendPool Load Balancer masuk terkelola.
|
|
ClusterUpgradeSettings
|
Pengaturan untuk memutakhirkan kluster.
|
|
Code
|
Memberi tahu apakah kluster Sedang Berjalan atau Dihentikan
|
|
ContainerServiceLinuxProfile
|
Profil untuk VM Linux di kluster layanan kontainer.
|
|
ContainerServiceNetworkProfile
|
Profil konfigurasi jaringan.
|
|
ContainerServiceSshConfiguration
|
Konfigurasi SSH untuk VM berbasis Linux yang berjalan di Azure.
|
|
ContainerServiceSshPublicKey
|
Berisi informasi tentang data kunci publik sertifikat SSH.
|
|
createdByType
|
Jenis identitas yang membuat sumber daya.
|
|
CreationData
|
Data yang digunakan saat membuat sumber daya target dari sumber daya sumber.
|
|
DelegatedResource
|
Properti sumber daya yang didelegasikan - hanya penggunaan internal.
|
|
ErrorAdditionalInfo
|
Info tambahan kesalahan manajemen sumber daya.
|
|
ErrorDetail
|
Detail kesalahan.
|
|
ErrorResponse
|
Tanggapan kesalahan
|
|
Expander
|
Expander untuk digunakan saat meningkatkan skala. Jika tidak ditentukan, defaultnya adalah 'acak'. Lihat expander untuk informasi selengkapnya.
|
|
ExtendedLocation
|
Jenis kompleks lokasi yang diperluas.
|
|
ExtendedLocationTypes
|
Jenis extendedLocation.
|
|
GatewayAPIIstioEnabled
|
Apakah akan mengaktifkan implementasi Istio sebagai Gateway API untuk ingress terkelola dengan Perutean Aplikasi.
|
|
GPUDriver
|
Apakah akan menginstal driver GPU. Jika tidak ditentukan, defaultnya adalah Instal.
|
|
GPUInstanceProfile
|
GPUInstanceProfile yang akan digunakan untuk menentukan profil instans GPU MIG untuk SKU VM GPU yang didukung.
|
|
GPUProfile
|
Pengaturan GPU untuk Kumpulan Agen.
|
|
IPFamily
|
Untuk menentukan apakah alamat termasuk dalam keluarga IPv4 atau IPv6
|
|
IPTag
|
Berisi IPTag yang terkait dengan objek .
|
|
IstioCertificateAuthority
|
Konfigurasi Istio Service Mesh Certificate Authority (CA). Untuk saat ini, kami hanya mendukung sertifikat plugin seperti yang dijelaskan di sini https://aka.ms/asm-plugin-ca
|
|
IstioComponents
|
Konfigurasi komponen Istio.
|
|
IstioEgressGateway
|
Konfigurasi gateway keluar Istio.
|
|
IstioIngressGateway
|
Konfigurasi gateway masuk Istio. Untuk saat ini, kami mendukung hingga satu gateway ingress eksternal bernama aks-istio-ingressgateway-external dan satu gateway masuk internal bernama aks-istio-ingressgateway-internal.
|
|
IstioIngressGatewayMode
|
Mode gateway masuk.
|
|
IstioPluginCertificateAuthority
|
Informasi sertifikat plugin untuk Service Mesh.
|
|
IstioServiceMesh
|
Konfigurasi jala layanan Istio.
|
|
KeyVaultNetworkAccessTypes
|
access jaringan key vault. Jaringan access key vault. Nilai yang mungkin adalah Public dan Private.
Public berarti key vault memungkinkan access publik dari semua jaringan.
Private berarti key vault menonaktifkan access publik dan memungkinkan private link. Nilai defaultnya adalah Public.
|
|
KubeletConfig
|
Konfigurasi kubelet simpul agen. Lihat konfigurasi node kustom AKS untuk detail selengkapnya.
|
|
KubeletDiskType
|
Menentukan penempatan volume emptyDir, akar data runtime kontainer, dan penyimpanan sementara Kubelet.
|
|
KubernetesSupportPlan
|
Tingkat dukungan yang berbeda untuk kluster terkelola AKS
|
|
LicenseType
|
Jenis lisensi yang akan digunakan untuk VM Windows. Lihat Azure Manfaat Pengguna Hibrida untuk detail selengkapnya.
|
|
LinuxOSConfig
|
Konfigurasi OS simpul agen Linux. Lihat konfigurasi node kustom AKS untuk detail selengkapnya.
|
|
LoadBalancerSku
|
Sku load balancer untuk kluster terkelola. Defaultnya adalah 'standar'. Lihat SKU Azure Load Balancer untuk informasi selengkapnya tentang perbedaan antara SKU load balancer.
|
|
LocalDNSForwardDestination
|
Server tujuan untuk kueri DNS yang akan diteruskan dari localDNS.
|
|
LocalDNSForwardPolicy
|
Meneruskan kebijakan untuk memilih server DNS hulu. Lihat plugin forward untuk informasi lebih lanjut.
|
|
LocalDNSMode
|
Mode pemberdayaan untuk localDNS.
|
|
LocalDNSOverride
|
Penggantian untuk profil localDNS.
|
|
LocalDNSProfile
|
Mengonfigurasi DNS lokal per simpul, dengan penggantian VnetDNS dan KubeDNS. LocalDNS membantu meningkatkan performa dan keandalan resolusi DNS dalam kluster AKS. Untuk detail selengkapnya, lihat aka.ms/aks/localdns.
|
|
LocalDNSProtocol
|
Terapkan TCP atau pilih protokol UDP untuk koneksi dari localDNS ke server DNS hulu.
|
|
LocalDNSQueryLogging
|
Tingkat log untuk kueri DNS di localDNS.
|
|
LocalDNSServeStale
|
Kebijakan untuk menyajikan data kedaluwarsa. Lihat plugin cache untuk informasi selengkapnya.
|
|
LocalDNSState
|
Status localDNS yang dihasilkan sistem.
|
|
ManagedCluster
|
Kluster terkelola.
|
|
ManagedClusterAADProfile
|
AADProfile menentukan atribut untuk integrasi Azure Active Directory. Untuk detail selengkapnya, lihat AAD terkelola di AKS.
|
|
ManagedClusterAddonProfile
|
Profil add-on Kubernetes untuk kluster terkelola.
|
|
ManagedClusterAddonProfileIdentity
|
Informasi identitas yang ditetapkan pengguna yang digunakan oleh add-on ini.
|
|
ManagedClusterAgentPoolProfile
|
Profil untuk kumpulan agen layanan kontainer.
|
|
ManagedClusterAIToolchainOperatorProfile
|
Saat mengaktifkan operator, sekumpulan CRD dan pengontrol terkelola AKS akan diinstal di kluster. Operator mengotomatiskan penyebaran model OSS untuk tujuan inferensi dan/atau pelatihan. Ini menyediakan serangkaian model prasetel dan memungkinkan inferensi terdistribusi terhadapnya.
|
|
ManagedClusterAPIServerAccessProfile
|
Profil akses untuk server API kluster terkelola.
|
|
ManagedClusterAppRoutingIstio
|
Konfigurasi untuk menggunakan sarana kontrol Istio tanpa sidecar untuk masuknya terkelola melalui Gateway API dengan Perutean Aplikasi. Lihat https://aka.ms/gateway-on-istio untuk informasi tentang menggunakan Istio untuk ingress melalui Gateway API.
|
|
ManagedClusterAutoUpgradeProfile
|
Profil peningkatan otomatis untuk kluster terkelola.
|
|
ManagedClusterAzureMonitorProfile
|
Profil addon Azure Monitor untuk memantau kluster terkelola.
|
|
ManagedClusterAzureMonitorProfileAppMonitoring
|
Profil Pemantauan Aplikasi untuk AKS.
|
|
ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation
|
Instrumentasi otomatis Pemantauan Aplikasi untuk AKS. Menyebarkan webhook yang menginstruksikan beban kerja secara otomatis dengan Microsoft OpenTelemetry Distros untuk mengumpulkan metrik, log, dan pelacakan OpenTelemetry. Lihat https://aka.ms/AKSAppMonitoringDocs dan https://aka.ms/AzureMonitorApplicationMonitoring untuk gambaran umum.
|
|
ManagedClusterAzureMonitorProfileKubeStateMetrics
|
Profil Metrik Status Kube untuk addon Azure Managed Prometheus. Pengaturan opsional ini adalah untuk pod kube-state-metrics yang disebarkan dengan addon. Lihat aka.ms/AzureManagedPrometheus-optional-parameters untuk detailnya.
|
|
ManagedClusterAzureMonitorProfileMetrics
|
Profil metrik untuk layanan terkelola Azure Monitor untuk addon Prometheus. Kumpulkan metrik infrastruktur Kubernetes out-of-the-box untuk dikirim ke Ruang Kerja Azure Monitor dan konfigurasikan pengikisan tambahan untuk target kustom. Lihat aka.ms/AzureManagedPrometheus untuk gambaran umum.
|
|
ManagedClusterBootstrapProfile
|
Profil bootstrap.
|
|
ManagedClusterCostAnalysis
|
Konfigurasi analisis biaya untuk kluster
|
|
ManagedClusterHostedSystemProfile
|
Pengaturan untuk add-on sistem yang dihosting.
|
|
ManagedClusterHTTPProxyConfig
|
Konfigurasi proksi HTTP kluster.
|
|
ManagedClusterIdentity
|
Identitas untuk kluster terkelola.
|
|
ManagedClusterIngressProfile
|
Profil Ingress untuk kluster layanan kontainer.
|
|
ManagedClusterIngressProfileGatewayConfiguration
|
Konfigurasi untuk CRD API Gateway terkelola. Lihat https://aka.ms/k8s-gateway-api untuk detail selengkapnya.
|
|
ManagedClusterIngressProfileNginx
|
Konfigurasi pengontrol ingress Nginx untuk profil ingress kluster terkelola.
|
|
ManagedClusterIngressProfileWebAppRouting
|
Pengaturan add-on Perutean Aplikasi untuk profil masuk.
|
|
ManagedClusterLoadBalancerProfile
|
Profil load balancer kluster terkelola.
|
|
ManagedClusterLoadBalancerProfileManagedOutboundIPs
|
IP keluar terkelola yang diinginkan untuk load balancer kluster.
|
|
ManagedClusterLoadBalancerProfileOutboundIPPrefixes
|
Sumber daya Awalan IP keluar yang diinginkan untuk load balancer kluster.
|
|
ManagedClusterLoadBalancerProfileOutboundIPs
|
Sumber daya IP keluar yang diinginkan untuk load balancer kluster.
|
|
ManagedClusterManagedOutboundIPProfile
|
Profil sumber daya IP keluar terkelola dari kluster terkelola.
|
|
ManagedClusterMetricsProfile
|
Profil metrik untuk ManagedCluster.
|
|
ManagedClusterNATGatewayProfile
|
Profil gateway NAT kluster terkelola.
|
|
ManagedClusterNodeProvisioningProfile
|
Profil provisi simpul untuk kluster terkelola.
|
|
ManagedClusterNodeResourceGroupProfile
|
Profil penguncian grup sumber daya node untuk kluster terkelola.
|
|
ManagedClusterOIDCIssuerProfile
|
Profil penerbit OIDC dari Kluster Terkelola.
|
|
ManagedClusterPodIdentity
|
Detail tentang identitas pod yang ditetapkan ke Kluster Terkelola.
|
|
ManagedClusterPodIdentityException
|
Pengecualian identitas pod, yang memungkinkan pod dengan label tertentu untuk mengakses titik akhir Azure Instance Metadata Service (IMDS) tanpa dicegat oleh server identitas yang dikelola node (NMI). Lihat menonaktifkan AAD Pod Identity untuk Pod/Aplikasi tertentu untuk detail selengkapnya.
|
|
ManagedClusterPodIdentityProfile
|
Profil identitas pod dari Kluster Terkelola. Lihat menggunakan identitas pod AAD untuk detail selengkapnya tentang integrasi identitas pod.
|
|
ManagedClusterPodIdentityProvisioningError
|
Respons kesalahan dari provisi identitas pod.
|
|
ManagedClusterPodIdentityProvisioningErrorBody
|
Respons kesalahan dari provisi identitas pod.
|
|
ManagedClusterPodIdentityProvisioningInfo
|
Informasi provisi identitas pod.
|
|
ManagedClusterPodIdentityProvisioningState
|
Status penyediaan identitas pod saat ini.
|
|
ManagedClusterPropertiesAutoScalerProfile
|
Parameter yang akan diterapkan ke penskala otomatis kluster saat diaktifkan
|
|
ManagedClusterSecurityProfile
|
Profil keamanan untuk kluster layanan kontainer.
|
|
ManagedClusterSecurityProfileDefender
|
Pengaturan Pertahanan Microsoft untuk profil keamanan.
|
|
ManagedClusterSecurityProfileDefenderSecurityMonitoring
|
Pengaturan Pertahanan Microsoft untuk deteksi ancaman profil keamanan.
|
|
ManagedClusterSecurityProfileImageCleaner
|
Image Cleaner menghapus gambar yang tidak digunakan dari simpul, mengosongkan ruang disk dan membantu mengurangi area permukaan serangan. Berikut adalah pengaturan untuk profil keamanan.
|
|
ManagedClusterSecurityProfileWorkloadIdentity
|
Pengaturan identitas beban kerja untuk profil keamanan.
|
|
ManagedClusterServicePrincipalProfile
|
Informasi tentang identitas perwakilan layanan untuk kluster yang akan digunakan untuk memanipulasi API Azure.
|
|
ManagedClusterSKU
|
SKU Kluster Terkelola.
|
|
ManagedClusterSKUName
|
Nama SKU kluster terkelola.
|
|
ManagedClusterSKUTier
|
Tingkat SKU kluster terkelola. Jika tidak ditentukan, defaultnya adalah 'Gratis'. Lihat Tingkat Harga AKS untuk detail selengkapnya.
|
|
ManagedClusterStaticEgressGatewayProfile
|
Konfigurasi addon Gateway Keluar Statis untuk kluster.
|
|
ManagedClusterStatus
|
Berisi informasi baca-saja tentang Kluster Terkelola.
|
|
ManagedClusterStorageProfile
|
Profil penyimpanan untuk kluster layanan kontainer.
|
|
ManagedClusterStorageProfileBlobCSIDriver
|
Pengaturan Driver CSI AzureBlob untuk profil penyimpanan.
|
|
ManagedClusterStorageProfileDiskCSIDriver
|
Pengaturan Driver CSI AzureDisk untuk profil penyimpanan.
|
|
ManagedClusterStorageProfileFileCSIDriver
|
Pengaturan Driver CSI AzureFile untuk profil penyimpanan.
|
|
ManagedClusterStorageProfileSnapshotController
|
Pengaturan Pengontrol Rekam Jepret untuk profil penyimpanan.
|
|
ManagedClusterWebAppRoutingGatewayAPIImplementations
|
Konfigurasi untuk penyedia API Gateway yang akan digunakan untuk masuk terkelola dengan Perutean Aplikasi.
|
|
ManagedClusterWindowsProfile
|
Profil untuk VM Windows di kluster terkelola.
|
|
ManagedClusterWorkloadAutoScalerProfile
|
Profil Auto-scaler beban kerja untuk kluster terkelola.
|
|
ManagedClusterWorkloadAutoScalerProfileKeda
|
Pengaturan KEDA (Autoscaling berbasis Peristiwa Kubernetes) untuk profil auto-scaler beban kerja.
|
|
ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler
|
Pengaturan VPA (Penskala Otomatis Pod Vertikal) untuk profil auto-scaler beban kerja.
|
|
ManagedGatewayType
|
Konfigurasi untuk penginstalan API Gateway terkelola. Jika tidak ditentukan, defaultnya adalah 'Dinonaktifkan'. Lihat https://aka.ms/k8s-gateway-api untuk detail selengkapnya.
|
|
ManagedServiceIdentityUserAssignedIdentitiesValue
|
Properti identitas yang ditetapkan pengguna.
|
|
ManualScaleProfile
|
Spesifikasi pada jumlah komputer.
|
|
NetworkDataplane
|
Dataplane jaringan yang digunakan dalam kluster Kubernetes.
|
|
NetworkMode
|
Mode jaringan Azure CNI dikonfigurasi dengan. Ini tidak dapat ditentukan jika networkPlugin adalah apa pun selain 'azure'.
|
|
NetworkPlugin
|
Plugin jaringan yang digunakan untuk membangun jaringan Kubernetes.
|
|
NetworkPluginMode
|
Mode yang harus digunakan plugin jaringan.
|
|
NetworkPolicy
|
Kebijakan jaringan yang digunakan untuk membangun jaringan Kubernetes.
|
|
NginxIngressControllerType
|
Jenis Ingress untuk sumber daya kustom NginxIngressController default
|
|
NodeOSUpgradeChannel
|
Saluran Peningkatan OS Node. Cara memperbarui OS pada simpul Anda. Defaultnya adalah NodeImage.
|
|
NodeProvisioningDefaultNodePools
|
Kumpulan Karpenter NodePools (CRD) default yang dikonfigurasi untuk penyediaan simpul. Bidang ini tidak berpengaruh kecuali mode adalah 'Otomatis'. Peringatan: Mengubah ini dari Otomatis ke Tidak Ada pada kluster yang ada akan menyebabkan Karpenter NodePools default dihapus, yang akan menguras dan menghapus simpul yang terkait dengan kumpulan tersebut. Sangat disarankan untuk tidak melakukan ini kecuali ada node menganggur yang siap mengambil pod yang diusir oleh tindakan itu. Jika tidak ditentukan, defaultnya adalah Otomatis. Untuk informasi selengkapnya, lihat aka.ms/aks/nap#node-pools.
|
|
NodeProvisioningMode
|
Mode provisi node. Jika tidak ditentukan, defaultnya adalah Manual.
|
|
OSDiskType
|
Jenis disk OS yang akan digunakan untuk komputer di kumpulan agen. Defaultnya adalah 'Ephemeral' jika VM mendukungnya dan memiliki disk cache yang lebih besar dari OSDiskSizeGB yang diminta. Jika tidak, default ke 'Terkelola'. Mungkin tidak diubah setelah pembuatan. Untuk informasi selengkapnya, lihatOS Ephemeral .
|
|
OSSKU
|
Menentukan SKU OS yang digunakan oleh kumpulan agen. Defaultnya adalah Ubuntu jika OSType adalah Linux. Defaultnya adalah Windows2019 saat Kubernetes <= 1.24 atau Windows2022 saat Kubernetes >= 1.25 jika OSType Windows.
|
|
OSType
|
Jenis sistem operasi. Defaultnya adalah Linux.
|
|
OutboundType
|
Metode perutean keluar (keluar). Ini hanya dapat diatur pada waktu pembuatan kluster dan tidak dapat diubah nanti. Untuk informasi selengkapnya, lihat egress outbound type.
|
|
PodIPAllocationMode
|
Mode Alokasi IP Pod. Mode alokasi IP untuk pod di kumpulan agen. Harus digunakan dengan podSubnetId. Defaultnya adalah 'DynamicIndividual'.
|
|
PortRange
|
Rentang port.
|
|
PowerState
|
Menjelaskan Status Daya kluster
|
|
PrivateLinkResource
|
Sumber daya tautan privat
|
|
Protocol
|
Protokol jaringan port.
|
|
ProxyRedirectionMechanism
|
Mode pengalihan lalu lintas.
|
|
PublicNetworkAccess
|
PublicNetworkAccess dari managedCluster. Mengizinkan atau menolak access jaringan publik untuk AKS
|
|
ResourceIdentityType
|
Jenis identitas yang digunakan untuk kluster terkelola. Untuk informasi selengkapnya, lihat menggunakan identitas terkelola di AKS.
|
|
ResourceReference
|
Referensi ke sumber daya Azure.
|
|
RestrictionLevel
|
Tingkat pembatasan diterapkan ke grup sumber daya simpul kluster. Jika tidak ditentukan, defaultnya adalah 'Tidak Dibatasi'
|
|
ScaleDownMode
|
Menjelaskan bagaimana VM ditambahkan ke atau dihapus dari Kumpulan Agen. Lihat status penagihan.
|
|
ScaleProfile
|
Spesifikasi tentang cara menskalakan kumpulan agen VirtualMachines.
|
|
ScaleSetEvictionPolicy
|
Kebijakan penggusuran Set Skala Komputer Virtual. Kebijakan penggusuran menentukan apa yang to do dengan VM saat diusir. Defaultnya adalah Hapus. Untuk informasi selengkapnya tentang penggusuran, lihat spot VMs
|
|
ScaleSetPriority
|
Prioritas Set Skala Komputer Virtual.
