Hiermee maakt of werkt u een beheerd cluster bij.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}?api-version=2025-10-01
URI-parameters
| Name |
In |
Vereist |
Type |
Description |
|
resourceGroupName
|
path |
True
|
string
minLength: 1
maxLength: 90
|
De naam van de resourcegroep. De naam is hoofdletterongevoelig.
|
|
resourceName
|
path |
True
|
string
minLength: 1
maxLength: 63
pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$
|
De naam van de beheerde clusterresource.
|
|
subscriptionId
|
path |
True
|
string
(uuid)
|
De id van het doelabonnement. De waarde moet een UUID zijn.
|
|
api-version
|
query |
True
|
string
minLength: 1
|
De API-versie die voor deze bewerking moet worden gebruikt.
|
| Name |
Vereist |
Type |
Description |
|
if-match
|
|
string
|
De aanvraag mag alleen worden voortgezet als een entiteit overeenkomt met deze tekenreeks.
|
|
if-none-match
|
|
string
|
De aanvraag moet alleen worden voortgezet als er geen entiteit overeenkomt met deze tekenreeks.
|
Aanvraagbody
| Name |
Vereist |
Type |
Description |
|
location
|
True
|
string
|
De geografische locatie waar de resource zich bevindt
|
|
extendedLocation
|
|
ExtendedLocation
|
De uitgebreide locatie van de virtuele machine.
|
|
identity
|
|
ManagedClusterIdentity
|
De identiteit van het beheerde cluster, indien geconfigureerd.
|
|
kind
|
|
string
|
Dit wordt voornamelijk gebruikt om verschillende gebruikersinterface-ervaringen beschikbaar te maken in de portal voor verschillende soorten
|
|
properties.aadProfile
|
|
ManagedClusterAADProfile
|
De Azure Active Directory-configuratie.
|
|
properties.addonProfiles
|
|
<string,
ManagedClusterAddonProfile>
|
Het profiel van de invoegtoepassing voor beheerde clusters.
|
|
properties.agentPoolProfiles
|
|
ManagedClusterAgentPoolProfile[]
|
De eigenschappen van de agentgroep.
|
|
properties.aiToolchainOperatorProfile
|
|
ManagedClusterAIToolchainOperatorProfile
|
Operatorinstellingen voor AI-hulpprogrammaketens die van toepassing zijn op het hele cluster.
|
|
properties.apiServerAccessProfile
|
|
ManagedClusterAPIServerAccessProfile
|
Het toegangsprofiel voor beheerde cluster-API-server.
|
|
properties.autoScalerProfile
|
|
ManagedClusterPropertiesAutoScalerProfile
|
Parameters die moeten worden toegepast op de automatische schaalaanpassing van clusters wanneer deze optie is ingeschakeld
|
|
properties.autoUpgradeProfile
|
|
ManagedClusterAutoUpgradeProfile
|
De configuratie van de automatische upgrade.
|
|
properties.azureMonitorProfile
|
|
ManagedClusterAzureMonitorProfile
|
Azure Monitor-invoegtoepassingsprofielen voor het bewaken van het beheerde cluster.
|
|
properties.bootstrapProfile
|
|
ManagedClusterBootstrapProfile
|
Profiel van de bootstrapconfiguratie van het cluster.
|
|
properties.disableLocalAccounts
|
|
boolean
|
Als lokale accounts moeten worden uitgeschakeld op het beheerde cluster. Als deze optie is ingesteld op true, worden statische referenties uitgeschakeld voor dit cluster. Dit mag alleen worden gebruikt voor beheerde clusters waarvoor AAD is ingeschakeld. Zie lokale accounts uitschakelenvoor meer informatie.
|
|
properties.diskEncryptionSetID
|
|
string
(arm-id)
|
De resource-id van de schijfversleuteling die moet worden gebruikt voor het inschakelen van versleuteling at rest. Dit is van het formulier: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}
|
|
properties.dnsPrefix
|
|
string
|
Het DNS-voorvoegsel van het beheerde cluster. Dit kan niet worden bijgewerkt zodra het beheerde cluster is gemaakt.
|
|
properties.enableRBAC
|
|
boolean
|
Of Kubernetes Role-Based toegangsbeheer moet worden ingeschakeld.
|
|
properties.fqdnSubdomain
|
|
string
|
Het FQDN-subdomein van het privécluster met aangepaste privé-DNS-zone. Dit kan niet worden bijgewerkt zodra het beheerde cluster is gemaakt.