|
|
ServiceMeshMode
|
Mode jala layanan.
|
|
ServiceMeshProfile
|
Profil jala layanan untuk kluster terkelola.
|
|
SysctlConfig
|
Pengaturan Sysctl untuk simpul agen Linux.
|
|
systemData
|
Metadata yang berkaitan dengan pembuatan dan modifikasi terakhir sumber daya.
|
|
TransitEncryptionType
|
Mengonfigurasi enkripsi pod-ke-pod. Ini hanya dapat diaktifkan pada kluster berbasis Cilium. Jika tidak ditentukan, nilai defaultnya adalah Tidak Ada.
|
|
UndrainableNodeBehavior
|
Menentukan perilaku untuk simpul yang tidak dapat dibatalkan selama peningkatan. Penyebab paling umum dari simpul yang tidak dapat dibatalkan adalah Anggaran Gangguan Pod (PDB), tetapi masalah lain, seperti masa tenggang penghentian pod melebihi batas waktu pengurasan per node yang tersisa atau pod masih dalam keadaan berjalan, juga dapat menyebabkan simpul yang tidak dapat dibatalkan.
|
|
UpgradeChannel
|
Saluran peningkatan untuk peningkatan otomatis. Defaultnya adalah 'none'. Untuk informasi selengkapnya, lihat mengatur saluran peningkatan otomatis kluster AKS.
|
|
UpgradeOverrideSettings
|
Pengaturan untuk mengambil alih saat memutakhirkan kluster.
|
|
UserAssignedIdentity
|
Detail tentang identitas yang ditetapkan pengguna.
|
|
VirtualMachineNodes
|
Status saat ini pada sekelompok simpul dengan ukuran vm yang sama.
|
|
VirtualMachinesProfile
|
Spesifikasi tentang kumpulan agen VirtualMachines.
|
|
WindowsGmsaProfile
|
Profil gMSA Windows di kluster terkelola.
|
|
WorkloadRuntime
|
Menentukan jenis beban kerja yang dapat dijalankan simpul.
|
AccelerationMode
Enumerasi
Aktifkan opsi akselerasi jaringan lanjutan. Hal ini memungkinkan pengguna untuk mengonfigurasi akselerasi menggunakan perutean host BPF. Ini hanya dapat diaktifkan dengan bidang data Cilium. Jika tidak ditentukan, nilai defaultnya adalah Tidak Ada (tidak ada akselerasi). Mode akselerasi dapat diubah pada kluster yang sudah ada sebelumnya. Lihat https://aka.ms/acnsperformance untuk penjelasan rinci
| Nilai |
Deskripsi |
|
BpfVeth
|
Aktifkan perutean host eBPF dengan mode perangkat veth.
|
|
None
|
Nonaktifkan opsi akselerasi.
|
AdvancedNetworking
Objek
Profil Jaringan Tingkat Lanjut untuk mengaktifkan rangkaian fitur pengamatan dan keamanan pada kluster. Untuk informasi selengkapnya, lihat aka.ms/aksadvancednetworking.
| Nama |
Jenis |
Deskripsi |
|
enabled
|
boolean
|
Menunjukkan pengaktifan fungsionalitas Jaringan Tingkat Lanjut pengamatan dan keamanan pada kluster AKS. Ketika ini diatur ke true, semua fitur pengamatan dan keamanan akan diatur ke diaktifkan kecuali dinonaktifkan secara eksplisit. Jika tidak ditentukan, defaultnya adalah false.
|
|
observability
|
AdvancedNetworkingObservability
|
Profil pengamatan untuk mengaktifkan metrik jaringan tingkat lanjut dan log alur dengan konteks historis.
|
|
performance
|
AdvancedNetworkingPerformance
|
Profil untuk mengaktifkan fitur peningkatan performa pada kluster yang menggunakan Azure CNI yang didukung oleh Cilium.
|
|
security
|
AdvancedNetworkingSecurity
|
Profil keamanan untuk mengaktifkan fitur keamanan pada kluster berbasis cilium.
|
AdvancedNetworkingObservability
Objek
Profil pengamatan untuk mengaktifkan metrik jaringan tingkat lanjut dan log alur dengan konteks historis.
| Nama |
Jenis |
Deskripsi |
|
enabled
|
boolean
|
Menunjukkan pengaktifan fungsi pengamatan Jaringan Tingkat Lanjut pada kluster.
|
Objek
Profil untuk mengaktifkan fitur peningkatan performa pada kluster yang menggunakan Azure CNI yang didukung oleh Cilium.
| Nama |
Jenis |
Nilai default |
Deskripsi |
|
accelerationMode
|
AccelerationMode
|
None
|
Aktifkan opsi akselerasi jaringan lanjutan. Hal ini memungkinkan pengguna untuk mengonfigurasi akselerasi menggunakan perutean host BPF. Ini hanya dapat diaktifkan dengan bidang data Cilium. Jika tidak ditentukan, nilai defaultnya adalah Tidak Ada (tidak ada akselerasi). Mode akselerasi dapat diubah pada kluster yang sudah ada sebelumnya. Lihat https://aka.ms/acnsperformance untuk penjelasan rinci
|
AdvancedNetworkingSecurity
Objek
Profil keamanan untuk mengaktifkan fitur keamanan pada kluster berbasis cilium.
| Nama |
Jenis |
Deskripsi |
|
advancedNetworkPolicies
|
AdvancedNetworkPolicies
|
Aktifkan kebijakan jaringan lanjutan. Ini memungkinkan pengguna untuk mengonfigurasi kebijakan jaringan Lapisan 7 (FQDN, HTTP, Kafka). Kebijakan itu sendiri harus dikonfigurasi melalui sumber daya Kebijakan Jaringan Cilium, lihat https://docs.cilium.io/en/latest/security/policy/index.html. Ini hanya dapat diaktifkan pada kluster berbasis cilium. Jika tidak ditentukan, nilai defaultnya adalah FQDN jika security.enabled diatur ke true.
|
|
enabled
|
boolean
|
Fitur ini memungkinkan pengguna untuk mengonfigurasi kebijakan jaringan berdasarkan nama DNS (FQDN). Ini hanya dapat diaktifkan pada kluster berbasis cilium. Jika tidak ditentukan, defaultnya adalah false.
|
|
transitEncryption
|
AdvancedNetworkingSecurityTransitEncryption
|
Konfigurasi enkripsi untuk kluster berbasis Cilium. Setelah diaktifkan, semua lalu lintas antara pod yang dikelola Cilium akan dienkripsi saat meninggalkan batas node.
|
AdvancedNetworkingSecurityTransitEncryption
Objek
Konfigurasi enkripsi untuk kluster berbasis Cilium. Setelah diaktifkan, semua lalu lintas antara pod yang dikelola Cilium akan dienkripsi saat meninggalkan batas node.
| Nama |
Jenis |
Deskripsi |
|
type
|
TransitEncryptionType
|
Mengonfigurasi enkripsi pod-ke-pod. Ini hanya dapat diaktifkan pada kluster berbasis Cilium. Jika tidak ditentukan, nilai defaultnya adalah Tidak Ada.
|
AdvancedNetworkPolicies
Enumerasi
Aktifkan kebijakan jaringan lanjutan. Ini memungkinkan pengguna untuk mengonfigurasi kebijakan jaringan Lapisan 7 (FQDN, HTTP, Kafka). Kebijakan itu sendiri harus dikonfigurasi melalui sumber daya Kebijakan Jaringan Cilium, lihat https://docs.cilium.io/en/latest/security/policy/index.html. Ini hanya dapat diaktifkan pada kluster berbasis cilium. Jika tidak ditentukan, nilai defaultnya adalah FQDN jika security.enabled diatur ke true.
| Nilai |
Deskripsi |
|
L7
|
Aktifkan kebijakan jaringan Layer7 (FQDN, HTTP/S, Kafka). Opsi ini adalah superset dari opsi FQDN.
|
|
FQDN
|
Mengaktifkan kebijakan jaringan berbasis FQDN
|
|
None
|
Menonaktifkan kebijakan jaringan Layer 7 (FQDN, HTTP/S, Kafka)
|
AgentPoolArtifactStreamingProfile
Objek
Profil streaming artefak untuk kumpulan agen.
| Nama |
Jenis |
Deskripsi |
|
enabled
|
boolean
|
Streaming artefak mempercepat cold-start kontainer pada node melalui pemuatan gambar sesuai permintaan. Untuk menggunakan fitur ini, gambar kontainer juga harus mengaktifkan streaming artefak di ACR. Jika tidak ditentukan, defaultnya adalah false.
|
AgentPoolGatewayProfile
Objek
Profil kumpulan agen gateway kluster terkelola.
| Nama |
Jenis |
Nilai default |
Deskripsi |
|
publicIPPrefixSize
|
integer
(int32)
minimum: 28
maximum: 31
|
31
|
Kumpulan agen Gateway mengaitkan satu IPPrefix publik untuk setiap gateway keluar statis untuk menyediakan jalan keluar publik. Ukuran IPPrefix Publik harus dipilih oleh pengguna. Setiap simpul di kumpulan agen ditetapkan dengan satu IP dari IPPrefix. Dengan demikian, ukuran IPPrefix berfungsi sebagai batas pada ukuran kumpulan agen Gateway. Karena batasan ukuran IPPrefix publik Azure, rentang nilai yang valid adalah [28, 31] (/31 = 2 node/IP, /30 = 4 node/IP, /29 = 8 node/IP, /28 = 16 node/IP). Nilai defaultnya adalah 31.
|
AgentPoolMode
Enumerasi
Mode kumpulan agen. Kluster harus memiliki setidaknya satu Kumpulan Agen 'Sistem' setiap saat. Untuk informasi tambahan tentang pembatasan dan praktik terbaik kumpulan agen, lihat: https://docs.microsoft.com/azure/aks/use-system-pools
| Nilai |
Deskripsi |
|
System
|
Kumpulan agen sistem terutama untuk menghosting pod sistem penting seperti CoreDNS dan metrics-server. Kumpulan agen sistem osType harus Linux. SKU VM kumpulan agen sistem harus memiliki setidaknya 2vCPU dan memori 4GB.
|
|
User
|
Kumpulan agen pengguna terutama untuk menghosting pod aplikasi Anda.
|
|
Gateway
|
Kumpulan agen gateway didedikasikan untuk menyediakan IP keluar statis ke pod. Untuk detail lebih lanjut, lihat https://aka.ms/aks/static-egress-gateway.
|
AgentPoolNetworkProfile
Objek
Pengaturan jaringan kumpulan agen.
| Nama |
Jenis |
Deskripsi |
|
allowedHostPorts
|
PortRange[]
|
Rentang port yang diizinkan untuk diakses. Rentang yang ditentukan diizinkan untuk tumpang tindih.
|
|
applicationSecurityGroups
|
string[]
(arm-id)
|
ID grup keamanan aplikasi yang akan dikaitkan dengan kumpulan agen saat dibuat.
|
|
nodePublicIPTags
|
IPTag[]
|
IPTag IP publik tingkat instans.
|
AgentPoolSecurityProfile
Objek
Pengaturan keamanan kumpulan agen.
| Nama |
Jenis |
Deskripsi |
|
enableSecureBoot
|
boolean
|
Boot Aman adalah fitur Peluncuran Tepercaya yang memastikan bahwa hanya sistem operasi dan driver yang ditandatangani yang dapat melakukan booting. Untuk detail selengkapnya, lihat aka.ms/aks/trustedlaunch. Jika tidak ditentukan, defaultnya adalah false.
|
|
enableVTPM
|
boolean
|
vTPM adalah fitur Peluncuran Tepercaya untuk mengonfigurasi brankas aman khusus untuk kunci dan pengukuran yang disimpan secara lokal pada simpul. Untuk detail selengkapnya, lihat aka.ms/aks/trustedlaunch. Jika tidak ditentukan, defaultnya adalah false.
|
|
sshAccess
|
AgentPoolSSHAccess
|
Metode akses SSH dari kumpulan agen.
|
AgentPoolSSHAccess
Enumerasi
Metode akses SSH dari kumpulan agen.
| Nilai |
Deskripsi |
|
LocalUser
|
Dapat SSH ke node sebagai pengguna lokal menggunakan kunci pribadi.
|
|
Disabled
|
Layanan SSH akan dimatikan pada node.
|
AgentPoolStatus
Objek
Berisi informasi baca-saja tentang Kumpulan Agen.
| Nama |
Jenis |
Deskripsi |
|
provisioningError
|
ErrorDetail
|
Informasi detail kesalahan kumpulan agen. Mempertahankan info terperinci kegagalan. Jika tidak ada kesalahan, bidang ini dihilangkan.
|
AgentPoolType
Enumerasi
Jenis Kumpulan Agen.
| Nilai |
Deskripsi |
|
VirtualMachineScaleSets
|
Buat Kumpulan Agen yang didukung oleh Set Skala Komputer Virtual.
|
|
AvailabilitySet
|
Penggunaan ini sangat tidak disarankan.
|
|
VirtualMachines
|
Buat Kumpulan Agen yang didukung oleh mode orkestrasi VM Instans Tunggal.
|
AgentPoolUpgradeSettings
Objek
Pengaturan untuk memutakhirkan agentpool
| Nama |
Jenis |
Deskripsi |
|
drainTimeoutInMinutes
|
integer
(int32)
minimum: 1
maximum: 1440
|
Batas waktu pengurasan untuk node. Jumlah waktu (dalam menit) untuk menunggu pengeluaran pod dan penghentian anggun per simpul. Waktu tunggu pengeluaran ini menghormati menunggu anggaran gangguan pod. Jika waktu ini terlampaui, peningkatan gagal. Jika tidak ditentukan, defaultnya adalah 30 menit.
|
|
maxSurge
|
string
|
Jumlah maksimum atau persentase simpul yang melonjak selama peningkatan. Ini dapat diatur ke bilangan bulat (misalnya '5') atau persentase (misalnya ' 50%'). Jika persentase ditentukan, persentase dari total ukuran kumpulan agen pada saat peningkatan. Untuk persentase, simpul pecahan dibulatkan ke atas. Jika tidak ditentukan, defaultnya adalah 10%. Untuk informasi selengkapnya, termasuk praktik terbaik, lihat: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster
|
|
maxUnavailable
|
string
|
Jumlah maksimum atau persentase simpul yang secara bersamaan tidak tersedia selama peningkatan. Ini dapat diatur ke bilangan bulat (misalnya '1') atau persentase (misalnya '5%'). Jika persentase ditentukan, persentase dari total ukuran kumpulan agen pada saat peningkatan. Untuk persentase, simpul pecahan dibulatkan ke atas. Jika tidak ditentukan, defaultnya adalah 0. Untuk informasi selengkapnya, termasuk praktik terbaik, lihat: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster
|
|
nodeSoakDurationInMinutes
|
integer
(int32)
minimum: 0
maximum: 30
|
Durasi perendaman untuk node. Jumlah waktu (dalam menit) untuk menunggu setelah menguras simpul dan sebelum menggantinya dan beralih ke simpul berikutnya. Jika tidak ditentukan, defaultnya adalah 0 menit.
|
|
undrainableNodeBehavior
|
UndrainableNodeBehavior
|
Menentukan perilaku untuk simpul yang tidak dapat dibatalkan selama peningkatan. Penyebab paling umum dari simpul yang tidak dapat dibatalkan adalah Anggaran Gangguan Pod (PDB), tetapi masalah lain, seperti masa tenggang penghentian pod melebihi batas waktu pengurasan per node yang tersisa atau pod masih dalam keadaan berjalan, juga dapat menyebabkan simpul yang tidak dapat dibatalkan.
|
AgentPoolWindowsProfile
Objek
Profil spesifik kumpulan agen Windows.
| Nama |
Jenis |
Deskripsi |
|
disableOutboundNat
|
boolean
|
Apakah akan menonaktifkan OutboundNAT di simpul windows. Nilai defaultnya adalah false. NAT keluar hanya dapat dinonaktifkan jika outboundType kluster adalah NAT Gateway dan kumpulan agen Windows tidak mengaktifkan IP publik node.
|
ArtifactSource
Enumerasi
Sumber artefak. Sumber tempat artifacts diunduh.
| Nilai |
Deskripsi |
|
Cache
|
menarik gambar dari Azure Container Registry dengan cache
|
|
Direct
|
menarik gambar dari Microsoft Artifact Registry
|
AzureKeyVaultKms
Objek
Pengaturan layanan manajemen kunci Azure Key Vault untuk profil keamanan.
| Nama |
Jenis |
Nilai default |
Deskripsi |
|
enabled
|
boolean
|
|
Apakah akan mengaktifkan layanan manajemen kunci Azure Key Vault. Defaultnya adalah false.
|
|
keyId
|
string
|
|
Pengidentifikasi kunci Azure Key Vault. Lihat format pengidentifikasi kunci untuk detail selengkapnya. Saat layanan manajemen kunci Azure Key Vault diaktifkan, bidang ini diperlukan dan harus menjadi pengidentifikasi kunci yang valid. Saat layanan manajemen kunci Azure Key Vault dinonaktifkan, biarkan bidang kosong.
|
|
keyVaultNetworkAccess
|
KeyVaultNetworkAccessTypes
|
Public
|
access jaringan key vault. Jaringan access key vault. Nilai yang mungkin adalah Public dan Private.
Public berarti key vault memungkinkan access publik dari semua jaringan.
Private berarti key vault menonaktifkan access publik dan memungkinkan private link. Nilai defaultnya adalah Public.
|
|
keyVaultResourceId
|
string
(arm-id)
|
|
ID sumber daya brankas kunci. Ketika keyVaultNetworkAccess Private, bidang ini diperlukan dan harus berupa ID sumber daya yang valid. Ketika keyVaultNetworkAccess Public, biarkan bidang kosong.
|
BackendPoolType
Enumerasi
Jenis BackendPool Load Balancer masuk terkelola.
ClusterUpgradeSettings
Objek
Pengaturan untuk memutakhirkan kluster.
Code
Enumerasi
Memberi tahu apakah kluster Sedang Berjalan atau Dihentikan
| Nilai |
Deskripsi |
|
Running
|
Kluster sedang berjalan.
|
|
Stopped
|
Kluster dihentikan.
|
ContainerServiceLinuxProfile
Objek
Profil untuk VM Linux di kluster layanan kontainer.
| Nama |
Jenis |
Deskripsi |
|
adminUsername
|
string
pattern: ^[A-Za-z][-A-Za-z0-9_]*$
|
Nama pengguna administrator yang digunakan untuk VM Linux.
|
|
ssh
|
ContainerServiceSshConfiguration
|
Konfigurasi SSH untuk VM berbasis Linux yang berjalan di Azure.
|
ContainerServiceNetworkProfile
Objek
Profil konfigurasi jaringan.
| Nama |
Jenis |
Nilai default |
Deskripsi |
|
advancedNetworking
|
AdvancedNetworking
|
|
Profil Jaringan Tingkat Lanjut untuk mengaktifkan rangkaian fitur pengamatan dan keamanan pada kluster. Untuk informasi selengkapnya, lihat aka.ms/aksadvancednetworking.
|
|
dnsServiceIP
|
string
pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
|
10.0.0.10
|
Alamat IP yang ditetapkan ke layanan DNS Kubernetes. Ini harus berada dalam rentang alamat layanan Kubernetes yang ditentukan dalam serviceCidr.
|
|
ipFamilies
|
IPFamily[]
|
|
Keluarga IP yang digunakan untuk menentukan versi IP yang tersedia untuk kluster. Keluarga IP digunakan untuk menentukan kluster tumpukan tunggal atau tumpukan ganda. Untuk tumpukan tunggal, nilai yang diharapkan adalah IPv4. Untuk dual-stack, nilai yang diharapkan adalah IPv4 dan IPv6.
|
|
loadBalancerProfile
|
ManagedClusterLoadBalancerProfile
|
|
Profil load balancer kluster.
|
|
loadBalancerSku
|
LoadBalancerSku
|
|
Sku load balancer untuk kluster terkelola. Defaultnya adalah 'standar'. Lihat SKU Azure Load Balancer untuk informasi selengkapnya tentang perbedaan antara SKU load balancer.
|
|
natGatewayProfile
|
ManagedClusterNATGatewayProfile
|
|
Profil gateway NAT kluster.
|
|
networkDataplane
|
NetworkDataplane
|
|
Dataplane jaringan yang digunakan dalam kluster Kubernetes.
|
|
networkMode
|
NetworkMode
|
|
Mode jaringan Azure CNI dikonfigurasi dengan. Ini tidak dapat ditentukan jika networkPlugin adalah apa pun selain 'azure'.
|
|
networkPlugin
|
NetworkPlugin
|
|
Plugin jaringan yang digunakan untuk membangun jaringan Kubernetes.
|
|
networkPluginMode
|
NetworkPluginMode
|
|
Mode yang harus digunakan plugin jaringan.
|
|
networkPolicy
|
NetworkPolicy
|
|
Kebijakan jaringan yang digunakan untuk membangun jaringan Kubernetes.
|
|
outboundType
|
OutboundType
|
loadBalancer
|
Metode perutean keluar (keluar). Ini hanya dapat diatur pada waktu pembuatan kluster dan tidak dapat diubah nanti. Untuk informasi selengkapnya, lihat egress outbound type.
|
|
podCidr
|
string
pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
|
10.244.0.0/16
|
IP notasi CIDR berkisar dari mana untuk menetapkan IP pod saat kubenet digunakan.
|
|
podCidrs
|
string[]
|
|
IP notasi CIDR berkisar untuk menetapkan IP pod. Satu CIDR IPv4 diharapkan untuk jaringan tumpukan tunggal. Dua CIDR, satu untuk setiap keluarga IP (IPv4/IPv6), diharapkan untuk jaringan tumpukan ganda.
|
|
serviceCidr
|
string
pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
|
10.0.0.0/16
|
IP notasi CIDR berkisar untuk menetapkan IP kluster layanan. Ini tidak boleh tumpang tindih dengan rentang IP Subnet apa pun.
|
|
serviceCidrs
|
string[]
|
|
IP notasi CIDR berkisar dari mana untuk menetapkan IP kluster layanan. Satu CIDR IPv4 diharapkan untuk jaringan tumpukan tunggal. Dua CIDR, satu untuk setiap keluarga IP (IPv4/IPv6), diharapkan untuk jaringan tumpukan ganda. Mereka tidak boleh tumpang tindih dengan rentang IP Subnet apa pun.
|
|
staticEgressGatewayProfile
|
ManagedClusterStaticEgressGatewayProfile
|
|
Profil untuk addon Gateway Keluar Statis. Untuk detail selengkapnya tentang Gateway Keluar Statis, lihat https://aka.ms/aks/static-egress-gateway.
|
ContainerServiceSshConfiguration
Objek
Konfigurasi SSH untuk VM berbasis Linux yang berjalan di Azure.
| Nama |
Jenis |
Deskripsi |
|
publicKeys
|
ContainerServiceSshPublicKey[]
|
Daftar kunci publik SSH yang digunakan untuk mengautentikasi dengan VM berbasis Linux. Maksimal 1 kunci dapat ditentukan.
|
ContainerServiceSshPublicKey
Objek
Berisi informasi tentang data kunci publik sertifikat SSH.
| Nama |
Jenis |
Deskripsi |
|
keyData
|
string
|
Kunci publik sertifikat yang digunakan untuk mengautentikasi dengan VM melalui SSH. Sertifikat harus dalam format PEM dengan atau tanpa header.
|
createdByType
Enumerasi
Jenis identitas yang membuat sumber daya.
| Nilai |
Deskripsi |
|
User
|
|
|
Application
|
|
|
ManagedIdentity
|
|
|
Key
|
|
CreationData
Objek
Data yang digunakan saat membuat sumber daya target dari sumber daya sumber.
| Nama |
Jenis |
Deskripsi |
|
sourceResourceId
|
string
(arm-id)
|
Ini adalah ID ARM dari objek sumber yang akan digunakan untuk membuat objek target.
|
DelegatedResource
Objek
Properti sumber daya yang didelegasikan - hanya penggunaan internal.
| Nama |
Jenis |
Deskripsi |
|
location
|
string
|
Lokasi sumber daya sumber - hanya penggunaan internal.
|
|
referralResource
|
string
|
Id delegasi dari delegasi rujukan (opsional) - hanya penggunaan internal.
|
|
resourceId
|
string
|
Id sumber daya ARM dari sumber daya yang didelegasikan - hanya penggunaan internal.
|
|
tenantId
|
string
(uuid)
|
Id penyewa dari sumber daya yang didelegasikan - hanya penggunaan internal.
|
ErrorAdditionalInfo
Objek
Info tambahan kesalahan manajemen sumber daya.
| Nama |
Jenis |
Deskripsi |
|
info
|
object
|
Info tambahan.
|
|
type
|
string
|
Jenis info tambahan.
|
ErrorDetail
Objek
Detail kesalahan.
| Nama |
Jenis |
Deskripsi |
|
additionalInfo
|
ErrorAdditionalInfo[]
|
Info tambahan kesalahan.
|
|
code
|
string
|
Kode kesalahan.
|
|
details
|
ErrorDetail[]
|
Rincian kesalahan.
|
|
message
|
string
|
Pesan kesalahan.
|
|
target
|
string
|
Sasaran kesalahan.
|
ErrorResponse
Objek
Tanggapan kesalahan
| Nama |
Jenis |
Deskripsi |
|
error
|
ErrorDetail
|
Objek kesalahan.
|
Expander
Enumerasi
Expander untuk digunakan saat meningkatkan skala. Jika tidak ditentukan, defaultnya adalah 'acak'. Lihat expander untuk informasi selengkapnya.
| Nilai |
Deskripsi |
|
least-waste
|
Memilih grup simpul yang akan memiliki CPU yang paling tidak aktif (jika diikat, memori yang tidak digunakan) setelah peningkatan skala. Ini berguna ketika Anda memiliki kelas node yang berbeda, misalnya, CPU tinggi atau node memori tinggi, dan hanya ingin memperluasnya ketika ada pod yang tertunda yang membutuhkan banyak sumber daya tersebut.
|
|
most-pods
|
Memilih grup simpul yang akan dapat menjadwalkan pod terbanyak saat meningkatkan skala. Ini berguna ketika Anda menggunakan nodeSelector untuk memastikan pod tertentu mendarat di node tertentu. Perhatikan bahwa ini tidak akan menyebabkan autoscaler memilih simpul yang lebih besar vs. lebih kecil, karena dapat menambahkan beberapa simpul yang lebih kecil sekaligus.
|
|
priority
|
Memilih grup simpul yang memiliki prioritas tertinggi yang ditetapkan oleh pengguna. Konfigurasi ini dijelaskan dalam detail lebih lanjut di sini.
|
|
random
|
Digunakan saat Anda tidak memiliki kebutuhan tertentu untuk grup simpul untuk menskalakan secara berbeda.
|
ExtendedLocation
Objek
Jenis kompleks lokasi yang diperluas.
| Nama |
Jenis |
Deskripsi |
|
name
|
string
|
Nama lokasi yang diperluas.
|
|
type
|
ExtendedLocationTypes
|
Jenis lokasi yang diperluas.
|
ExtendedLocationTypes
Enumerasi
Jenis extendedLocation.
| Nilai |
Deskripsi |
|
EdgeZone
|
Jenis lokasi yang diperluas Azure Edge Zone.
|
GatewayAPIIstioEnabled
Enumerasi
Apakah akan mengaktifkan implementasi Istio sebagai Gateway API untuk ingress terkelola dengan Perutean Aplikasi.
| Nilai |
Deskripsi |
|
Enabled
|
Mengaktifkan masuknya terkelola melalui Gateway API menggunakan controlplane Istio tanpa sidecar.
|
|
Disabled
|
Menonaktifkan sarana kontrol istio tanpa sidecar untuk ingress terkelola melalui Gateway API.
|
GPUDriver
Enumerasi
Apakah akan menginstal driver GPU. Jika tidak ditentukan, defaultnya adalah Instal.
| Nilai |
Deskripsi |
|
Install
|
Pasang driver.
|
|
None
|
Lewati penginstalan driver.
|
GPUInstanceProfile
Enumerasi
GPUInstanceProfile yang akan digunakan untuk menentukan profil instans GPU MIG untuk SKU VM GPU yang didukung.
| Nilai |
Deskripsi |
|
MIG1g
|
Profil instans GPU MIG 1g.
|
|
MIG2g
|
Profil instans GPU MIG 2g.
|
|
MIG3g
|
Profil instans GPU MIG 3g.
|
|
MIG4g
|
Profil instans GPU MIG 4g.
|
|
MIG7g
|
Profil instans GPU MIG 7g.
|
GPUProfile
Objek
Pengaturan GPU untuk Kumpulan Agen.
| Nama |
Jenis |
Deskripsi |
|
driver
|
GPUDriver
|
Apakah akan menginstal driver GPU. Jika tidak ditentukan, defaultnya adalah Instal.
|
IPFamily
Enumerasi
Untuk menentukan apakah alamat termasuk dalam keluarga IPv4 atau IPv6
| Nilai |
Deskripsi |
|
IPv4
|
Keluarga IPv4
|
|
IPv6
|
Keluarga IPv6
|
IPTag
Objek
Berisi IPTag yang terkait dengan objek .
| Nama |
Jenis |
Deskripsi |
|
ipTagType
|
string
|
Jenis tag IP. Contoh: RoutingPreference.
|
|
tag
|
string
|
Nilai tag IP yang terkait dengan IP publik. Contoh: Internet.
|
IstioCertificateAuthority
Objek
Konfigurasi Istio Service Mesh Certificate Authority (CA). Untuk saat ini, kami hanya mendukung sertifikat plugin seperti yang dijelaskan di sini https://aka.ms/asm-plugin-ca
IstioComponents
Objek
Konfigurasi komponen Istio.
IstioEgressGateway
Objek
Konfigurasi gateway keluar Istio.
| Nama |
Jenis |
Deskripsi |
|
enabled
|
boolean
|
Apakah akan mengaktifkan gateway keluar.
|
|
gatewayConfigurationName
|
string
|
Nama sumber daya kustom konfigurasi gateway untuk gateway keluar add-on Istio. Harus ditentukan saat mengaktifkan gateway keluar Istio. Harus disebarkan di namespace yang sama dengan gateway keluar Istio yang akan disebarkan.
|
|
name
|
string
pattern: [a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*
|
Nama gateway keluar add-on Istio.
|
|
namespace
|
string
|
Namespace layanan tempat gateway keluar add-on Istio harus disebarkan. Jika tidak ditentukan, defaultnya adalah aks-istio-egress.
|
IstioIngressGateway
Objek
Konfigurasi gateway masuk Istio. Untuk saat ini, kami mendukung hingga satu gateway ingress eksternal bernama aks-istio-ingressgateway-external dan satu gateway masuk internal bernama aks-istio-ingressgateway-internal.
| Nama |
Jenis |
Deskripsi |
|
enabled
|
boolean
|
Apakah akan mengaktifkan gateway ingress.
|
|
mode
|
IstioIngressGatewayMode
|
Mode gateway masuk.
|
IstioIngressGatewayMode
Enumerasi
Mode gateway masuk.
| Nilai |
Deskripsi |
|
External
|
Gateway ingress diberi alamat IP publik dan dapat diakses secara publik.
|
|
Internal
|
Gateway ingress diberi alamat IP internal dan tidak dapat diakses secara publik.
|
IstioPluginCertificateAuthority
Objek
Informasi sertifikat plugin untuk Service Mesh.
| Nama |
Jenis |
Deskripsi |
|
certChainObjectName
|
string
|
Nama objek rantai sertifikat di Azure Key Vault.
|
|
certObjectName
|
string
|
Nama objek sertifikat menengah di Azure Key Vault.
|
|
keyObjectName
|
string
|
Nama objek kunci privat sertifikat menengah di Azure Key Vault.
|
|
keyVaultId
|
string
(arm-id)
|
ID sumber daya Key Vault.
|
|
rootCertObjectName
|
string
|
Nama objek sertifikat akar di Azure Key Vault.
|
IstioServiceMesh
Objek
Konfigurasi jala layanan Istio.
KeyVaultNetworkAccessTypes
Enumerasi
access jaringan key vault. Jaringan access key vault. Nilai yang mungkin adalah Public dan Private.
Public berarti key vault memungkinkan access publik dari semua jaringan.
Private berarti key vault menonaktifkan access publik dan memungkinkan private link. Nilai defaultnya adalah Public.
| Nilai |
Deskripsi |
|
Public
|
Key vault memungkinkan akses publik dari semua jaringan.
|
|
Private
|
Key vault menonaktifkan akses publik dan mengaktifkan tautan pribadi.
|
KubeletConfig
Objek
Konfigurasi kubelet simpul agen. Lihat konfigurasi node kustom AKS untuk detail selengkapnya.
| Nama |
Jenis |
Deskripsi |
|
allowedUnsafeSysctls
|
string[]
|
Daftar sysctl yang tidak aman atau pola sysctl yang tidak aman (berakhiran *).
|
|
containerLogMaxFiles
|
integer
(int32)
minimum: 2
|
Jumlah maksimum file log kontainer yang dapat tersedia pada sebuah kontainer. Angka harus ≥ 2.
|
|
containerLogMaxSizeMB
|
integer
(int32)
|
Ukuran maksimum (misalnya 10Mi) file log kontainer sebelum diputar.
|
|
cpuCfsQuota
|
boolean
|
Jika pemberlakuan kuota CPU CFS diaktifkan untuk kontainer yang menentukan batas CPU. Nilai bawaan adalah benar.
|
|
cpuCfsQuotaPeriod
|
string
|
Nilai periode kuota CPU CFS. Defaultnya adalah '100ms.' Nilai yang valid adalah urutan angka desimal dengan pecahan opsional dan akhiran unit. Misalnya: '300ms', '2h45m'. Unit yang didukung adalah 'ns', 'us', 'ms', 's', 'm', dan 'h'.
|
|
cpuManagerPolicy
|
string
|
Kebijakan Manajer CPU yang akan digunakan. Defaultnya adalah 'none'. Lihat kebijakan manajemen CPU Kubernetes untuk informasi selengkapnya. Nilai yang diizinkan adalah 'none' dan 'statis'.
|
|
failSwapOn
|
boolean
|
Jika diatur ke true, itu akan membuat Kubelet gagal memulai jika pertukaran diaktifkan pada simpul.
|
|
imageGcHighThreshold
|
integer
(int32)
|
Persentase penggunaan disk setelah pengumpulan sampah gambar selalu dijalankan. Untuk menonaktifkan pengumpulan sampah gambar, atur ke 100. Defaultnya adalah 85%
|
|
imageGcLowThreshold
|
integer
(int32)
|
Persentase penggunaan disk sebelum pengumpulan sampah gambar tidak pernah dijalankan. Ini tidak dapat diatur lebih tinggi dari imageGcHighThreshold. Defaultnya adalah 80%
|
|
podMaxPids
|
integer
(int32)
|
Jumlah maksimum proses per pod.
|
|
topologyManagerPolicy
|
string
|
Kebijakan Manajer Topologi yang akan digunakan. Untuk informasi selengkapnya, lihat Kubernetes Topology Manager. Defaultnya adalah 'none'. Nilai yang diizinkan adalah 'none', 'best-effort', 'restricted', dan 'single-numa-node'.
|
KubeletDiskType
Enumerasi
Menentukan penempatan volume emptyDir, akar data runtime kontainer, dan penyimpanan sementara Kubelet.
| Nilai |
Deskripsi |
|
OS
|
Kubelet akan menggunakan disk OS untuk datanya.
|
|
Temporary
|
Kubelet akan menggunakan disk sementara untuk datanya.
|
KubernetesSupportPlan
Enumerasi
Tingkat dukungan yang berbeda untuk kluster terkelola AKS
| Nilai |
Deskripsi |
|
KubernetesOfficial
|
Dukungan untuk versi sama dengan untuk penawaran Kubernetes sumber terbuka. Versi dukungan komunitas sumber terbuka Kubernetes resmi selama 1 tahun setelah rilis.
|
|
AKSLongTermSupport
|
Dukungan untuk versi diperpanjang melewati dukungan KubernetesOfficial 1 tahun. AKS terus menambal CVE selama 1 tahun lagi, selama total 2 tahun dukungan.
|
LicenseType
Enumerasi
Jenis lisensi yang akan digunakan untuk VM Windows. Lihat Azure Manfaat Pengguna Hibrida untuk detail selengkapnya.
| Nilai |
Deskripsi |
|
None
|
Tidak ada lisensi tambahan yang diterapkan.
|
|
Windows_Server
|
Mengaktifkan Manfaat Pengguna Azure Hybrid untuk VM Windows.
|
LinuxOSConfig
Objek
Konfigurasi OS simpul agen Linux. Lihat konfigurasi node kustom AKS untuk detail selengkapnya.
| Nama |
Jenis |
Deskripsi |
|
swapFileSizeMB
|
integer
(int32)
|
Ukuran dalam MB file swap yang akan dibuat pada setiap simpul.
|
|
sysctls
|
SysctlConfig
|
Pengaturan Sysctl untuk simpul agen Linux.
|
|
transparentHugePageDefrag
|
string
|
Apakah kernel harus menggunakan pemadatan memori yang agresif untuk membuat lebih banyak halaman yang tersedia. Nilai yang valid adalah 'always', 'defer', 'defer+madvise', 'madvise' dan 'never'. Defaultnya adalah 'madvise'. Untuk informasi selengkapnya, lihat Transparent Hugepages.
|
|
transparentHugePageEnabled
|
string
|
Apakah halaman besar transparan diaktifkan. Nilai yang valid adalah 'always', 'madvise', dan 'never'. Defaultnya adalah 'always'. Untuk informasi selengkapnya, lihat Transparent Hugepages.
|
LoadBalancerSku
Enumerasi
Sku load balancer untuk kluster terkelola. Defaultnya adalah 'standar'. Lihat SKU Azure Load Balancer untuk informasi selengkapnya tentang perbedaan antara SKU load balancer.
| Nilai |
Deskripsi |
|
standard
|
Gunakan Load Balancer standar. Ini adalah SKU Load Balancer yang direkomendasikan. Untuk informasi selengkapnya tentang bekerja dengan load balancer di kluster terkelola, lihat artikel Load Balancer standar.
|
|
basic
|
Gunakan Load Balancer dasar dengan fungsionalitas terbatas.
|
LocalDNSForwardDestination
Enumerasi
Server tujuan untuk kueri DNS yang akan diteruskan dari localDNS.
| Nilai |
Deskripsi |
|
ClusterCoreDNS
|
Teruskan kueri DNS dari localDNS ke kluster CoreDNS.
|
|
VnetDNS
|
Teruskan kueri DNS dari localDNS ke server DNS yang dikonfigurasi di VNET. VNET dapat memiliki beberapa server DNS yang dikonfigurasi.
|
LocalDNSForwardPolicy
Enumerasi
Meneruskan kebijakan untuk memilih server DNS hulu. Lihat plugin forward untuk informasi lebih lanjut.
| Nilai |
Deskripsi |
|
Sequential
|
Mengimplementasikan pemilihan server DNS hulu berurutan. Lihat plugin forward untuk informasi lebih lanjut.
|
|
RoundRobin
|
Mengimplementasikan pemilihan server DNS hulu round robin. Lihat plugin forward untuk informasi lebih lanjut.
|
|
Random
|
Mengimplementasikan pemilihan server DNS hulu acak. Lihat plugin forward untuk informasi lebih lanjut.
|
LocalDNSMode
Enumerasi
Mode pemberdayaan untuk localDNS.
| Nilai |
Deskripsi |
|
Preferred
|
Jika versi orkestrator saat ini mendukung fitur ini, lebih suka mengaktifkan localDNS.
|
|
Required
|
Aktifkan localDNS.
|
|
Disabled
|
Nonaktifkan localDNS.
|
LocalDNSOverride
Objek
Penggantian untuk profil localDNS.
| Nama |
Jenis |
Nilai default |
Deskripsi |
|
cacheDurationInSeconds
|
integer
(int32)
|
3600
|
Cache TTL maks dalam hitungan detik. Lihat plugin cache untuk informasi selengkapnya.
|
|
forwardDestination
|
LocalDNSForwardDestination
|
ClusterCoreDNS
|
Server tujuan untuk kueri DNS yang akan diteruskan dari localDNS.
|
|
forwardPolicy
|
LocalDNSForwardPolicy
|
Sequential
|
Meneruskan kebijakan untuk memilih server DNS hulu. Lihat plugin forward untuk informasi lebih lanjut.
|
|
maxConcurrent
|
integer
(int32)
|
1000
|
Jumlah maksimum kueri bersamaan. Lihat plugin forward untuk informasi lebih lanjut.