|
|
properties.httpProxyConfig
|
|
ManagedClusterHTTPProxyConfig
|
Configuraties voor het inrichten van het cluster met HTTP-proxyservers.
|
|
properties.identityProfile
|
|
<string,
UserAssignedIdentity>
|
De gebruikersidentiteit die is gekoppeld aan het beheerde cluster. Deze identiteit wordt gebruikt door de kubelet. Er is slechts één door de gebruiker toegewezen identiteit toegestaan. De enige geaccepteerde sleutel is 'kubeletidentity', met de waarde 'resourceId': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
|
|
properties.ingressProfile
|
|
ManagedClusterIngressProfile
|
Inkomend profiel voor het beheerde cluster.
|
|
properties.kubernetesVersion
|
|
string
|
De versie van Kubernetes die door de gebruiker is opgegeven. Beide patchversie <major.minor.patch> (bijvoorbeeld 1.20.13) en <major.minor> (bijvoorbeeld 1.20) worden ondersteund. Wanneer <major.minor> is opgegeven, wordt automatisch de meest recente ondersteunde GA-patchversie gekozen. Het cluster bijwerken met dezelfde <major.minor> nadat het is gemaakt (bijvoorbeeld 1.14.x -> 1.14) activeert geen upgrade, zelfs als er een nieuwere patchversie beschikbaar is. Wanneer u een upgrade uitvoert van een ondersteund AKS-cluster, kunnen secundaire versies van Kubernetes niet worden overgeslagen. Alle upgrades moeten sequentieel worden uitgevoerd op primaire versienummer. Bijvoorbeeld, upgrades tussen 1.14.x -> 1.15.x of 1.15.x -> 1.16.x zijn toegestaan, maar 1.14.x -> 1.16.x is niet toegestaan. Zie een AKS-cluster upgraden voor meer informatie.
|
|
properties.linuxProfile
|
|
ContainerServiceLinuxProfile
|
Het profiel voor Linux-VM's in het beheerde cluster.
|
|
properties.metricsProfile
|
|
ManagedClusterMetricsProfile
|
Optionele configuratie van metrische clustergegevens.
|
|
properties.networkProfile
|
|
ContainerServiceNetworkProfile
|
Het netwerkconfiguratieprofiel.
|
|
properties.nodeProvisioningProfile
|
|
ManagedClusterNodeProvisioningProfile
|
Inrichtingsinstellingen voor knooppunten die van toepassing zijn op het hele cluster.
|
|
properties.nodeResourceGroup
|
|
string
|
De naam van de resourcegroep met agentgroepknooppunten.
|
|
properties.nodeResourceGroupProfile
|
|
ManagedClusterNodeResourceGroupProfile
|
Profiel van de configuratie van de knooppuntresourcegroep.
|
|
properties.oidcIssuerProfile
|
|
ManagedClusterOIDCIssuerProfile
|
Het OIDC-verlenerprofiel van het beheerde cluster.
|
|
properties.podIdentityProfile
|
|
ManagedClusterPodIdentityProfile
|
Het pod-identiteitsprofiel van het beheerde cluster. Zie AAD-podidentiteit gebruiken voor meer informatie over de integratie van AAD-podidentiteiten.
|
|
properties.privateLinkResources
|
|
PrivateLinkResource[]
|
Private Link-resources die zijn gekoppeld aan het cluster.
|
|
properties.publicNetworkAccess
|
|
PublicNetworkAccess
|
PublicNetworkAccess van het beheerde cluster. Openbare netwerktoegang voor AKS toestaan of weigeren
|
|
properties.securityProfile
|
|
ManagedClusterSecurityProfile
|
Beveiligingsprofiel voor het beheerde cluster.
|
|
properties.serviceMeshProfile
|
|
ServiceMeshProfile
|
Service-mesh-profiel voor een beheerd cluster.
|
|
properties.servicePrincipalProfile
|
|
ManagedClusterServicePrincipalProfile
|
Informatie over een service-principal-identiteit voor het cluster dat moet worden gebruikt voor het bewerken van Azure-API's.
|
|
properties.status
|
|
ManagedClusterStatus
|
Bevat alleen-lezen informatie over het beheerde cluster.
|
|
properties.storageProfile
|
|
ManagedClusterStorageProfile
|
Opslagprofiel voor het beheerde cluster.
|
|
properties.supportPlan
|
|
KubernetesSupportPlan
|
Het ondersteuningsplan voor het beheerde cluster. Als dit niet is opgegeven, is de standaardwaarde 'KubernetesOfficial'.