|
|
protocol
|
LocalDNSProtocol
|
PreferUDP
|
Terapkan TCP atau pilih protokol UDP untuk koneksi dari localDNS ke server DNS hulu.
|
|
queryLogging
|
LocalDNSQueryLogging
|
Error
|
Tingkat log untuk kueri DNS di localDNS.
|
|
serveStale
|
LocalDNSServeStale
|
Immediate
|
Kebijakan untuk menyajikan data kedaluwarsa. Lihat plugin cache untuk informasi selengkapnya.
|
|
serveStaleDurationInSeconds
|
integer
(int32)
|
3600
|
Sajikan durasi basi dalam hitungan detik. Lihat plugin cache untuk informasi selengkapnya.
|
LocalDNSProfile
Objek
Mengonfigurasi DNS lokal per simpul, dengan penggantian VnetDNS dan KubeDNS. LocalDNS membantu meningkatkan performa dan keandalan resolusi DNS dalam kluster AKS. Untuk detail selengkapnya, lihat aka.ms/aks/localdns.
| Nama |
Jenis |
Nilai default |
Deskripsi |
|
kubeDNSOverrides
|
<string,
LocalDNSOverride>
|
|
Penggantian KubeDNS berlaku untuk lalu lintas DNS dari pod dengan dnsPolicy:ClusterFirst (disebut sebagai lalu lintas KubeDNS).
|
|
mode
|
LocalDNSMode
|
Preferred
|
Mode pemberdayaan untuk localDNS.
|
|
state
|
LocalDNSState
|
|
Status localDNS yang dihasilkan sistem.
|
|
vnetDNSOverrides
|
<string,
LocalDNSOverride>
|
|
Penggantian VnetDNS berlaku untuk lalu lintas DNS dari pod dengan dnsPolicy:default atau kubelet (disebut sebagai lalu lintas VnetDNS).
|
LocalDNSProtocol
Enumerasi
Terapkan TCP atau pilih protokol UDP untuk koneksi dari localDNS ke server DNS hulu.
| Nilai |
Deskripsi |
|
PreferUDP
|
Lebih suka protokol UDP untuk koneksi dari localDNS ke server DNS hulu.
|
|
ForceTCP
|
Terapkan protokol TCP untuk koneksi dari localDNS ke server DNS hulu.
|
LocalDNSQueryLogging
Enumerasi
Tingkat log untuk kueri DNS di localDNS.
| Nilai |
Deskripsi |
|
Error
|
Mengaktifkan pengelogan kesalahan di localDNS. Lihat plugin error untuk informasi selengkapnya.
|
|
Log
|
Mengaktifkan pengelogan kueri di localDNS. Lihat plugin log untuk informasi selengkapnya.
|
LocalDNSServeStale
Enumerasi
Kebijakan untuk menyajikan data kedaluwarsa. Lihat plugin cache untuk informasi selengkapnya.
| Nilai |
Deskripsi |
|
Verify
|
Menyajikan data kedaluwarsa dengan verifikasi. Pertama-tama verifikasi bahwa entri masih tidak tersedia dari sumber sebelum mengirim entri kedaluwarsa ke klien. Lihat plugin cache untuk informasi selengkapnya.
|
|
Immediate
|
Segera sajikan data kedaluwarsa. Kirim entri kedaluwarsa ke klien sebelum memeriksa untuk melihat apakah entri tersedia dari sumber. Lihat plugin cache untuk informasi selengkapnya.
|
|
Disable
|
Nonaktifkan penayangan data kedaluwarsa.
|
LocalDNSState
Enumerasi
Status localDNS yang dihasilkan sistem.
| Nilai |
Deskripsi |
|
Enabled
|
localDNS diaktifkan.
|
|
Disabled
|
localDNS dinonaktifkan.
|
ManagedCluster
Objek
Kluster terkelola.
| Nama |
Jenis |
Deskripsi |
|
eTag
|
string
|
Jika eTag disediakan dalam isi respons, eTag juga dapat disediakan sebagai header per konvensi etag normal. Tag entitas digunakan untuk membandingkan dua entitas atau lebih dari sumber daya yang diminta yang sama. HTTP/1.1 menggunakan tag entitas di bidang header etag (bagian 14.19), If-Match (bagian 14.24), Jika-None-Match (bagian 14.26), dan If-Range (bagian 14.27).
|
|
extendedLocation
|
ExtendedLocation
|
Lokasi Komputer Virtual yang diperluas.
|
|
id
|
string
(arm-id)
|
ID sumber daya yang sepenuhnya memenuhi syarat untuk sumber daya. Misalnya "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
|
|
identity
|
ManagedClusterIdentity
|
Identitas kluster terkelola, jika dikonfigurasi.
|
|
kind
|
string
|
Ini terutama digunakan untuk mengekspos pengalaman UI yang berbeda di portal untuk berbagai jenis
|
|
location
|
string
|
Lokasi geografis tempat sumber daya berada
|
|
name
|
string
|
Nama sumber daya
|
|
properties.aadProfile
|
ManagedClusterAADProfile
|
Konfigurasi Azure Active Directory.
|
|
properties.addonProfiles
|
<string,
ManagedClusterAddonProfile>
|
Profil add-on kluster terkelola.
|
|
properties.agentPoolProfiles
|
ManagedClusterAgentPoolProfile[]
|
Properti kumpulan agen.
|
|
properties.aiToolchainOperatorProfile
|
ManagedClusterAIToolchainOperatorProfile
|
Pengaturan operator toolchain AI yang berlaku untuk seluruh kluster.
|
|
properties.apiServerAccessProfile
|
ManagedClusterAPIServerAccessProfile
|
Profil akses untuk server API kluster terkelola.
|
|
properties.autoScalerProfile
|
ManagedClusterPropertiesAutoScalerProfile
|
Parameter yang akan diterapkan ke penskala otomatis kluster saat diaktifkan
|
|
properties.autoUpgradeProfile
|
ManagedClusterAutoUpgradeProfile
|
Konfigurasi peningkatan otomatis.
|
|
properties.azureMonitorProfile
|
ManagedClusterAzureMonitorProfile
|
Profil addon Azure Monitor untuk memantau kluster terkelola.
|
|
properties.azurePortalFQDN
|
string
|
FQDN khusus yang digunakan oleh Portal Microsoft Azure untuk mengakses Kluster Terkelola. FQDN ini hanya untuk digunakan oleh Portal Microsoft Azure dan tidak boleh digunakan oleh klien lain. Portal Microsoft Azure memerlukan header Cross-Origin Resource Sharing (CORS) tertentu untuk dikirim dalam beberapa respons, yang tidak ditangani OLEH APIServer Kubernetes secara default. FQDN khusus ini mendukung CORS, memungkinkan Portal Microsoft Azure berfungsi dengan baik.
|
|
properties.bootstrapProfile
|
ManagedClusterBootstrapProfile
|
Profil konfigurasi bootstrap kluster.
|
|
properties.currentKubernetesVersion
|
string
|
Versi Kubernetes yang dijalankan Kluster Terkelola. Jika kubernetesVersion adalah versi yang sepenuhnya ditentukan <major.minor.patch>, bidang ini akan sama persis dengannya. Jika kubernetesVersion <>major.minor , bidang ini akan berisi versi <> major.minor.patch lengkap yang digunakan.
|
|
properties.disableLocalAccounts
|
boolean
|
Jika akun lokal harus dinonaktifkan pada Kluster Terkelola. Jika diatur ke true, mendapatkan kredensial statis akan dinonaktifkan untuk kluster ini. Ini hanya boleh digunakan pada Kluster Terkelola yang diaktifkan AAD. Untuk detail selengkapnya, lihat menonaktifkan akun lokal.
|
|
properties.diskEncryptionSetID
|
string
(arm-id)
|
ID Sumber Daya dari enkripsi disk yang diatur untuk digunakan untuk mengaktifkan enkripsi saat tidak aktif. Ini berbentuk: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft. Compute/diskEncryptionSets/{encryptionSetName}'
|
|
properties.dnsPrefix
|
string
|
Awalan DNS Dari Kluster Terkelola. Ini tidak dapat diperbarui setelah Kluster Terkelola dibuat.
|
|
properties.enableRBAC
|
boolean
|
Apakah akan mengaktifkan Role-Based Access Control Kubernetes.
|
|
properties.fqdn
|
string
|
FQDN dari kumpulan master.
|
|
properties.fqdnSubdomain
|
string
|
Subdomain FQDN dari kluster privat dengan zona dns privat kustom. Ini tidak dapat diperbarui setelah Kluster Terkelola dibuat.
|
|
properties.hostedSystemProfile
|
ManagedClusterHostedSystemProfile
|
Pengaturan untuk add-on sistem yang dihosting. Untuk informasi selengkapnya, lihat https://aka.ms/aks/automatic/systemcomponents .
|
|
properties.httpProxyConfig
|
ManagedClusterHTTPProxyConfig
|
Konfigurasi untuk menyediakan kluster dengan server proksi HTTP.
|
|
properties.identityProfile
|
<string,
UserAssignedIdentity>
|
Identitas pengguna yang terkait dengan kluster terkelola. Identitas ini akan digunakan oleh kubelet. Hanya satu identitas yang ditetapkan pengguna yang diizinkan. Satu-satunya kunci yang diterima adalah "kubeletidentity", dengan nilai "resourceId": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft. ManagedIdentity/userAssignedIdentities/{identityName}".
|
|
properties.ingressProfile
|
ManagedClusterIngressProfile
|
Profil Ingress untuk kluster terkelola.
|
|
properties.kubernetesVersion
|
string
|
Versi Kubernetes yang ditentukan oleh pengguna. Kedua versi patch <> major.minor.patch (misalnya 1.20.13) dan <> major.minor (misalnya 1,20) didukung. Ketika <> major.minor ditentukan, versi patch GA terbaru yang didukung dipilih secara otomatis. Memperbarui kluster dengan <> major.minor yang sama setelah dibuat (misalnya 1.14.x -> 1.14) tidak akan memicu peningkatan, bahkan jika versi patch yang lebih baru tersedia. Saat Anda meningkatkan kluster AKS yang didukung, versi minor Kubernetes tidak dapat dilewati. Semua peningkatan harus dilakukan secara berurutan dengan nomor versi utama. Misalnya, peningkatan antara 1.14.x -> 1.15.x atau 1.15.x -> 1.16.x diizinkan, namun 1.14.x -> 1.16.x tidak diizinkan. Lihat meningkatkan kluster AKS untuk detail selengkapnya.
|
|
properties.linuxProfile
|
ContainerServiceLinuxProfile
|
Profil untuk VM Linux di Kluster Terkelola.
|
|
properties.maxAgentPools
|
integer
(int32)
|
Jumlah maksimum kumpulan agen untuk kluster terkelola.
|
|
properties.metricsProfile
|
ManagedClusterMetricsProfile
|
Konfigurasi metrik kluster opsional.
|
|
properties.networkProfile
|
ContainerServiceNetworkProfile
|
Profil konfigurasi jaringan.
|
|
properties.nodeProvisioningProfile
|
ManagedClusterNodeProvisioningProfile
|
Pengaturan provisi node yang berlaku untuk seluruh kluster.
|
|
properties.nodeResourceGroup
|
string
|
Nama grup sumber daya yang berisi simpul kumpulan agen.
|
|
properties.nodeResourceGroupProfile
|
ManagedClusterNodeResourceGroupProfile
|
Profil konfigurasi grup sumber daya simpul.
|
|
properties.oidcIssuerProfile
|
ManagedClusterOIDCIssuerProfile
|
Profil penerbit OIDC dari Kluster Terkelola.
|
|
properties.podIdentityProfile
|
ManagedClusterPodIdentityProfile
|
Profil identitas pod dari Kluster Terkelola. Lihat menggunakan identitas pod AAD untuk detail selengkapnya tentang integrasi identitas pod AAD.
|
|
properties.powerState
|
PowerState
|
Status Daya kluster.
|
|
properties.privateFQDN
|
string
|
FQDN kluster privat.
|
|
properties.privateLinkResources
|
PrivateLinkResource[]
|
Sumber daya tautan privat yang terkait dengan kluster.
|
|
properties.provisioningState
|
string
|
Status provisi saat ini.
|
|
properties.publicNetworkAccess
|
PublicNetworkAccess
|
PublicNetworkAccess dari managedCluster. Mengizinkan atau menolak access jaringan publik untuk AKS
|
|
properties.resourceUID
|
string
|
resourceUID secara unik mengidentifikasi ManagedClusters yang menggunakan kembali ARM ResourceIds (yaitu: membuat, menghapus, membuat urutan)
|
|
properties.securityProfile
|
ManagedClusterSecurityProfile
|
Profil keamanan untuk kluster terkelola.
|
|
properties.serviceMeshProfile
|
ServiceMeshProfile
|
Profil jala layanan untuk kluster terkelola.
|
|
properties.servicePrincipalProfile
|
ManagedClusterServicePrincipalProfile
|
Informasi tentang identitas perwakilan layanan untuk kluster yang akan digunakan untuk memanipulasi API Azure.
|
|
properties.status
|
ManagedClusterStatus
|
Berisi informasi baca-saja tentang Kluster Terkelola.
|
|
properties.storageProfile
|
ManagedClusterStorageProfile
|
Profil penyimpanan untuk kluster terkelola.
|
|
properties.supportPlan
|
KubernetesSupportPlan
|
Rencana dukungan untuk Kluster Terkelola. Jika tidak ditentukan, defaultnya adalah 'KubernetesOfficial'.
|
|
properties.upgradeSettings
|
ClusterUpgradeSettings
|
Pengaturan untuk memutakhirkan kluster.
|
|
properties.windowsProfile
|
ManagedClusterWindowsProfile
|
Profil untuk VM Windows di Kluster Terkelola.
|
|
properties.workloadAutoScalerProfile
|
ManagedClusterWorkloadAutoScalerProfile
|
Profil Auto-scaler beban kerja untuk kluster terkelola.
|
|
sku
|
ManagedClusterSKU
|
SKU kluster terkelola.
|
|
systemData
|
systemData
|
Metadata Azure Resource Manager yang berisi informasi createBy dan modifiedBy.
|
|
tags
|
object
|
Tag sumber daya.
|
|
type
|
string
|
Jenis sumber daya. Misalnya, "Microsoft.Compute/virtualMachines" atau "Microsoft.Storage/storageAccounts"
|
ManagedClusterAADProfile
Objek
AADProfile menentukan atribut untuk integrasi Azure Active Directory. Untuk detail selengkapnya, lihat AAD terkelola di AKS.
| Nama |
Jenis |
Deskripsi |
|
adminGroupObjectIDs
|
string[]
|
Daftar ID objek grup AAD yang akan memiliki peran admin kluster.
|
|
clientAppID
|
string
|
(Tidak digunakan lagi) ID aplikasi AAD klien. Pelajari lebih lanjut di https://aka.ms/aks/aad-legacy.
|
|
enableAzureRBAC
|
boolean
|
Apakah akan mengaktifkan Azure RBAC untuk otorisasi Kubernetes.
|
|
managed
|
boolean
|
Apakah akan mengaktifkan AAD terkelola.
|
|
serverAppID
|
string
|
(Tidak digunakan lagi) ID aplikasi AAD server. Pelajari lebih lanjut di https://aka.ms/aks/aad-legacy.
|
|
serverAppSecret
|
string
(password)
|
(Tidak digunakan lagi) Rahasia aplikasi AAD server. Pelajari lebih lanjut di https://aka.ms/aks/aad-legacy.
|
|
tenantID
|
string
|
ID penyewa AAD yang akan digunakan untuk autentikasi. Jika tidak ditentukan, akan menggunakan penyewa langganan penyebaran.
|
ManagedClusterAddonProfile
Objek
Profil add-on Kubernetes untuk kluster terkelola.
| Nama |
Jenis |
Deskripsi |
|
config
|
object
|
Pasangan kunci-nilai untuk mengonfigurasi add-on.
|
|
enabled
|
boolean
|
Apakah add-on diaktifkan atau tidak.
|
|
identity
|
ManagedClusterAddonProfileIdentity
|
Informasi identitas yang ditetapkan pengguna yang digunakan oleh add-on ini.
|
ManagedClusterAddonProfileIdentity
Objek
Informasi identitas yang ditetapkan pengguna yang digunakan oleh add-on ini.
| Nama |
Jenis |
Deskripsi |
|
clientId
|
string
|
ID klien dari identitas yang ditetapkan pengguna.
|
|
objectId
|
string
|
ID objek dari identitas yang ditetapkan pengguna.
|
|
resourceId
|
string
(arm-id)
|
ID sumber daya identitas yang ditetapkan pengguna.
|
ManagedClusterAgentPoolProfile
Objek
Profil untuk kumpulan agen layanan kontainer.
| Nama |
Jenis |
Nilai default |
Deskripsi |
|
artifactStreamingProfile
|
AgentPoolArtifactStreamingProfile
|
|
Konfigurasi untuk menggunakan streaming artefak di AKS.
|
|
availabilityZones
|
string[]
|
|
Daftar Zona ketersediaan yang akan digunakan untuk simpul. Ini hanya dapat ditentukan jika properti AgentPoolType adalah 'VirtualMachineScaleSets'.
|
|
capacityReservationGroupID
|
string
(arm-id)
|
|
ID sumber daya yang sepenuhnya memenuhi syarat dari Grup Reservasi Kapasitas untuk menyediakan virtual machines dari grup Virtual Machines yang dipesan. Ini berbentuk: '/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft. Compute/capacityreservationgroups/{capacityReservationGroupName}' Pelanggan menggunakannya untuk membuat kumpulan agen dengan CRG yang ditentukan. Untuk informasi selengkapnya, lihat Kapasitas Reservasi
|
|
count
|
integer
(int32)
|
|
Jumlah agen (VM) untuk menghosting kontainer docker. Nilai yang diizinkan harus dalam rentang 0 hingga 1000 (inklusif) untuk kumpulan pengguna dan dalam rentang 1 hingga 1000 (inklusif) untuk kumpulan sistem. Nilai defaultnya adalah 1.
|
|
creationData
|
CreationData
|
|
CreationData yang akan digunakan untuk menentukan ID Rekam Jepret sumber jika kumpulan simpul akan dibuat/ditingkatkan menggunakan rekam jepret.
|
|
currentOrchestratorVersion
|
string
|
|
Versi Kubernetes yang dijalankan Kumpulan Agen. Jika orchestratorVersion adalah versi yang sepenuhnya ditentukan <major.minor.patch>, bidang ini akan sama persis dengannya. Jika orchestratorVersion <>major.minor , bidang ini akan berisi versi <> major.minor.patch lengkap yang digunakan.
|
|
eTag
|
string
|
|
String baca-saja unik yang digunakan untuk mengimplementasikan konkurensi optimis. Nilai eTag akan berubah saat sumber daya diperbarui. Tentukan header if-match atau if-none-match dengan nilai eTag untuk permintaan berikutnya guna mengaktifkan konkurensi optimis sesuai konvensi eTag normal.
|
|
enableAutoScaling
|
boolean
|
|
Apakah akan mengaktifkan penskala otomatis
|
|
enableEncryptionAtHost
|
boolean
|
|
Apakah akan mengaktifkan OS berbasis host dan enkripsi drive data. Ini hanya didukung pada ukuran VM tertentu dan di wilayah Azure tertentu. Untuk informasi selengkapnya, lihat: https://docs.microsoft.com/azure/aks/enable-host-encryption
|
|
enableFIPS
|
boolean
|
|
Apakah akan menggunakan OS berkemampuan FIPS. Lihat Menambahkan kumpulan simpul berkemampuan FIPS untuk detail selengkapnya.
|
|
enableNodePublicIP
|
boolean
|
|
Apakah setiap simpul dialokasikan IP publiknya sendiri. Beberapa skenario mungkin memerlukan simpul di kumpulan simpul untuk menerima alamat IP publik khusus mereka sendiri. Skenario umum adalah untuk beban kerja permainan, di mana konsol perlu membuat koneksi langsung ke komputer virtual cloud untuk meminimalkan lompatan. Untuk informasi selengkapnya, lihat menetapkan IP publik per simpul. Defaultnya adalah false.
|
|
enableUltraSSD
|
boolean
|
|
Apakah akan mengaktifkan UltraSSD
|
|
gatewayProfile
|
AgentPoolGatewayProfile
|
|
Profil khusus untuk kumpulan agen terkelola dalam mode Gateway. Bidang ini tidak dapat diatur jika mode kumpulan agen bukan Gateway.
|
|
gpuInstanceProfile
|
GPUInstanceProfile
|
|
GPUInstanceProfile yang akan digunakan untuk menentukan profil instans GPU MIG untuk SKU VM GPU yang didukung.