|
|
properties.upgradeSettings
|
|
ClusterUpgradeSettings
|
Instellingen voor het upgraden van een cluster.
|
|
properties.windowsProfile
|
|
ManagedClusterWindowsProfile
|
Het profiel voor Virtuele Windows-machines in het beheerde cluster.
|
|
properties.workloadAutoScalerProfile
|
|
ManagedClusterWorkloadAutoScalerProfile
|
Profiel voor automatische schaalaanpassing van werkbelastingen voor het beheerde cluster.
|
|
sku
|
|
ManagedClusterSKU
|
De beheerde cluster-SKU.
|
|
tags
|
|
object
|
Resourcetags.
|
Antwoorden
| Name |
Type |
Description |
|
200 OK
|
ManagedCluster
|
De updatebewerking van de resource 'ManagedCluster' is geslaagd
|
|
201 Created
|
ManagedCluster
|
Resource 'ManagedCluster' aanmaakoperatie is geslaagd
Kopteksten
- Azure-AsyncOperation: string
- Retry-After: integer
|
|
Other Status Codes
|
ErrorResponse
|
Een onverwachte foutreactie.
|
Beveiliging
azure_auth
OAuth2-stroom voor Azure Active Directory.
Type:
oauth2
Stroom:
implicit
Autorisatie-URL:
https://login.microsoftonline.com/common/oauth2/authorize
Bereiken
| Name |
Description |
|
user_impersonation
|
zich voordoen als uw gebruikersaccount
|
Voorbeelden
Create Managed Cluster using an agent pool snapshot
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"creationData": {
"sourceResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"
},
"enableFIPS": true,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.CreationData;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_Snapshot.json
*/
/**
* Sample code: Create Managed Cluster using an agent pool snapshot.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterUsingAnAgentPoolSnapshot(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableFips(true)
.withCreationData(new CreationData().withSourceResourceId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"))
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_snapshot.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"creationData": {
"sourceResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"
},
"enableFIPS": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Snapshot.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Snapshot.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterUsingAnAgentPoolSnapshot() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
CreationData: &armcontainerservice.CreationData{
SourceResourceID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"),
},
EnableFIPS: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CreationData: &armcontainerservice.CreationData{
// SourceResourceID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"),
// },
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableFIPS: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Snapshot.json
*/
async function createManagedClusterUsingAnAgentPoolSnapshot() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
creationData: {
sourceResourceId:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1",
},
enableFips: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Snapshot.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableFips = true,
CreationDataSourceResourceId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"),
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"creationData": {
"sourceResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"
},
"currentOrchestratorVersion": "1.9.6",
"enableFIPS": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"creationData": {
"sourceResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"
},
"currentOrchestratorVersion": "1.9.6",
"enableFIPS": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with AKS-managed NAT gateway as outbound type
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": false,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"natGatewayProfile": {
"managedOutboundIPProfile": {
"count": 2
}
},
"outboundType": "managedNATGateway"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterManagedOutboundIpProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterNatGatewayProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_ManagedNATGateway.json
*/
/**
* Sample code: Create Managed Cluster with AKS-managed NAT gateway as outbound type.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithAKSManagedNATGatewayAsOutboundType(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(false).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile()
.withOutboundType(OutboundType.MANAGED_NATGATEWAY).withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withNatGatewayProfile(new ManagedClusterNatGatewayProfile()
.withManagedOutboundIpProfile(new ManagedClusterManagedOutboundIpProfile().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_managed_nat_gateway.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": False,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerSku": "standard",
"natGatewayProfile": {"managedOutboundIPProfile": {"count": 2}},
"outboundType": "managedNATGateway",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_ManagedNATGateway.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_ManagedNATGateway.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithAksManagedNatGatewayAsOutboundType() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(false),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
NatGatewayProfile: &armcontainerservice.ManagedClusterNATGatewayProfile{
ManagedOutboundIPProfile: &armcontainerservice.ManagedClusterManagedOutboundIPProfile{
Count: to.Ptr[int32](2),
},
},
OutboundType: to.Ptr(armcontainerservice.OutboundTypeManagedNATGateway),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(false),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NatGatewayProfile: &armcontainerservice.ManagedClusterNATGatewayProfile{
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](4),
// ManagedOutboundIPProfile: &armcontainerservice.ManagedClusterManagedOutboundIPProfile{
// Count: to.Ptr[int32](2),
// },
// },
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeManagedNATGateway),
// PodCidr: to.Ptr("10.244.0.0/16"),
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_ManagedNATGateway.json
*/
async function createManagedClusterWithAksManagedNatGatewayAsOutboundType() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: false,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerSku: "standard",
natGatewayProfile: { managedOutboundIPProfile: { count: 2 } },
outboundType: "managedNATGateway",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_ManagedNATGateway.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = false,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.ManagedNatGateway,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
NatGatewayProfile = new ManagedClusterNatGatewayProfile
{
ManagedOutboundIPCount = 2,
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": false,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "basic",
"natGatewayProfile": {
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 4,
"managedOutboundIPProfile": {
"count": 2
}
},
"networkPlugin": "kubenet",
"outboundType": "managedNATGateway",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": false,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"natGatewayProfile": {