|
|
gpuProfile
|
GPUProfile
|
|
Pengaturan GPU untuk Kumpulan Agen.
|
|
hostGroupID
|
string
(arm-id)
|
|
ID sumber daya yang sepenuhnya memenuhi syarat dari Grup Host Khusus untuk memprovisikan komputer virtual, hanya digunakan dalam skenario pembuatan dan tidak diizinkan untuk berubah sekali diatur. Ini adalah formulir: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. Untuk informasi selengkapnya, lihat host khusus Azure.
|
|
kubeletConfig
|
KubeletConfig
|
|
Konfigurasi Kubelet pada simpul kumpulan agen.
|
|
kubeletDiskType
|
KubeletDiskType
|
|
Menentukan penempatan volume emptyDir, akar data runtime kontainer, dan penyimpanan sementara Kubelet.
|
|
linuxOSConfig
|
LinuxOSConfig
|
|
Konfigurasi OS simpul agen Linux.
|
|
localDNSProfile
|
LocalDNSProfile
|
|
Mengonfigurasi DNS lokal per simpul, dengan penggantian VnetDNS dan KubeDNS. LocalDNS membantu meningkatkan performa dan keandalan resolusi DNS dalam kluster AKS. Untuk detail selengkapnya, lihat aka.ms/aks/localdns.
|
|
maxCount
|
integer
(int32)
|
|
Jumlah maksimum simpul untuk penskalaan otomatis
|
|
maxPods
|
integer
(int32)
|
|
Jumlah maksimum pod yang dapat berjalan pada simpul.
|
|
messageOfTheDay
|
string
|
|
Pesan hari ini untuk simpul Linux, dikodekan base64. String yang dikodekan base64 yang akan ditulis ke /etc/motd setelah decoding. Ini memungkinkan penyesuaian pesan hari itu untuk simpul Linux. Ini tidak boleh ditentukan untuk simpul Windows. Ini harus berupa string statis (yaitu, akan dicetak mentah dan tidak dijalankan sebagai skrip).
|
|
minCount
|
integer
(int32)
|
|
Jumlah minimum simpul untuk penskalaan otomatis
|
|
mode
|
AgentPoolMode
|
|
Mode kumpulan agen. Kluster harus memiliki setidaknya satu Kumpulan Agen 'Sistem' setiap saat. Untuk informasi tambahan tentang pembatasan dan praktik terbaik kumpulan agen, lihat: https://docs.microsoft.com/azure/aks/use-system-pools
|
|
name
|
string
pattern: ^[a-z][a-z0-9]{0,11}$
|
|
Nama unik profil kumpulan agen dalam konteks langganan dan grup sumber daya. Nama kumpulan agen Windows harus 6 karakter atau kurang.
|
|
networkProfile
|
AgentPoolNetworkProfile
|
|
Pengaturan terkait jaringan kumpulan agen.
|
|
nodeImageVersion
|
string
|
|
Versi gambar simpul
|
|
nodeLabels
|
object
|
|
Label node yang akan dipertahankan di semua simpul di kumpulan agen.
|
|
nodePublicIPPrefixID
|
string
(arm-id)
|
|
ID awalan IP publik tempat simpul VM harus menggunakan IP. Ini adalah formulir: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}
|
|
nodeTaints
|
string[]
|
|
Taint ditambahkan ke simpul baru selama pembuatan dan skala kumpulan simpul. Misalnya, key=value:NoSchedule.
|
|
orchestratorVersion
|
string
|
|
Versi Kubernetes yang ditentukan oleh pengguna. Kedua versi patch <> major.minor.patch (misalnya 1.20.13) dan <> major.minor (misalnya 1,20) didukung. Ketika <> major.minor ditentukan, versi patch GA terbaru yang didukung dipilih secara otomatis. Memperbarui kluster dengan <> major.minor yang sama setelah dibuat (misalnya 1.14.x -> 1.14) tidak akan memicu peningkatan, bahkan jika versi patch yang lebih baru tersedia. Sebagai praktik terbaik, Anda harus meningkatkan semua kumpulan simpul dalam kluster AKS ke versi Kubernetes yang sama. Versi kumpulan simpul harus memiliki versi utama yang sama dengan sarana kontrol. Versi minor kumpulan simpul harus dalam dua versi minor dari versi sarana kontrol. Versi kumpulan simpul tidak boleh lebih besar dari versi sarana kontrol. Untuk informasi selengkapnya, lihat meningkatkan kumpulan simpul.
|
|
osDiskSizeGB
|
integer
(int32)
minimum: 0
maximum: 2048
|
|
Ukuran Disk OS dalam GB yang akan digunakan untuk menentukan ukuran disk untuk setiap komputer di kumpulan master/agen. Jika Anda menentukan 0, itu akan menerapkan ukuran osDisk default sesuai dengan vmSize yang ditentukan.
|
|
osDiskType
|
OSDiskType
|
|
Jenis disk OS yang akan digunakan untuk komputer di kumpulan agen. Defaultnya adalah 'Ephemeral' jika VM mendukungnya dan memiliki disk cache yang lebih besar dari OSDiskSizeGB yang diminta. Jika tidak, default ke 'Terkelola'. Mungkin tidak diubah setelah pembuatan. Untuk informasi selengkapnya, lihatOS Ephemeral .
|
|
osSKU
|
OSSKU
|
|
Menentukan SKU OS yang digunakan oleh kumpulan agen. Defaultnya adalah Ubuntu jika OSType adalah Linux. Defaultnya adalah Windows2019 saat Kubernetes <= 1.24 atau Windows2022 saat Kubernetes >= 1.25 jika OSType Windows.
|
|
osType
|
OSType
|
Linux
|
Jenis sistem operasi. Defaultnya adalah Linux.
|
|
podIPAllocationMode
|
PodIPAllocationMode
|
|
Mode Alokasi IP Pod. Mode alokasi IP untuk pod di kumpulan agen. Harus digunakan dengan podSubnetId. Defaultnya adalah 'DynamicIndividual'.
|
|
podSubnetID
|
string
(arm-id)
|
|
ID subnet yang akan bergabung dengan pod saat diluncurkan. Jika dihilangkan, IP pod secara statis ditetapkan pada subnet simpul (lihat vnetSubnetID untuk detail selengkapnya). Ini adalah formulir: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}
|
|
powerState
|
PowerState
|
|
Apakah Kumpulan Agen sedang berjalan atau dihentikan. Ketika Kumpulan Agen pertama kali dibuat, kumpulan tersebut awalnya Berjalan. Kumpulan Agen dapat dihentikan dengan mengatur bidang ini ke Dihentikan. Kumpulan Agen yang dihentikan menghentikan semua VM-nya dan tidak dikenakan biaya penagihan. Kumpulan Agen hanya dapat dihentikan jika sedang Berjalan dan status provisi Berhasil
|
|
provisioningState
|
string
|
|
Status penyebaran atau provisi saat ini.
|
|
proximityPlacementGroupID
|
string
(arm-id)
|
|
ID untuk Grup Penempatan Kedekatan.
|
|
scaleDownMode
|
ScaleDownMode
|
|
Mode penurunan skala yang akan digunakan saat menskalakan Kumpulan Agen. Ini juga berdampak pada perilaku autoscaler kluster. Jika tidak ditentukan, defaultnya adalah Hapus.
|
|
scaleSetEvictionPolicy
|
ScaleSetEvictionPolicy
|
Delete
|
Kebijakan penggusuran Set Skala Komputer Virtual. Kebijakan penggusuran menentukan apa yang to do dengan VM saat diusir. Defaultnya adalah Hapus. Untuk informasi selengkapnya tentang penggusuran, lihat spot VMs
|
|
scaleSetPriority
|
ScaleSetPriority
|
Regular
|
Prioritas Set Skala Komputer Virtual.
|
|
securityProfile
|
AgentPoolSecurityProfile
|
|
Pengaturan keamanan kumpulan agen.
|
|
spotMaxPrice
|
number
(float)
|
-1
|
Harga maksimum (dalam Dolar AS) yang bersedia Anda bayar untuk instans spot. Nilai yang mungkin adalah nilai desimal apa pun yang lebih besar dari nol atau -1 yang menunjukkan harga default up-to sesuai permintaan. Nilai yang mungkin adalah nilai desimal apa pun yang lebih besar dari nol atau -1 yang menunjukkan kesediaan untuk membayar harga sesuai permintaan. Untuk detail selengkapnya tentang harga spot, lihat harga VM spot
|
|
status
|
AgentPoolStatus
|
|
Berisi informasi baca-saja tentang Kumpulan Agen.
|
|
tags
|
object
|
|
Tag yang akan dipertahankan pada kumpulan agen set skala komputer virtual.
|
|
type
|
AgentPoolType
|
|
Jenis Kumpulan Agen.
|
|
upgradeSettings
|
AgentPoolUpgradeSettings
|
|
Pengaturan untuk memutakhirkan agentpool
|
|
virtualMachineNodesStatus
|
VirtualMachineNodes[]
|
|
Status simpul dalam kumpulan agen VirtualMachines.
|
|
virtualMachinesProfile
|
VirtualMachinesProfile
|
|
Spesifikasi tentang kumpulan agen VirtualMachines.
|
|
vmSize
|
string
|
|
Ukuran VM kumpulan agen. Ketersediaan ukuran VM bervariasi menurut wilayah. Jika sebuah simpul berisi sumber daya komputasi (memori, cpu, dll) pod yang tidak memadai mungkin gagal berjalan dengan benar. Untuk detail selengkapnya tentang ukuran VM terbatas, lihat: https://docs.microsoft.com/azure/aks/quotas-skus-regions
|
|
vnetSubnetID
|
string
(arm-id)
|
|
ID subnet simpul kumpulan agen dan pod opsional akan bergabung pada startup. Jika ini tidak ditentukan, VNET dan subnet akan dihasilkan dan digunakan. Jika tidak ada podSubnetID yang ditentukan, ini berlaku untuk simpul dan pod, jika tidak, pod tersebut hanya berlaku untuk simpul. Ini adalah formulir: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}
|
|
windowsProfile
|
AgentPoolWindowsProfile
|
|
Profil spesifik kumpulan agen Windows.
|
|
workloadRuntime
|
WorkloadRuntime
|
|
Menentukan jenis beban kerja yang dapat dijalankan simpul.
|
Objek
Saat mengaktifkan operator, sekumpulan CRD dan pengontrol terkelola AKS akan diinstal di kluster. Operator mengotomatiskan penyebaran model OSS untuk tujuan inferensi dan/atau pelatihan. Ini menyediakan serangkaian model prasetel dan memungkinkan inferensi terdistribusi terhadapnya.
| Nama |
Jenis |
Deskripsi |
|
enabled
|
boolean
|
Apakah akan mengaktifkan operator rantai alat AI ke kluster. Menunjukkan apakah operator toolchain AI diaktifkan atau tidak.
|
ManagedClusterAPIServerAccessProfile
Objek
Profil akses untuk server API kluster terkelola.
| Nama |
Jenis |
Deskripsi |
|
authorizedIPRanges
|
string[]
|
Rentang IP berwenang untuk mengakses server API Kubernetes. Rentang IP ditentukan dalam format CIDR, misalnya 137.117.106.88/29. Fitur ini tidak kompatibel dengan kluster yang menggunakan IP Publik Per Node, atau kluster yang menggunakan Load Balancer Dasar. Untuk informasi selengkapnya, lihat rentang IP resmi server API.
|
|
disableRunCommand
|
boolean
|
Apakah akan menonaktifkan perintah jalankan untuk kluster atau tidak.
|
|
enablePrivateCluster
|
boolean
|
Apakah akan membuat kluster sebagai kluster privat atau tidak. Untuk detail selengkapnya, lihat Membuat kluster AKS privat.
|
|
enablePrivateClusterPublicFQDN
|
boolean
|
Apakah akan membuat FQDN publik tambahan untuk kluster privat atau tidak.
|
|
enableVnetIntegration
|
boolean
|
Apakah akan mengaktifkan integrasi vnet apiserver untuk kluster atau tidak. Lihat aka.ms/AksVnetIntegration untuk detail selengkapnya.
|
|
privateDNSZone
|
string
|
Mode zona DNS privat untuk kluster. Defaultnya adalah Sistem. Untuk detail selengkapnya, lihat mengonfigurasi zona DNS privat. Nilai yang diizinkan adalah 'sistem' dan 'tidak ada'.
|
|
subnetId
|
string
(arm-id)
|
Subnet yang akan digunakan saat integrasi vnet apiserver diaktifkan. Ini diperlukan saat membuat kluster baru dengan BYO Vnet, atau saat memperbarui kluster yang ada untuk mengaktifkan integrasi vnet apiserver.
|
ManagedClusterAppRoutingIstio
Objek
Konfigurasi untuk menggunakan sarana kontrol Istio tanpa sidecar untuk masuknya terkelola melalui Gateway API dengan Perutean Aplikasi. Lihat https://aka.ms/gateway-on-istio untuk informasi tentang menggunakan Istio untuk ingress melalui Gateway API.
| Nama |
Jenis |
Deskripsi |
|
mode
|
GatewayAPIIstioEnabled
|
Apakah akan mengaktifkan implementasi Istio sebagai Gateway API untuk ingress terkelola dengan Perutean Aplikasi.
|
ManagedClusterAutoUpgradeProfile
Objek
Profil peningkatan otomatis untuk kluster terkelola.
ManagedClusterAzureMonitorProfile
Objek
Profil addon Azure Monitor untuk memantau kluster terkelola.
| Nama |
Jenis |
Deskripsi |
|
appMonitoring
|
ManagedClusterAzureMonitorProfileAppMonitoring
|
Profil Pemantauan Aplikasi untuk Kontainer Aplikasi Kubernetes. Mengumpulkan log, metrik, dan pelacakan aplikasi melalui instrumentasi otomatis aplikasi menggunakan SDK berbasis Azure Monitor OpenTelemetry. Lihat aka.ms/AzureMonitorApplicationMonitoring untuk gambaran umum.
|
|
metrics
|
ManagedClusterAzureMonitorProfileMetrics
|
Profil metrik untuk layanan terkelola Azure Monitor untuk addon Prometheus. Kumpulkan metrik infrastruktur Kubernetes out-of-the-box untuk dikirim ke Ruang Kerja Azure Monitor dan konfigurasikan pengikisan tambahan untuk target kustom. Lihat aka.ms/AzureManagedPrometheus untuk gambaran umum.
|
ManagedClusterAzureMonitorProfileAppMonitoring
Objek
Profil Pemantauan Aplikasi untuk AKS.
ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation
Objek
Instrumentasi otomatis Pemantauan Aplikasi untuk AKS. Menyebarkan webhook yang menginstruksikan beban kerja secara otomatis dengan Microsoft OpenTelemetry Distros untuk mengumpulkan metrik, log, dan pelacakan OpenTelemetry. Lihat https://aka.ms/AKSAppMonitoringDocs dan https://aka.ms/AzureMonitorApplicationMonitoring untuk gambaran umum.
| Nama |
Jenis |
Deskripsi |
|
enabled
|
boolean
|
Menunjukkan apakah instrumentasi Otomatis Pemantauan Aplikasi diaktifkan atau tidak.
|
ManagedClusterAzureMonitorProfileKubeStateMetrics
Objek
Profil Metrik Status Kube untuk addon Azure Managed Prometheus. Pengaturan opsional ini adalah untuk pod kube-state-metrics yang disebarkan dengan addon. Lihat aka.ms/AzureManagedPrometheus-optional-parameters untuk detailnya.
| Nama |
Jenis |
Deskripsi |
|
metricAnnotationsAllowList
|
string
|
Daftar kunci anotasi Kubernetes yang dipisahkan koma yang akan digunakan dalam metrik label sumber daya (Contoh: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). Secara default metrik hanya berisi nama sumber daya dan label namespace layanan.
|
|
metricLabelsAllowlist
|
string
|
Daftar kunci label Kube tambahan yang dipisahkan koma yang akan digunakan dalam metrik label sumber daya (Contoh: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). Secara default metrik hanya berisi nama sumber daya dan label namespace layanan.
|
ManagedClusterAzureMonitorProfileMetrics
Objek
Profil metrik untuk layanan terkelola Azure Monitor untuk addon Prometheus. Kumpulkan metrik infrastruktur Kubernetes out-of-the-box untuk dikirim ke Ruang Kerja Azure Monitor dan konfigurasikan pengikisan tambahan untuk target kustom. Lihat aka.ms/AzureManagedPrometheus untuk gambaran umum.
| Nama |
Jenis |
Deskripsi |
|
enabled
|
boolean
|
Apakah akan mengaktifkan atau menonaktifkan addon Azure Managed Prometheus untuk pemantauan Prometheus. Lihat aka.ms/AzureManagedPrometheus-aks-enable untuk detail tentang mengaktifkan dan menonaktifkan.
|
|
kubeStateMetrics
|
ManagedClusterAzureMonitorProfileKubeStateMetrics
|
Profil Metrik Status Kube untuk addon Azure Managed Prometheus. Pengaturan opsional ini adalah untuk pod kube-state-metrics yang disebarkan dengan addon. Lihat aka.ms/AzureManagedPrometheus-optional-parameters untuk detailnya.
|
ManagedClusterBootstrapProfile
Objek
Profil bootstrap.
| Nama |
Jenis |
Nilai default |
Deskripsi |
|
artifactSource
|
ArtifactSource
|
Direct
|
Sumber artefak. Sumber tempat artifacts diunduh.
|
|
containerRegistryId
|
string
(arm-id)
|
|
Id sumber daya Azure Container Registry. Registri harus memiliki akses jaringan privat, SKU premium, dan redundansi zona.
|
ManagedClusterCostAnalysis
Objek
Konfigurasi analisis biaya untuk kluster
| Nama |
Jenis |
Deskripsi |
|
enabled
|
boolean
|
Apakah akan mengaktifkan analisis biaya. Sku.tier Kluster Terkelola harus diatur ke 'Standar' atau 'Premium' untuk mengaktifkan fitur ini. Mengaktifkan ini akan menambahkan detail Namespace layanan dan Penyebaran Kubernetes ke tampilan Analisis Biaya di portal Microsoft Azure. Jika tidak ditentukan, defaultnya adalah false. Untuk informasi selengkapnya, lihat aka.ms/aks/docs/cost-analysis.
|
ManagedClusterHostedSystemProfile
Objek
Pengaturan untuk add-on sistem yang dihosting.
| Nama |
Jenis |
Deskripsi |
|
enabled
|
boolean
|
Apakah akan mengaktifkan add-on sistem yang dihosting untuk kluster.
|
|
nodeSubnetID
|
string
(arm-id)
|
ID subnet yang akan digabungkan oleh simpul pekerja yang dikelola oleh penyediaan otomatis simpul untuk menjalankan pod beban kerja di penyewa Anda. Ini harus disediakan bersama dengan systemNodeSubnetID dan apiserverAccessProfile.subnetId, dan ketiga ID subnet harus berada di VNet yang sama. Jika Anda tidak menentukannya, AKS akan membuat subnet dalam grup sumber daya terkelola menggunakan CIDR /16 default.
|
|
systemNodeSubnetID
|
string
(arm-id)
|
ID subnet yang akan digabungkan oleh simpul sistem yang dikelola dan dihosting oleh AKS untuk menjalankan add-on sistem penting. ID ini harus disediakan bersama dengan nodeSubnetID dan apiserverAccessProfile.subnetId, dan ketiga ID subnet harus termasuk dalam VNet yang sama. Jika Anda tidak menentukannya, AKS akan membuat subnet dalam grup sumber daya terkelola menggunakan CIDR /26 default.
|
ManagedClusterHTTPProxyConfig
Objek
Konfigurasi proksi HTTP kluster.
| Nama |
Jenis |
Deskripsi |
|
enabled
|
boolean
|
Apakah akan mengaktifkan proksi HTTP. Jika dinonaktifkan, konfigurasi proxy yang ditentukan tidak akan diatur pada pod dan node. Jika tidak ditentukan, defaultnya adalah true.
|
|
httpProxy
|
string
|
Titik akhir server proksi HTTP yang akan digunakan.
|
|
httpsProxy
|
string
|
Titik akhir server proksi HTTPS yang akan digunakan.
|
|
noProxy
|
string[]
|
Titik akhir yang seharusnya tidak melalui proksi.
|
|
trustedCa
|
string
|
Sertifikasi CA alternatif yang digunakan untuk menyambungkan ke server proksi.
|
ManagedClusterIdentity
Objek
Identitas untuk kluster terkelola.
| Nama |
Jenis |
Deskripsi |
|
delegatedResources
|
<string,
DelegatedResource>
|
Sumber daya identitas yang didelegasikan yang ditetapkan ke kluster terkelola ini. Ini hanya dapat diatur oleh Penyedia Sumber Daya Azure lain, dan kluster terkelola hanya menerima satu sumber daya identitas yang didelegasikan. Untuk penggunaan internal saja.
|
|
principalId
|
string
|
Id utama dari identitas yang ditetapkan sistem yang digunakan oleh komponen master.
|
|
tenantId
|
string
|
Id penyewa dari identitas yang ditetapkan sistem yang digunakan oleh komponen master.
|
|
type
|
ResourceIdentityType
|
Jenis identitas yang digunakan untuk kluster terkelola. Untuk informasi selengkapnya, lihat menggunakan identitas terkelola di AKS.
|
|
userAssignedIdentities
|
<string,
ManagedServiceIdentityUserAssignedIdentitiesValue>
|
Identitas pengguna yang terkait dengan kluster terkelola. Identitas ini akan digunakan dalam sarana kontrol. Hanya satu identitas yang ditetapkan pengguna yang diizinkan. Kunci harus BERUPA ID sumber daya ARM dalam formulir: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
|
ManagedClusterIngressProfile
Objek
Profil Ingress untuk kluster layanan kontainer.