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 4,
"managedOutboundIPProfile": {
"count": 2
}
},
"networkPlugin": "kubenet",
"outboundType": "managedNATGateway",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with Azure KeyVault Secrets Provider Addon
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
},
"enabled": true
}
},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAddonProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_AzureKeyvaultSecretsProvider.json
*/
/**
* Sample code: Create Managed Cluster with Azure KeyVault Secrets Provider Addon.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithAzureKeyVaultSecretsProviderAddon(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile().withClientId("clientid")
.withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf("azureKeyvaultSecretsProvider",
new ManagedClusterAddonProfile().withEnabled(true).withConfig(
mapOf("enableSecretRotation", "fakeTokenPlaceholder", "rotationPollInterval", "2m"))))
.withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_azure_keyvault_secrets_provider.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"config": {"enableSecretRotation": "true", "rotationPollInterval": "2m"},
"enabled": True,
}
},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureKeyvaultSecretsProvider.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureKeyvaultSecretsProvider.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithAzureKeyVaultSecretsProviderAddon() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{
"azureKeyvaultSecretsProvider": {
Config: map[string]*string{
"enableSecretRotation": to.Ptr("true"),
"rotationPollInterval": to.Ptr("2m"),
},
Enabled: to.Ptr(true),
},
},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{
// "azureKeyvaultSecretsProvider": &armcontainerservice.ManagedClusterAddonProfile{
// Config: map[string]*string{
// "enableSecretRotation": to.Ptr("true"),
// "rotationPollInterval": to.Ptr("2m"),
// },
// Enabled: to.Ptr(true),
// },
// },
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureKeyvaultSecretsProvider.json
*/
async function createManagedClusterWithAzureKeyVaultSecretsProviderAddon() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {
azureKeyvaultSecretsProvider: {
config: { enableSecretRotation: "true", rotationPollInterval: "2m" },
enabled: true,
},
},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureKeyvaultSecretsProvider.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles =
{
["azureKeyvaultSecretsProvider"] = new ManagedClusterAddonProfile(true)
{
Config =
{
["enableSecretRotation"] = "true",
["rotationPollInterval"] = "2m"
},
}
},
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
},
"enabled": true
}
},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
},
"enabled": true
}
},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with Capacity Reservation Group
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"capacityReservationGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1",
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_CRG.json
*/
/**
* Sample code: Create Managed Cluster with Capacity Reservation Group.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithCapacityReservationGroup(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true)
.withCapacityReservationGroupId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1")
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_crg.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"capacityReservationGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1",
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CRG.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CRG.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithCapacityReservationGroup() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
CapacityReservationGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1"),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// CapacityReservationGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1"),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CRG.json
*/
async function createManagedClusterWithCapacityReservationGroup() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
capacityReservationGroupID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CRG.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
CapacityReservationGroupId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1"),
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"capacityReservationGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"capacityReservationGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with Custom CA Trust Certificates
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"securityProfile": {
"customCATrustCertificates": [
"ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ="
]
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_CustomCATrustCertificates.json
*/
/**
* Sample code: Create Managed Cluster with Custom CA Trust Certificates.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithCustomCATrustCertificates(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
.withSecurityProfile(new ManagedClusterSecurityProfile().withCustomCATrustCertificates(
Arrays.asList("ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ=".getBytes()))),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_custom_ca_trust_certificates.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"securityProfile": {
"customCATrustCertificates": ["ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ="]
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CustomCATrustCertificates.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CustomCATrustCertificates.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithCustomCaTrustCertificates() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
SecurityProfile: &armcontainerservice.ManagedClusterSecurityProfile{
CustomCATrustCertificates: [][]byte{
[]byte("ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ=")},
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// SecurityProfile: &armcontainerservice.ManagedClusterSecurityProfile{
// CustomCATrustCertificates: [][]byte{
// []byte("ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ=")},
// },
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CustomCATrustCertificates.json
*/
async function createManagedClusterWithCustomCaTrustCertificates() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
securityProfile: {
customCATrustCertificates: [
Buffer.from("ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ="),
],
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CustomCATrustCertificates.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
SecurityProfile = new ManagedClusterSecurityProfile
{
CustomCATrustCertificates = { Encoding.UTF8.GetBytes("ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ=") },
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"securityProfile": {
"customCATrustCertificates": [
"ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ="
]
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"securityProfile": {
"customCATrustCertificates": [
"ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ="