ManagedClusterIngressProfileGatewayConfiguration
Objek
Konfigurasi untuk CRD API Gateway terkelola. Lihat https://aka.ms/k8s-gateway-api untuk detail selengkapnya.
ManagedClusterIngressProfileNginx
Objek
Konfigurasi pengontrol ingress Nginx untuk profil ingress kluster terkelola.
| Nama |
Jenis |
Deskripsi |
|
defaultIngressControllerType
|
NginxIngressControllerType
|
Jenis Ingress untuk sumber daya kustom NginxIngressController default
|
ManagedClusterIngressProfileWebAppRouting
Objek
Pengaturan add-on Perutean Aplikasi untuk profil masuk.
ManagedClusterLoadBalancerProfile
Objek
Profil load balancer kluster terkelola.
| Nama |
Jenis |
Nilai default |
Deskripsi |
|
allocatedOutboundPorts
|
integer
(int32)
minimum: 0
maximum: 64000
|
0
|
Jumlah port SNAT yang dialokasikan yang diinginkan per VM. Nilai yang diizinkan berada dalam rentang 0 hingga 64000 (inklusif). Nilai defaultnya adalah 0 yang menghasilkan port alokasi dinamis Azure.
|
|
backendPoolType
|
BackendPoolType
|
NodeIPConfiguration
|
Jenis BackendPool Load Balancer masuk terkelola.
|
|
effectiveOutboundIPs
|
ResourceReference[]
|
|
Sumber daya IP keluar yang efektif dari load balancer kluster.
|
|
enableMultipleStandardLoadBalancers
|
boolean
|
|
Aktifkan beberapa load balancer standar per kluster AKS atau tidak.
|
|
idleTimeoutInMinutes
|
integer
(int32)
minimum: 4
maximum: 120
|
30
|
Batas waktu menganggur aliran keluar yang diinginkan dalam hitung menit. Nilai yang diizinkan berada dalam rentang 4 hingga 120 (inklusif). Nilai defaultnya adalah 30 menit.
|
|
managedOutboundIPs
|
ManagedClusterLoadBalancerProfileManagedOutboundIPs
|
|
IP keluar terkelola yang diinginkan untuk load balancer kluster.
|
|
outboundIPPrefixes
|
ManagedClusterLoadBalancerProfileOutboundIPPrefixes
|
|
Sumber daya Awalan IP keluar yang diinginkan untuk load balancer kluster.
|
|
outboundIPs
|
ManagedClusterLoadBalancerProfileOutboundIPs
|
|
Sumber daya IP keluar yang diinginkan untuk load balancer kluster.
|
ManagedClusterLoadBalancerProfileManagedOutboundIPs
Objek
IP keluar terkelola yang diinginkan untuk load balancer kluster.
| Nama |
Jenis |
Nilai default |
Deskripsi |
|
count
|
integer
(int32)
minimum: 1
maximum: 100
|
1
|
Jumlah IP keluar IPv4 yang diinginkan yang dibuat/dikelola oleh Azure untuk load balancer kluster. Nilai yang diizinkan harus dalam rentang 1 hingga 100 (inklusif). Nilai defaultnya adalah 1.
|
|
countIPv6
|
integer
(int32)
minimum: 0
maximum: 100
|
0
|
Jumlah IP keluar IPv6 yang diinginkan yang dibuat/dikelola oleh Azure untuk load balancer kluster. Nilai yang diizinkan harus dalam rentang 1 hingga 100 (inklusif). Nilai defaultnya adalah 0 untuk tumpukan tunggal dan 1 untuk tumpukan ganda.
|
ManagedClusterLoadBalancerProfileOutboundIPPrefixes
Objek
Sumber daya Awalan IP keluar yang diinginkan untuk load balancer kluster.
| Nama |
Jenis |
Deskripsi |
|
publicIPPrefixes
|
ResourceReference[]
|
Daftar sumber daya awalan IP publik.
|
ManagedClusterLoadBalancerProfileOutboundIPs
Objek
Sumber daya IP keluar yang diinginkan untuk load balancer kluster.
ManagedClusterManagedOutboundIPProfile
Objek
Profil sumber daya IP keluar terkelola dari kluster terkelola.
| Nama |
Jenis |
Nilai default |
Deskripsi |
|
count
|
integer
(int32)
minimum: 1
maximum: 16
|
1
|
Jumlah IP keluar yang diinginkan yang dibuat/dikelola oleh Azure. Nilai yang diizinkan harus dalam rentang 1 hingga 16 (inklusif). Nilai defaultnya adalah 1.
|
ManagedClusterMetricsProfile
Objek
Profil metrik untuk ManagedCluster.
| Nama |
Jenis |
Deskripsi |
|
costAnalysis
|
ManagedClusterCostAnalysis
|
Konfigurasi untuk analisis biaya sumber daya per-Kubernetes terperinci.
|
ManagedClusterNATGatewayProfile
Objek
Profil gateway NAT kluster terkelola.
| Nama |
Jenis |
Nilai default |
Deskripsi |
|
effectiveOutboundIPs
|
ResourceReference[]
|
|
Sumber daya IP keluar yang efektif dari gateway NAT kluster.
|
|
idleTimeoutInMinutes
|
integer
(int32)
minimum: 4
maximum: 120
|
4
|
Batas waktu menganggur aliran keluar yang diinginkan dalam hitung menit. Nilai yang diizinkan berada dalam rentang 4 hingga 120 (inklusif). Nilai defaultnya adalah 4 menit.
|
|
managedOutboundIPProfile
|
ManagedClusterManagedOutboundIPProfile
|
|
Profil sumber daya IP keluar terkelola gateway NAT kluster.
|
ManagedClusterNodeProvisioningProfile
Objek
Profil provisi simpul untuk kluster terkelola.
| Nama |
Jenis |
Nilai default |
Deskripsi |
|
defaultNodePools
|
NodeProvisioningDefaultNodePools
|
Auto
|
Kumpulan Karpenter NodePools (CRD) default yang dikonfigurasi untuk penyediaan simpul. Bidang ini tidak berpengaruh kecuali mode adalah 'Otomatis'. Peringatan: Mengubah ini dari Otomatis ke Tidak Ada pada kluster yang ada akan menyebabkan Karpenter NodePools default dihapus, yang akan menguras dan menghapus simpul yang terkait dengan kumpulan tersebut. Sangat disarankan untuk tidak melakukan ini kecuali ada node menganggur yang siap mengambil pod yang diusir oleh tindakan itu. Jika tidak ditentukan, defaultnya adalah Otomatis. Untuk informasi selengkapnya, lihat aka.ms/aks/nap#node-pools.
|
|
mode
|
NodeProvisioningMode
|
|
Mode provisi node. Jika tidak ditentukan, defaultnya adalah Manual.
|
ManagedClusterNodeResourceGroupProfile
Objek
Profil penguncian grup sumber daya node untuk kluster terkelola.
| Nama |
Jenis |
Deskripsi |
|
restrictionLevel
|
RestrictionLevel
|
Tingkat pembatasan diterapkan ke grup sumber daya simpul kluster. Jika tidak ditentukan, defaultnya adalah 'Tidak Dibatasi'
|
ManagedClusterOIDCIssuerProfile
Objek
Profil penerbit OIDC dari Kluster Terkelola.
| Nama |
Jenis |
Deskripsi |
|
enabled
|
boolean
|
Apakah penerbit OIDC diaktifkan.
|
|
issuerURL
|
string
|
Url pengeluar sertifikat OIDC dari Kluster Terkelola.
|
ManagedClusterPodIdentity
Objek
Detail tentang identitas pod yang ditetapkan ke Kluster Terkelola.
ManagedClusterPodIdentityException
Objek
Pengecualian identitas pod, yang memungkinkan pod dengan label tertentu untuk mengakses titik akhir Azure Instance Metadata Service (IMDS) tanpa dicegat oleh server identitas yang dikelola node (NMI). Lihat menonaktifkan AAD Pod Identity untuk Pod/Aplikasi tertentu untuk detail selengkapnya.
| Nama |
Jenis |
Deskripsi |
|
name
|
string
|
Nama pengecualian identitas pod.
|
|
namespace
|
string
|
Namespace pengecualian identitas pod.
|
|
podLabels
|
object
|
Label pod yang cocok.
|
ManagedClusterPodIdentityProfile
Objek
Profil identitas pod dari Kluster Terkelola. Lihat menggunakan identitas pod AAD untuk detail selengkapnya tentang integrasi identitas pod.
| Nama |
Jenis |
Deskripsi |
|
allowNetworkPluginKubenet
|
boolean
|
Apakah identitas pod diizinkan untuk berjalan pada kluster dengan jaringan Kubenet. Berjalan di Kubenet dinonaktifkan secara default karena sifat keamanan terkait Identitas Pod AAD dan risiko spoofing IP. Lihat menggunakan plugin jaringan Kubenet dengan Identitas Pod AAD untuk informasi selengkapnya.
|
|
enabled
|
boolean
|
Apakah addon identitas pod diaktifkan.
|
|
userAssignedIdentities
|
ManagedClusterPodIdentity[]
|
Identitas pod yang akan digunakan dalam kluster.
|
|
userAssignedIdentityExceptions
|
ManagedClusterPodIdentityException[]
|
Pengecualian identitas pod untuk diizinkan.
|
ManagedClusterPodIdentityProvisioningError
Objek
Respons kesalahan dari provisi identitas pod.
ManagedClusterPodIdentityProvisioningErrorBody
Objek
Respons kesalahan dari provisi identitas pod.
| Nama |
Jenis |
Deskripsi |
|
code
|
string
|
Pengidentifikasi untuk kesalahan. Kode invarian dan dimaksudkan untuk dikonsumsi secara terprogram.
|
|
details
|
ManagedClusterPodIdentityProvisioningErrorBody[]
|
Daftar detail tambahan tentang kesalahan.
|
|
message
|
string
|
Pesan yang menjelaskan kesalahan, dimaksudkan agar cocok untuk ditampilkan di antarmuka pengguna.
|
|
target
|
string
|
Target kesalahan tertentu. Misalnya, nama properti dalam kesalahan.
|
ManagedClusterPodIdentityProvisioningInfo
Objek
Informasi provisi identitas pod.
ManagedClusterPodIdentityProvisioningState
Enumerasi
Status penyediaan identitas pod saat ini.
| Nilai |
Deskripsi |
|
Assigned
|
Identitas pod ditetapkan.
|
|
Canceled
|
Penetapan identitas pod dibatalkan.
|
|
Deleting
|
Identitas pod sedang dihapus.
|
|
Failed
|
Penetapan identitas pod gagal.
|
|
Succeeded
|
Penetapan identitas pod berhasil.
|
|
Updating
|
Identitas pod sedang diperbarui.
|
ManagedClusterPropertiesAutoScalerProfile
Objek
Parameter yang akan diterapkan ke penskala otomatis kluster saat diaktifkan
| Nama |
Jenis |
Deskripsi |
|
balance-similar-node-groups
|
string
|
Mendeteksi kumpulan node serupa dan menyeimbangkan jumlah node di antaranya. Nilai yang valid adalah 'true' dan 'false'
|
|
daemonset-eviction-for-empty-nodes
|
boolean
|
Pod DaemonSet akan dihentikan dengan anggun dari node kosong. Jika diatur ke true, semua pod daemonset pada node kosong akan dikeluarkan sebelum penghapusan node. Jika pod daemonset tidak dapat dikeluarkan, simpul lain akan dipilih untuk penskalaan. Jika diatur ke false, node akan dihapus tanpa memastikan bahwa pod daemonset dihapus atau dikeluarkan.
|
|
daemonset-eviction-for-occupied-nodes
|
boolean
|
Pod DaemonSet akan dihentikan dengan anggun dari node yang tidak kosong. Jika diatur ke true, semua pod daemonset pada simpul yang ditempati akan dikeluarkan sebelum penghapusan node. Jika pod daemonset tidak dapat dikeluarkan, simpul lain akan dipilih untuk penskalaan. Jika diatur ke false, node akan dihapus tanpa memastikan bahwa pod daemonset dihapus atau dikeluarkan.
|
|
expander
|
Expander
|
Expander untuk digunakan saat meningkatkan skala. Jika tidak ditentukan, defaultnya adalah 'acak'. Lihat expander untuk informasi selengkapnya.
|
|
ignore-daemonsets-utilization
|
boolean
|
Haruskah CA mengabaikan pod DaemonSet saat menghitung pemanfaatan sumber daya untuk menurunkan skala. Jika diatur ke true, sumber daya yang digunakan oleh daemonset akan diperhitungkan saat membuat keputusan penurunan skala.
|
|
max-empty-bulk-delete
|
string
|
Jumlah maksimum simpul kosong yang dapat dihapus secara bersamaan. Ini harus bilangan bulat positif. Nilai default adalah 10.
|
|
max-graceful-termination-sec
|
string
|
Jumlah detik maksimum autoscaler kluster menunggu penghentian pod saat mencoba menurunkan skala node. Defaultnya adalah 600.
|
|
max-node-provision-time
|
string
|
Waktu maksimum penskala otomatis menunggu simpul diprovisikan. Defaultnya adalah '15m'. Nilai harus berupa bilangan bulat diikuti dengan 'm'. Tidak ada unit waktu selain menit (m) yang didukung.
|
|
max-total-unready-percentage
|
string
|
Persentase maksimum simpul yang belum dibaca dalam kluster. Setelah persentase ini terlampaui, autoscaler kluster menghentikan operasi. Defaultnya adalah 45. Maksimum adalah 100 dan minimum adalah 0.
|
|
new-pod-scale-up-delay
|
string
|
Abaikan pod yang tidak terjadwal sebelum usia tertentu. Untuk skenario seperti skala burst/batch di mana Anda tidak ingin CA bertindak sebelum penjadwal kube dapat menjadwalkan semua pod, Anda dapat memberi tahu CA untuk mengabaikan pod yang tidak terjadwal sebelum usia tertentu. Defaultnya adalah '0s'. Nilai harus berupa bilangan bulat diikuti oleh unit ('s' selama detik, 'm' untuk menit, 'h' selama berjam-jam, dll).
|
|
ok-total-unready-count
|
string
|
Jumlah simpul belum dibaca yang diizinkan, terlepas dari max-total-unready-percentage. Ini harus bilangan bulat. Defaultnya adalah 3.
|
|
scale-down-delay-after-add
|
string
|
Berapa lama setelah peningkatan skala, evaluasi penurunan dimulai kembali. Defaultnya adalah '10m'. Nilai harus berupa bilangan bulat diikuti dengan 'm'. Tidak ada unit waktu selain menit (m) yang didukung.
|
|
scale-down-delay-after-delete
|
string
|
Berapa lama setelah penghapusan node, evaluasi penurunan skala akan dilanjutkan. Defaultnya adalah interval pemindaian. Nilai harus berupa bilangan bulat diikuti dengan 'm'. Tidak ada unit waktu selain menit (m) yang didukung.
|
|
scale-down-delay-after-failure
|
string
|
Berapa lama setelah kegagalannya, evaluasi penurunan skala akan dilanjutkan. Defaultnya adalah '3m'. Nilai harus berupa bilangan bulat diikuti dengan 'm'. Tidak ada unit waktu selain menit (m) yang didukung.
|
|
scale-down-unneeded-time
|
string
|
Berapa lama node harus tidak diperlukan sebelum memenuhi syarat untuk menurunkan skala. Defaultnya adalah '10m'. Nilai harus berupa bilangan bulat diikuti dengan 'm'. Tidak ada unit waktu selain menit (m) yang didukung.
|
|
scale-down-unready-time
|
string
|
Berapa lama simpul yang tidak siap tidak diperlukan sebelum memenuhi syarat untuk diperkecil. Defaultnya adalah '20m'. Nilai harus berupa bilangan bulat diikuti dengan 'm'. Tidak ada unit waktu selain menit (m) yang didukung.
|
|
scale-down-utilization-threshold
|
string
|
Tingkat pemanfaatan node, didefinisikan sebagai jumlah sumber daya yang diminta dibagi berdasarkan kapasitas, di bawah ini simpul dapat dipertimbangkan untuk menurunkan skala. Defaultnya adalah '0.5'.
|
|
scan-interval
|
string
|
Seberapa sering kluster dievaluasi kembali untuk peningkatan atau penurunan skala. Defaultnya adalah '10'. Nilai harus berupa bilangan bulat dari detik.
|
|
skip-nodes-with-local-storage
|
string
|
Jika autoscaler kluster akan melewati penghapusan simpul dengan pod dengan penyimpanan lokal, misalnya, EmptyDir atau HostPath. Nilai bawaan adalah benar.
|
|
skip-nodes-with-system-pods
|
string
|
Jika autoscaler klaster akan melewatkan penghapusan node dengan pod dari kube-system (kecuali untuk DaemonSet atau mirror pod). Nilai bawaan adalah benar.
|
ManagedClusterSecurityProfile
Objek
Profil keamanan untuk kluster layanan kontainer.
ManagedClusterSecurityProfileDefender
Objek
Pengaturan Pertahanan Microsoft untuk profil keamanan.
| Nama |
Jenis |
Deskripsi |
|
logAnalyticsWorkspaceResourceId
|
string
(arm-id)
|
ID sumber daya ruang kerja Analitik Log yang akan dikaitkan dengan Pertahanan Microsoft. Ketika Pertahanan Microsoft diaktifkan, bidang ini diperlukan dan harus menjadi ID sumber daya ruang kerja yang valid. Saat Pertahanan Microsoft dinonaktifkan, biarkan bidang kosong.
|
|
securityMonitoring
|
ManagedClusterSecurityProfileDefenderSecurityMonitoring
|
Deteksi ancaman Pertahanan Microsoft untuk pengaturan Cloud untuk profil keamanan.
|
ManagedClusterSecurityProfileDefenderSecurityMonitoring
Objek
Pengaturan Pertahanan Microsoft untuk deteksi ancaman profil keamanan.
| Nama |
Jenis |
Deskripsi |
|
enabled
|
boolean
|
Apakah akan mengaktifkan deteksi ancaman Defender
|
ManagedClusterSecurityProfileImageCleaner
Objek
Image Cleaner menghapus gambar yang tidak digunakan dari simpul, mengosongkan ruang disk dan membantu mengurangi area permukaan serangan. Berikut adalah pengaturan untuk profil keamanan.
| Nama |
Jenis |
Deskripsi |
|
enabled
|
boolean
|
Apakah akan mengaktifkan Image Cleaner pada kluster AKS.
|
|
intervalHours
|
integer
(int32)
|
Interval pemindaian Image Cleaner dalam hitungan jam.
|
ManagedClusterSecurityProfileWorkloadIdentity
Objek
Pengaturan identitas beban kerja untuk profil keamanan.
| Nama |
Jenis |
Deskripsi |
|
enabled
|
boolean
|
Apakah akan mengaktifkan identitas beban kerja.
|
ManagedClusterServicePrincipalProfile
Objek
Informasi tentang identitas perwakilan layanan untuk kluster yang akan digunakan untuk memanipulasi API Azure.
| Nama |
Jenis |
Deskripsi |
|
clientId
|
string
|
ID untuk perwakilan layanan.
|
|
secret
|
string
(password)
|
Kata sandi rahasia yang terkait dengan perwakilan layanan dalam teks biasa.
|
ManagedClusterSKU
Objek
SKU Kluster Terkelola.
ManagedClusterSKUName
Enumerasi
Nama SKU kluster terkelola.
| Nilai |
Deskripsi |
|
Base
|
Opsi dasar untuk sarana kontrol AKS.
|
|
Automatic
|
Kluster otomatis dioptimalkan untuk menjalankan sebagian besar beban kerja produksi dengan konfigurasi yang mengikuti praktik dan rekomendasi terbaik AKS untuk penyiapan, skalabilitas, dan keamanan kluster dan beban kerja. Untuk detail selengkapnya tentang Kluster otomatis, lihat aka.ms/aks/automatic.
|
ManagedClusterSKUTier
Enumerasi
Tingkat SKU kluster terkelola. Jika tidak ditentukan, defaultnya adalah 'Gratis'. Lihat Tingkat Harga AKS untuk detail selengkapnya.
| Nilai |
Deskripsi |
|
Premium
|
Kluster memiliki kemampuan premium selain semua kemampuan yang disertakan dalam 'Standar'. Premium memungkinkan pemilihan LongTermSupport (aka.ms/aks/lts) untuk versi Kubernetes tertentu.
|
|
Standard
|
Direkomendasikan untuk beban kerja misi penting dan produksi. Termasuk autoscaling sarana kontrol Kube, pengujian intensif beban kerja, dan hingga 5.000 simpul per kluster. Menjamin ketersediaan 99,95% titik akhir server API Kubernetes untuk kluster yang menggunakan Zona Ketersediaan dan ketersediaan 99,9% untuk kluster yang tidak menggunakan Zona Ketersediaan.
|
|
Free
|
Manajemen kluster gratis, tetapi dikenakan biaya untuk VM, penyimpanan, dan penggunaan jaringan. Terbaik untuk bereksperimen, belajar, pengujian sederhana, atau beban kerja dengan kurang dari 10 simpul. Tidak disarankan untuk kasus penggunaan produksi.
|
ManagedClusterStaticEgressGatewayProfile
Objek
Konfigurasi addon Gateway Keluar Statis untuk kluster.
| Nama |
Jenis |
Deskripsi |
|
enabled
|
boolean
|
Aktifkan addon Static Egress Gateway. Menunjukkan apakah addon Gateway Keluar Statis diaktifkan atau tidak.
|
ManagedClusterStatus
Objek
Berisi informasi baca-saja tentang Kluster Terkelola.
| Nama |
Jenis |
Deskripsi |
|
provisioningError
|
ErrorDetail
|
Informasi detail kesalahan dari kluster terkelola. Mempertahankan info terperinci kegagalan. Jika tidak ada kesalahan, bidang ini dihilangkan.
|
ManagedClusterStorageProfile
Objek
Profil penyimpanan untuk kluster layanan kontainer.
ManagedClusterStorageProfileBlobCSIDriver
Objek
Pengaturan Driver CSI AzureBlob untuk profil penyimpanan.
| Nama |
Jenis |
Deskripsi |
|
enabled
|
boolean
|
Apakah akan mengaktifkan Driver CSI AzureBlob. Nilai defaultnya adalah false.
|
ManagedClusterStorageProfileDiskCSIDriver
Objek
Pengaturan Driver CSI AzureDisk untuk profil penyimpanan.
| Nama |
Jenis |
Deskripsi |
|
enabled
|
boolean
|
Apakah akan mengaktifkan Driver CSI AzureDisk. Nilai defaultnya adalah true.
|
ManagedClusterStorageProfileFileCSIDriver
Objek
Pengaturan Driver CSI AzureFile untuk profil penyimpanan.
| Nama |
Jenis |
Deskripsi |
|
enabled
|
boolean
|
Apakah akan mengaktifkan Driver CSI AzureFile. Nilai defaultnya adalah true.
|
ManagedClusterStorageProfileSnapshotController
Objek
Pengaturan Pengontrol Rekam Jepret untuk profil penyimpanan.
| Nama |
Jenis |
Deskripsi |
|
enabled
|
boolean
|
Apakah akan mengaktifkan Pengontrol Rekam Jepret. Nilai defaultnya adalah true.
|
ManagedClusterWebAppRoutingGatewayAPIImplementations
Objek
Konfigurasi untuk penyedia API Gateway yang akan digunakan untuk masuk terkelola dengan Perutean Aplikasi.
| Nama |
Jenis |
Deskripsi |
|
appRoutingIstio
|
ManagedClusterAppRoutingIstio
|
Konfigurasi untuk menggunakan sarana kontrol Istio tanpa sidecar untuk masuknya terkelola melalui Gateway API dengan Perutean Aplikasi. Lihat https://aka.ms/gateway-on-istio untuk informasi tentang menggunakan Istio untuk ingress melalui Gateway API.
|
ManagedClusterWindowsProfile
Objek
Profil untuk VM Windows di kluster terkelola.
| Nama |
Jenis |
Deskripsi |
|
adminPassword
|
string
(password)
|
Menentukan kata sandi akun administrator.
Panjang minimum: 8 karakter
Panjang maksimum: 123 karakter
persyaratan kompleksitas : 3 dari 4 kondisi di bawah ini perlu dipenuhi
Memiliki karakter yang lebih rendah
Memiliki karakter atas
Memiliki digit
Memiliki karakter khusus (Kecocokan regex [\W_])
Nilai yang tidak diizinkan: "abc@123", "P@$$w 0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!"
|
|
adminUsername
|
string
|
Menentukan nama akun administrator.
Pembatasan : Tidak dapat berakhiran "."
Nilai yang tidak diizinkan: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5".
Panjang minimum: 1 karakter
Panjang maksimum: 20 karakter
|
|
enableCSIProxy
|
boolean
|
Apakah akan mengaktifkan proksi CSI. Untuk detail selengkapnya tentang proksi CSI, lihat repositori GitHub proksi CSI .
|
|
gmsaProfile
|
WindowsGmsaProfile
|
Profil gMSA Windows di Kluster Terkelola.
|
|
licenseType
|
LicenseType
|
Jenis lisensi yang akan digunakan untuk VM Windows. Lihat Azure Manfaat Pengguna Hibrida untuk detail selengkapnya.
|
ManagedClusterWorkloadAutoScalerProfile
Objek
Profil Auto-scaler beban kerja untuk kluster terkelola.
ManagedClusterWorkloadAutoScalerProfileKeda
Objek
Pengaturan KEDA (Autoscaling berbasis Peristiwa Kubernetes) untuk profil auto-scaler beban kerja.
| Nama |
Jenis |
Deskripsi |
|
enabled
|
boolean
|
Apakah akan mengaktifkan KEDA.
|
ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler
Objek
Pengaturan VPA (Penskala Otomatis Pod Vertikal) untuk profil auto-scaler beban kerja.
| Nama |
Jenis |
Nilai default |
Deskripsi |
|
enabled
|
boolean
|
False
|
Apakah akan mengaktifkan VPA. Nilai defaultnya adalah false.
|
ManagedGatewayType
Enumerasi
Konfigurasi untuk penginstalan API Gateway terkelola. Jika tidak ditentukan, defaultnya adalah 'Dinonaktifkan'. Lihat https://aka.ms/k8s-gateway-api untuk detail selengkapnya.
| Nilai |
Deskripsi |
|
Disabled
|
CRD API Gateway tidak akan direkonsiliasi pada kluster Anda.
|
|
Standard
|
CRD API Gateway dari saluran rilis standar akan direkonsiliasi ke kluster Anda. Lihat https://aka.ms/gateway-api-versions untuk melihat bundel mana yang akan diinstal untuk versi Kubernetes Anda.
|
ManagedServiceIdentityUserAssignedIdentitiesValue
Objek
Properti identitas yang ditetapkan pengguna.
| Nama |
Jenis |
Deskripsi |
|
clientId
|
string
|
Id klien identitas yang ditetapkan pengguna.
|
|
principalId
|
string
|
Id utama identitas yang ditetapkan pengguna.
|
ManualScaleProfile
Objek
Spesifikasi pada jumlah komputer.
| Nama |
Jenis |
Deskripsi |
|
count
|
integer
(int32)
|
Jumlah simpul.
|
|
size
|
string
|
Ukuran VM yang akan digunakan AKS saat membuat dan menskalakan misalnya 'Standard_E4s_v3', 'Standard_E16s_v3' atau 'Standard_D16s_v5'.
|
NetworkDataplane
Enumerasi
Dataplane jaringan yang digunakan dalam kluster Kubernetes.
| Nilai |
Deskripsi |
|
azure
|
Gunakan dataplane jaringan Azure.
|
|
cilium
|
Gunakan dataplane jaringan Cilium. Lihat Azure CNI Powered by Cilium untuk informasi selengkapnya.
|
NetworkMode
Enumerasi
Mode jaringan Azure CNI dikonfigurasi dengan. Ini tidak dapat ditentukan jika networkPlugin adalah apa pun selain 'azure'.
| Nilai |
Deskripsi |
|
transparent
|
Tidak ada jembatan yang dibuat. Intra-VM komunikasi Pod ke Pod adalah melalui rute IP yang dibuat oleh Azure CNI. Lihat Mode Transparan untuk informasi selengkapnya.
|
|
bridge
|
Ini tidak lagi didukung
|
NetworkPlugin
Enumerasi
Plugin jaringan yang digunakan untuk membangun jaringan Kubernetes.
| Nilai |
Deskripsi |
|
azure
|
Gunakan plugin jaringan Azure CNI. Lihat jaringan Azure CNI (tingkat lanjut) untuk informasi selengkapnya.
|
|
kubenet
|
Gunakan plugin jaringan Kubenet. Lihat jaringan Kubenet (dasar) untuk informasi selengkapnya.
|
|
none
|
Tidak ada plugin CNI yang telah diinstal sebelumnya. Lihat BYO CNI untuk informasi selengkapnya.
|
NetworkPluginMode
Enumerasi
Mode yang harus digunakan plugin jaringan.
| Nilai |
Deskripsi |
|
overlay
|
Digunakan dengan networkPlugin=azure, pod diberikan IP dari ruang alamat PodCIDR tetapi menggunakan Domain Perutean Azure daripada metode tabel rute Kubenet. Untuk informasi selengkapnya, kunjungi https://aka.ms/aks/azure-cni-overlay.
|
NetworkPolicy
Enumerasi
Kebijakan jaringan yang digunakan untuk membangun jaringan Kubernetes.
| Nilai |
Deskripsi |
|
none
|
Kebijakan jaringan tidak akan diberlakukan. Ini adalah nilai default ketika NetworkPolicy tidak ditentukan.
|
|
calico
|
Gunakan kebijakan jaringan Calico. Lihat perbedaan antara kebijakan Azure dan Calico untuk informasi selengkapnya.
|
|
azure
|
Gunakan kebijakan jaringan Azure. Lihat perbedaan antara kebijakan Azure dan Calico untuk informasi selengkapnya.
|
|
cilium
|
Gunakan Cilium untuk menerapkan kebijakan jaringan. Ini mengharuskan networkDataplane menjadi 'cilium'.
|
NginxIngressControllerType
Enumerasi
Jenis Ingress untuk sumber daya kustom NginxIngressController default
| Nilai |
Deskripsi |
|
AnnotationControlled
|
NginxIngressController default akan dibuat. Pengguna dapat mengedit Sumber Daya Kustom NginxIngressController default untuk mengonfigurasi anotasi load balancer.
|
|
External
|
NginxIngressController default akan dibuat dan operator akan menyediakan loadbalancer eksternal dengannya. Setiap anotasi untuk membuat internal loadbalancer default akan ditimpa.
|
|
Internal
|
NginxIngressController default akan dibuat dan operator akan menyediakan loadbalancer internal dengannya. Setiap anotasi untuk membuat loadbalancer default eksternal akan ditimpa.
|
|
None
|
Pengontrol Ingress default tidak akan dibuat. Ini tidak akan dihapus oleh sistem jika ada. Pengguna harus menghapus Sumber Daya Kustom NginxIngressController default secara manual jika diinginkan.
|
NodeOSUpgradeChannel
Enumerasi
Saluran Peningkatan OS Node. Cara memperbarui OS pada simpul Anda. Defaultnya adalah NodeImage.
| Nilai |
Deskripsi |
|
None
|
Tidak ada upaya untuk memperbarui OS komputer Anda yang akan dibuat baik oleh OS atau dengan menggulirkan VHD. Ini berarti Anda bertanggung jawab atas pembaruan keamanan Anda
|
|
Unmanaged
|
Pembaruan OS akan diterapkan secara otomatis melalui infrastruktur patching bawaan OS. Baru diskalakan dalam mesin akan dilepaskan pada awalnya dan akan di-patch di beberapa titik oleh infrastruktur OS. Perilaku opsi ini tergantung pada OS yang dimaksud. Ubuntu dan Mariner menerapkan patch keamanan melalui peningkatan tanpa pengawas kira-kira sekali sehari sekitar pukul 06.00 UTC. Windows tidak menerapkan patch keamanan secara otomatis dan untuk mereka opsi ini setara dengan Tidak Ada sampai pemberitahuan lebih lanjut
|
|
NodeImage
|
AKS akan memperbarui simpul dengan VHD yang baru di-patch yang berisi perbaikan keamanan dan bugfix pada irama mingguan. Dengan mesin pembaruan VHD akan bergulir dicitrakan ulang ke VHD tersebut mengikuti jendela pemeliharaan dan pengaturan lonjakan. Tidak ada biaya VHD tambahan yang dikeluarkan saat memilih opsi ini karena AKS menghosting gambar.
|
|
SecurityPatch
|
AKS mengunduh dan memperbarui simpul dengan pembaruan keamanan yang diuji. Pembaruan ini mematuhi pengaturan jendela pemeliharaan dan menghasilkan VHD baru yang digunakan pada simpul baru. Pada beberapa kesempatan, tidak mungkin untuk menerapkan pembaruan di tempat, dalam kasus seperti itu simpul yang ada juga akan dicitrakan kembali ke VHD yang baru diproduksi untuk menerapkan perubahan. Opsi ini dikenakan biaya tambahan untuk menghosting VHD Patch Keamanan baru di grup sumber daya Anda hanya untuk konsumsi tepat waktu.
|
NodeProvisioningDefaultNodePools
Enumerasi
Kumpulan Karpenter NodePools (CRD) default yang dikonfigurasi untuk penyediaan simpul. Bidang ini tidak berpengaruh kecuali mode adalah 'Otomatis'. Peringatan: Mengubah ini dari Otomatis ke Tidak Ada pada kluster yang ada akan menyebabkan Karpenter NodePools default dihapus, yang akan menguras dan menghapus simpul yang terkait dengan kumpulan tersebut. Sangat disarankan untuk tidak melakukan ini kecuali ada node menganggur yang siap mengambil pod yang diusir oleh tindakan itu. Jika tidak ditentukan, defaultnya adalah Otomatis. Untuk informasi selengkapnya, lihat aka.ms/aks/nap#node-pools.
| Nilai |
Deskripsi |
|
None
|
Tidak ada Karpenter NodePool yang disediakan secara otomatis. Penskalaan otomatis tidak akan terjadi kecuali pengguna membuat satu atau beberapa instans CRD NodePool.
|
|
Auto
|
Satu set standar Karpenter NodePools disediakan
|
NodeProvisioningMode
Enumerasi
Mode provisi node. Jika tidak ditentukan, defaultnya adalah Manual.
| Nilai |
Deskripsi |
|
Manual
|
Simpul disediakan secara manual oleh pengguna
|
|
Auto
|
Node disediakan secara otomatis oleh AKS menggunakan Karpenter (Lihat aka.ms/aks/nap untuk detail selengkapnya). Kumpulan Simpul ukuran tetap masih dapat dibuat, tetapi Kumpulan Simpul penskalan otomatis tidak boleh. (Lihat aka.ms/aks/nap untuk detail selengkapnya).
|
OSDiskType
Enumerasi
Jenis disk OS yang akan digunakan untuk komputer di kumpulan agen. Defaultnya adalah 'Ephemeral' jika VM mendukungnya dan memiliki disk cache yang lebih besar dari OSDiskSizeGB yang diminta. Jika tidak, default ke 'Terkelola'. Mungkin tidak diubah setelah pembuatan. Untuk informasi selengkapnya, lihatOS Ephemeral .
| Nilai |
Deskripsi |
|
Managed
|
Azure mereplikasi disk sistem operasi untuk komputer virtual ke penyimpanan Azure untuk menghindari kehilangan data jika VM perlu dipindahkan ke host lain. Karena kontainer tidak dirancang agar status lokal tetap ada, perilaku ini menawarkan nilai terbatas sambil memberikan beberapa kelemahan, termasuk provisi simpul yang lebih lambat dan latensi baca/tulis yang lebih tinggi.
|
|
Ephemeral
|
Disk OS sementara hanya disimpan di komputer host, sama seperti disk sementara. Ini memberikan latensi baca/tulis yang lebih rendah, bersama dengan penskalaan node dan peningkatan kluster yang lebih cepat.
|
OSSKU
Enumerasi
Menentukan SKU OS yang digunakan oleh kumpulan agen. Defaultnya adalah Ubuntu jika OSType adalah Linux. Defaultnya adalah Windows2019 saat Kubernetes <= 1.24 atau Windows2022 saat Kubernetes >= 1.25 jika OSType Windows.
| Nilai |
Deskripsi |
|
Ubuntu
|
Gunakan Ubuntu sebagai OS untuk gambar simpul.
|
|
AzureLinux
|
Gunakan AzureLinux sebagai OS untuk gambar simpul. Azure Linux adalah distro Linux yang dioptimalkan kontainer yang dibangun oleh Microsoft, kunjungi https://aka.ms/azurelinux untuk informasi selengkapnya.
|
|
AzureLinux3
|
Gunakan AzureLinux3 sebagai OS untuk gambar simpul. Azure Linux adalah distro Linux yang dioptimalkan kontainer yang dibangun oleh Microsoft, kunjungi https://aka.ms/azurelinux untuk informasi selengkapnya. Untuk batasan, kunjungi https://aka.ms/aks/node-images. Untuk panduan migrasi OS, lihat https://aka.ms/aks/upgrade-os-version.
|
|
CBLMariner
|
OSSKU yang tidak digunakan lagi. Microsoft menyarankan agar penyebaran baru memilih 'AzureLinux' sebagai gantinya.
|
|
Windows2019
|
Gunakan Windows2019 sebagai OS untuk gambar simpul. Tidak didukung untuk kumpulan simpul sistem. Windows2019 hanya mendukung kontainer Windows2019; ini tidak dapat menjalankan kontainer Windows2022 dan sebaliknya.
|
|
Windows2022
|
Gunakan Windows2022 sebagai OS untuk gambar simpul. Tidak didukung untuk kumpulan simpul sistem. Windows2022 hanya mendukung kontainer Windows2022; ini tidak dapat menjalankan kontainer Windows2019 dan sebaliknya.
|
|
Ubuntu2204
|
Gunakan Ubuntu2204 sebagai OS untuk gambar node, namun, Ubuntu 22.04 mungkin tidak didukung untuk semua nodepool. Untuk batasan dan versi kubernetes yang didukung, lihat https://aka.ms/aks/supported-ubuntu-versions
|
|
Windows2025
|
Gunakan Windows2025 sebagai OS untuk gambar node. Tidak didukung untuk kumpulan simpul sistem. Windows2025 mendukung kontainer Windows2022 dan Windows 2025; tidak dapat menjalankan kontainer Windows2019 dan sebaliknya.
|
|
Ubuntu2404
|
Gunakan Ubuntu2404 sebagai OS untuk gambar node, namun, Ubuntu 24.04 mungkin tidak didukung untuk semua nodepool. Untuk batasan dan versi kubernetes yang didukung, lihat lihat https://aka.ms/aks/supported-ubuntu-versions
|
|
AzureContainerLinux
|
Gunakan Azure Container Linux sebagai OS untuk gambar simpul. Azure Container Linux adalah OS Linux yang dioptimalkan untuk kontainer dan berfokus pada keamanan yang dibangun di Azure Linux, dengan sistem file yang tidak dapat diubah. ACL berasal dari proyek Flatcar Container Linux, dibangun di atas desain Flatcar yang mengutamakan kontainer yang telah terbukti, tidak dapat diubah, sambil menambahkan paket Azure Linux, servis, dan integrasi mendalam dengan siklus hidup Azure dan AKS. Untuk informasi selengkapnya, lihat https://aka.ms/azurecontainerlinux
|
OSType
Enumerasi
Jenis sistem operasi. Defaultnya adalah Linux.
| Nilai |
Deskripsi |
|
Linux
|
Gunakan Linux.
|
|
Windows
|
Gunakan Windows.
|
OutboundType
Enumerasi
Metode perutean keluar (keluar). Ini hanya dapat diatur pada waktu pembuatan kluster dan tidak dapat diubah nanti. Untuk informasi selengkapnya, lihat egress outbound type.
PodIPAllocationMode
Enumerasi
Mode Alokasi IP Pod. Mode alokasi IP untuk pod di kumpulan agen. Harus digunakan dengan podSubnetId. Defaultnya adalah 'DynamicIndividual'.
| Nilai |
Deskripsi |
|
DynamicIndividual
|
Setiap node dialokasikan dengan daftar alamat IP yang tidak berdekatan yang dapat ditetapkan ke pod. Ini lebih baik untuk memaksimalkan subnet kecil hingga menengah berukuran /16 atau lebih kecil. Kluster Azure CNI dengan alokasi IP dinamis default ke mode ini jika pelanggan tidak secara eksplisit menentukan podIPAllocationMode
|
|
StaticBlock
|
Setiap simpul dialokasikan secara statis blok CIDR berukuran /28 = 16 IP per blok untuk memenuhi maxPods per node. Jumlah blok CIDR >= (maxPods / 16). Blok, bukan satu IP, dihitung terhadap batas IP Privat Azure Vnet sebesar 65K. Oleh karena itu, mode blok cocok untuk menjalankan beban kerja yang lebih besar dengan lebih dari batas 65K pod saat ini dalam kluster. Mode ini lebih cocok untuk diskalakan dengan subnet /15 yang lebih besar atau lebih besar
|
PortRange
Objek
Rentang port.
| Nama |
Jenis |
Deskripsi |
|
portEnd
|
integer
(int32)
minimum: 1
maximum: 65535
|
Port maksimum yang disertakan dalam rentang. Ini harus berkisar dari 1 hingga 65535, dan lebih besar dari atau sama dengan portStart.
|
|
portStart
|
integer
(int32)
minimum: 1
maximum: 65535
|
Port minimum yang disertakan dalam rentang. Ini harus berkisar dari 1 hingga 65535, dan kurang dari atau sama dengan portEnd.
|
|
protocol
|
Protocol
|
Protokol jaringan port.
|
PowerState
Objek
Menjelaskan Status Daya kluster
| Nama |
Jenis |
Deskripsi |
|
code
|
Code
|
Memberi tahu apakah kluster Sedang Berjalan atau Dihentikan
|
PrivateLinkResource
Objek
Sumber daya tautan privat
| Nama |
Jenis |
Deskripsi |
|
groupId
|
string
|
ID grup sumber daya.
|
|
id
|
string
|
ID sumber daya tautan privat.
|
|
name
|
string
|
Nama sumber daya tautan privat. Lihat aturan penamaan untuk detail selengkapnya.
|
|
privateLinkServiceID
|
string
(arm-id)
|
ID layanan tautan privat sumber daya, bidang ini hanya diekspos ke NRP secara internal.
|
|
requiredMembers
|
string[]
|
RequiredMembers sumber daya
|
|
type
|
string
|
Jenis sumber daya
|
Protocol
Enumerasi
Protokol jaringan port.
| Nilai |
Deskripsi |
|
TCP
|
Protokol TCP.
|
|
UDP
|
Protokol UDP.
|
ProxyRedirectionMechanism
Enumerasi
Mode pengalihan lalu lintas.
| Nilai |
Deskripsi |
|
InitContainers
|
Istio akan menyuntikkan kontainer init ke setiap pod untuk mengarahkan lalu lintas (membutuhkan NET_ADMIN dan NET_RAW).
|
|
CNIChaining
|
Istio akan menginstal plugin CNI berantai untuk mengarahkan lalu lintas (disarankan).
|
PublicNetworkAccess
Enumerasi
PublicNetworkAccess dari managedCluster. Mengizinkan atau menolak access jaringan publik untuk AKS
| Nilai |
Deskripsi |
|
Enabled
|
Masuk/Keluar ke managedCluster diizinkan.
|
|
Disabled
|
Lalu lintas masuk ke managedCluster dinonaktifkan, lalu lintas dari managedCluster diizinkan.
|
ResourceIdentityType
Enumerasi
Jenis identitas yang digunakan untuk kluster terkelola. Untuk informasi selengkapnya, lihat menggunakan identitas terkelola di AKS.
| Nilai |
Deskripsi |
|
SystemAssigned
|
Gunakan sistem yang dibuat secara implisit yang ditetapkan identitas terkelola untuk mengelola sumber daya kluster. Komponen master di sarana kontrol seperti kube-controller-manager akan menggunakan identitas terkelola yang ditetapkan sistem untuk memanipulasi sumber daya Azure.
|
|
UserAssigned
|
Gunakan identitas yang ditentukan pengguna untuk mengelola sumber daya kluster. Komponen master dalam sarana kontrol seperti kube-controller-manager akan menggunakan identitas terkelola yang ditetapkan pengguna yang ditentukan untuk memanipulasi sumber daya Azure.
|
|
None
|
Jangan gunakan identitas terkelola untuk Kluster Terkelola, perwakilan layanan akan digunakan sebagai gantinya.
|
ResourceReference
Objek
Referensi ke sumber daya Azure.
| Nama |
Jenis |
Deskripsi |
|
id
|
string
(arm-id)
|
Id sumber daya Azure yang sepenuhnya memenuhi syarat.
|
RestrictionLevel
Enumerasi
Tingkat pembatasan diterapkan ke grup sumber daya simpul kluster. Jika tidak ditentukan, defaultnya adalah 'Tidak Dibatasi'
| Nilai |
Deskripsi |
|
Unrestricted
|
Semua izin RBAC diizinkan pada grup sumber daya simpul terkelola
|
|
ReadOnly
|
Hanya */baca izin RBAC yang diizinkan pada grup sumber daya simpul terkelola
|
ScaleDownMode
Enumerasi
Menjelaskan bagaimana VM ditambahkan ke atau dihapus dari Kumpulan Agen. Lihat status penagihan.
| Nilai |
Deskripsi |
|
Delete
|
Buat instans baru selama peningkatan skala dan hapus instans selama penurunan skala.
|
|
Deallocate
|
Coba mulai instans yang dibatalkan alokasinya (jika ada) selama peningkatan skala dan batalkan alokasi instans selama penurunan skala.
|
ScaleProfile
Objek
Spesifikasi tentang cara menskalakan kumpulan agen VirtualMachines.
| Nama |
Jenis |
Deskripsi |
|
manual
|
ManualScaleProfile[]
|
Spesifikasi tentang cara menskalakan kumpulan agen VirtualMachines ke ukuran tetap.
|
ScaleSetEvictionPolicy
Enumerasi
Kebijakan penggusuran Set Skala Komputer Virtual. Kebijakan penggusuran menentukan apa yang to do dengan VM saat diusir. Defaultnya adalah Hapus. Untuk informasi selengkapnya tentang penggusuran, lihat spot VMs
| Nilai |
Deskripsi |
|
Delete
|
Simpul di Set Skala yang mendasar dari kumpulan simpul dihapus saat dikeluarkan.
|
|
Deallocate
|
Simpul dalam Set Skala yang mendasar dari kumpulan simpul diatur ke status dihentikan-dibatalkan alokasinya setelah pengeluaran. Simpul dalam jumlah status yang dihentikan alokasinya terhadap kuota komputasi Anda dan dapat menyebabkan masalah dengan penskalaan atau peningkatan kluster.
|
ScaleSetPriority
Enumerasi
Prioritas Set Skala Komputer Virtual.
| Nilai |
Deskripsi |
|
Spot
|
VM prioritas spot akan digunakan. Tidak ada SLA untuk simpul spot. Lihat spot di AKS untuk informasi selengkapnya.
|
|
Regular
|
VM reguler akan digunakan.
|
ServiceMeshMode
Enumerasi
Mode jala layanan.
| Nilai |
Deskripsi |
|
Istio
|
Istio disebarkan sebagai addon AKS.
|
|
Disabled
|
Jala dinonaktifkan.
|
ServiceMeshProfile
Objek
Profil jala layanan untuk kluster terkelola.
SysctlConfig
Objek
Pengaturan Sysctl untuk simpul agen Linux.
| Nama |
Jenis |
Deskripsi |
|
fsAioMaxNr
|
integer
(int32)
|
Pengaturan Sysctl fs.aio-max-nr.
|
|
fsFileMax
|
integer
(int32)
|
Pengaturan Sysctl fs.file-max.
|
|
fsInotifyMaxUserWatches
|
integer
(int32)
|
Pengaturan Sysctl fs.inotify.max_user_watches.
|
|
fsNrOpen
|
integer
(int32)
|
Pengaturan Sysctl fs.nr_open.
|
|
kernelThreadsMax
|
integer
(int32)
|
Pengaturan Sysctl kernel.threads-max.
|
|
netCoreNetdevMaxBacklog
|
integer
(int32)
|
Pengaturan Sysctl net.core.netdev_max_backlog.
|
|
netCoreOptmemMax
|
integer
(int32)
|
Pengaturan Sysctl net.core.optmem_max.
|
|
netCoreRmemDefault
|
integer
(int32)
|
Pengaturan Sysctl net.core.rmem_default.
|
|
netCoreRmemMax
|
integer
(int32)
|
Pengaturan Sysctl net.core.rmem_max.
|
|
netCoreSomaxconn
|
integer
(int32)
|
Pengaturan Sysctl net.core.somaxconn.
|
|
netCoreWmemDefault
|
integer
(int32)
|
Pengaturan Sysctl net.core.wmem_default.
|
|
netCoreWmemMax
|
integer
(int32)
|
Pengaturan Sysctl net.core.wmem_max.
|
|
netIpv4IpLocalPortRange
|
string
|
Pengaturan Sysctl net.ipv4.ip_local_port_range.
|
|
netIpv4NeighDefaultGcThresh1
|
integer
(int32)
|
Pengaturan Sysctl net.ipv4.neigh.default.gc_thresh1.
|
|
netIpv4NeighDefaultGcThresh2
|
integer
(int32)
|
Pengaturan Sysctl net.ipv4.neigh.default.gc_thresh2.
|
|
netIpv4NeighDefaultGcThresh3
|
integer
(int32)
|
Pengaturan Sysctl net.ipv4.neigh.default.gc_thresh3.
|
|
netIpv4TcpFinTimeout
|
integer
(int32)
|
Pengaturan Sysctl net.ipv4.tcp_fin_timeout.
|
|
netIpv4TcpKeepaliveProbes
|
integer
(int32)
|
Pengaturan Sysctl net.ipv4.tcp_keepalive_probes.
|
|
netIpv4TcpKeepaliveTime
|
integer
(int32)
|
Pengaturan Sysctl net.ipv4.tcp_keepalive_time.
|
|
netIpv4TcpMaxSynBacklog
|
integer
(int32)
|
Pengaturan Sysctl net.ipv4.tcp_max_syn_backlog.
|
|
netIpv4TcpMaxTwBuckets
|
integer
(int32)
|
Pengaturan Sysctl net.ipv4.tcp_max_tw_buckets.
|
|
netIpv4TcpTwReuse
|
boolean
|
Pengaturan Sysctl net.ipv4.tcp_tw_reuse.
|
|
netIpv4TcpkeepaliveIntvl
|
integer
(int32)
minimum: 10
maximum: 90
|
Pengaturan Sysctl net.ipv4.tcp_keepalive_intvl.
|
|
netNetfilterNfConntrackBuckets
|
integer
(int32)
minimum: 65536
maximum: 524288
|
Pengaturan Sysctl net.netfilter.nf_conntrack_buckets.
|
|
netNetfilterNfConntrackMax
|
integer
(int32)
minimum: 131072
maximum: 2097152
|
Pengaturan Sysctl net.netfilter.nf_conntrack_max.
|
|
vmMaxMapCount
|
integer
(int32)
|
Pengaturan Sysctl vm.max_map_count.
|
|
vmSwappiness
|
integer
(int32)
|
Pengaturan Sysctl vm.swappiness.
|
|
vmVfsCachePressure
|
integer
(int32)
|
Pengaturan Sysctl vm.vfs_cache_pressure.
|
systemData
Objek
Metadata yang berkaitan dengan pembuatan dan modifikasi terakhir sumber daya.
| Nama |
Jenis |
Deskripsi |
|
createdAt
|
string
(date-time)
|
Tanda waktu pembuatan sumber daya (UTC).
|
|
createdBy
|
string
|
Identitas yang membuat sumber daya.
|
|
createdByType
|
createdByType
|
Jenis identitas yang membuat sumber daya.
|
|
lastModifiedAt
|
string
(date-time)
|
Tanda waktu modifikasi terakhir sumber daya (UTC)
|
|
lastModifiedBy
|
string
|
Identitas yang terakhir mengubah sumber daya.
|
|
lastModifiedByType
|
createdByType
|
Jenis identitas yang terakhir memodifikasi sumber daya.
|
TransitEncryptionType
Enumerasi
Mengonfigurasi enkripsi pod-ke-pod. Ini hanya dapat diaktifkan pada kluster berbasis Cilium. Jika tidak ditentukan, nilai defaultnya adalah Tidak Ada.
UndrainableNodeBehavior
Enumerasi
Menentukan perilaku untuk simpul yang tidak dapat dibatalkan selama peningkatan. Penyebab paling umum dari simpul yang tidak dapat dibatalkan adalah Anggaran Gangguan Pod (PDB), tetapi masalah lain, seperti masa tenggang penghentian pod melebihi batas waktu pengurasan per node yang tersisa atau pod masih dalam keadaan berjalan, juga dapat menyebabkan simpul yang tidak dapat dibatalkan.
| Nilai |
Deskripsi |
|
Cordon
|
AKS akan menghubungkan simpul yang diblokir dan menggantinya dengan node lonjakan selama peningkatan. Simpul yang diblokir akan disambungkan dan digantikan oleh node lonjakan. Simpul yang diblokir akan memiliki label 'kubernetes.azure.com/upgrade-status:Quarantined'. Simpul lonjakan akan dipertahankan untuk setiap simpul yang diblokir. Upaya terbaik akan dilakukan untuk menghapus semua simpul lonjakan lainnya. Jika ada cukup node lonjakan untuk menggantikan simpul yang diblokir, maka operasi peningkatan dan kluster terkelola akan dalam status gagal. Jika tidak, operasi peningkatan dan kluster terkelola akan dalam status dibatalkan.
|
|
Schedule
|
AKS akan menandai simpul yang diblokir yang dapat di-schedulable, tetapi simpul yang diblokir tidak ditingkatkan. Upaya terbaik akan dilakukan untuk menghapus semua simpul lonjakan. Operasi peningkatan dan kluster terkelola akan dalam status gagal jika ada simpul yang diblokir.
|
UpgradeChannel
Enumerasi
Saluran peningkatan untuk peningkatan otomatis. Defaultnya adalah 'none'. Untuk informasi selengkapnya, lihat mengatur saluran peningkatan otomatis kluster AKS.
| Nilai |
Deskripsi |
|
rapid
|
Tingkatkan kluster secara otomatis ke rilis patch terbaru yang didukung pada versi minor terbaru yang didukung. Dalam kasus di mana kluster berada pada versi Kubernetes yang berada pada versi minor N-2 di mana N adalah versi minor terbaru yang didukung, kluster pertama kali meningkatkan ke versi patch terbaru yang didukung pada versi minor N-1. Misalnya, jika kluster menjalankan versi 1.17.7 dan versi 1.17.9, 1.18.4, 1.18.6, dan 1.19.1 tersedia, kluster Anda terlebih dahulu ditingkatkan ke 1.18.6, maka ditingkatkan ke 1.19.1.
|
|
stable
|
Tingkatkan kluster secara otomatis ke rilis patch terbaru yang didukung pada versi minor N-1, di mana N adalah versi minor terbaru yang didukung. Misalnya, jika kluster menjalankan versi 1.17.7 dan versi 1.17.9, 1.18.4, 1.18.6, dan 1.19.1 tersedia, kluster Anda ditingkatkan ke 1.18.6.
|
|
patch
|
Tingkatkan kluster secara otomatis ke versi patch terbaru yang didukung saat tersedia sambil menjaga versi minor tetap sama. Misalnya, jika kluster menjalankan versi 1.17.7 dan versi 1.17.9, 1.18.4, 1.18.6, dan 1.19.1 tersedia, kluster Anda ditingkatkan ke 1.17.9.
|
|
node-image
|
Tingkatkan gambar simpul secara otomatis ke versi terbaru yang tersedia. Pertimbangkan untuk menggunakan nodeOSUpgradeChannel sebagai gantinya yang memungkinkan Anda untuk mengonfigurasi patching OS simpul yang terpisah dari patching versi Kubernetes
|
|
none
|
Menonaktifkan peningkatan otomatis dan mempertahankan kluster pada versi Kubernetes saat ini.
|
UpgradeOverrideSettings
Objek
Pengaturan untuk mengambil alih saat memutakhirkan kluster.
| Nama |
Jenis |
Deskripsi |
|
forceUpgrade
|
boolean
|
Apakah akan memaksa peningkatan kluster. Perhatikan bahwa opsi ini menginstruksikan operasi peningkatan untuk melewati perlindungan peningkatan seperti memeriksa penggunaan API yang tidak digunakan lagi. Aktifkan opsi ini hanya dengan hati-hati.
|
|
until
|
string
(date-time)
|
Sampai kapan penimpaan efektif. Perhatikan bahwa ini hanya cocok dengan waktu mulai peningkatan, dan efektivitas tidak akan berubah setelah peningkatan dimulai bahkan jika until kedaluwarsa saat peningkatan berlangsung. Bidang ini tidak diatur secara default. Ini harus diatur agar penimpaan diterapkan.
|
UserAssignedIdentity
Objek
Detail tentang identitas yang ditetapkan pengguna.
| Nama |
Jenis |
Deskripsi |
|
clientId
|
string
|
ID klien dari identitas yang ditetapkan pengguna.
|
|
objectId
|
string
|
ID objek dari identitas yang ditetapkan pengguna.
|
|
resourceId
|
string
(arm-id)
|
ID sumber daya identitas yang ditetapkan pengguna.
|
VirtualMachineNodes
Objek
Status saat ini pada sekelompok simpul dengan ukuran vm yang sama.
| Nama |
Jenis |
Deskripsi |
|
count
|
integer
(int32)
|
Jumlah simpul.
|
|
size
|
string
|
Ukuran VM agen yang digunakan untuk menghosting grup simpul ini.
|
VirtualMachinesProfile
Objek
Spesifikasi tentang kumpulan agen VirtualMachines.
| Nama |
Jenis |
Deskripsi |
|
scale
|
ScaleProfile
|
Spesifikasi tentang cara menskalakan kumpulan agen VirtualMachines.
|
WindowsGmsaProfile
Objek
Profil gMSA Windows di kluster terkelola.
| Nama |
Jenis |
Deskripsi |
|
dnsServer
|
string
|
Menentukan server DNS untuk Windows gMSA.
Atur ke kosong jika Anda telah mengonfigurasi server DNS di vnet yang digunakan untuk membuat kluster terkelola.
|
|
enabled
|
boolean
|
Apakah akan mengaktifkan Windows gMSA. Menentukan apakah akan mengaktifkan gMSA Windows di kluster terkelola.
|
|
rootDomainName
|
string
|
Menentukan nama domain akar untuk Windows gMSA.
Atur ke kosong jika Anda telah mengonfigurasi server DNS di vnet yang digunakan untuk membuat kluster terkelola.
|
WorkloadRuntime
Enumerasi
Menentukan jenis beban kerja yang dapat dijalankan simpul.
| Nilai |
Deskripsi |
|
OCIContainer
|
Simpul akan menggunakan Kubelet untuk menjalankan beban kerja kontainer OCI standar.
|
|
WasmWasi
|
Simpul akan menggunakan Krustlet untuk menjalankan beban kerja WASM menggunakan penyedia WASI (Pratinjau).
|
|
KataVmIsolation
|
Node dapat menggunakan (Kata + Cloud Hypervisor + Hyper-V) untuk mengaktifkan pod berbasis VM Bersarang. Karena penggunaan Hyper-V, OS simpul AKS itu sendiri adalah VM berlapis (OS akar) Hyper-V. Dengan demikian hanya dapat digunakan dengan seri VM yang mendukung Virtualisasi Berlapis seperti seri Dv3.
|