]
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with Dedicated Host Group
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"hostGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_DedicatedHostGroup.json
*/
/**
* Sample code: Create Managed Cluster with Dedicated Host Group.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithDedicatedHostGroup(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withEnableNodePublicIp(true)
.withHostGroupId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1")
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_dedicated_host_group.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"hostGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DedicatedHostGroup.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DedicatedHostGroup.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithDedicatedHostGroup() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
HostGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1"),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// EnableNodePublicIP: to.Ptr(true),
// HostGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1"),
// MaxPods: to.Ptr[int32](110),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DedicatedHostGroup.json
*/
async function createManagedClusterWithDedicatedHostGroup() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
hostGroupID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DedicatedHostGroup.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
EnableNodePublicIP = true,
HostGroupId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1"),
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"hostGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1",
"maxPods": 110,
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"hostGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1",
"maxPods": 110,
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with EncryptionAtHost enabled
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_EnableEncryptionAtHost.json
*/
/**
* Sample code: Create Managed Cluster with EncryptionAtHost enabled.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithEncryptionAtHostEnabled(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableEncryptionAtHost(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_enable_encryption_at_host.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableEncryptionAtHost": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableEncryptionAtHost.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableEncryptionAtHost.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithEncryptionAtHostEnabled() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableEncryptionAtHost: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableEncryptionAtHost.json
*/
async function createManagedClusterWithEncryptionAtHostEnabled() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableEncryptionAtHost: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableEncryptionAtHost.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableEncryptionAtHost = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with FIPS enabled OS
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableFIPS": true,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_EnabledFIPS.json
*/
/**
* Sample code: Create Managed Cluster with FIPS enabled OS.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithFIPSEnabledOS(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableFips(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_enabled_fips.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableFIPS": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnabledFIPS.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnabledFIPS.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithFipsEnabledOs() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableFIPS: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableFIPS: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnabledFIPS.json
*/
async function createManagedClusterWithFipsEnabledOS() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableFips: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnabledFIPS.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableFips = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableFIPS": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableFIPS": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with GPUMIG
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"gpuInstanceProfile": "MIG3g",
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_ND96asr_v4"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
},
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.GpuInstanceProfile;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterHttpProxyConfig;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_GPUMIG.json
*/
/**
* Sample code: Create Managed Cluster with GPUMIG.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithGPUMIG(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_ND96asr_v4")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true)
.withGpuInstanceProfile(GpuInstanceProfile.MIG3G).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
.withHttpProxyConfig(new ManagedClusterHttpProxyConfig().withHttpProxy("http://myproxy.server.com:8080")
.withHttpsProxy("https://myproxy.server.com:8080")
.withNoProxy(Arrays.asList("localhost", "127.0.0.1"))
.withTrustedCa("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=")),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_gpumig.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"gpuInstanceProfile": "MIG3g",
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_ND96asr_v4",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": ["localhost", "127.0.0.1"],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_GPUMIG.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_GPUMIG.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithGpumig() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
GpuInstanceProfile: to.Ptr(armcontainerservice.GPUInstanceProfileMIG3G),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_ND96asr_v4"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
NoProxy: []*string{
to.Ptr("localhost"),
to.Ptr("127.0.0.1")},
TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
},
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// GpuInstanceProfile: to.Ptr(armcontainerservice.GPUInstanceProfileMIG3G),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_ND96asr_v4"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
// HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
// HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
// NoProxy: []*string{
// to.Ptr("localhost"),
// to.Ptr("127.0.0.1")},
// TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
// },
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_GPUMIG.json
*/
async function createManagedClusterWithGpumig() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
gpuInstanceProfile: "MIG3g",
mode: "System",
osType: "Linux",
vmSize: "Standard_ND96asr_v4",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
httpProxyConfig: {
httpProxy: "http://myproxy.server.com:8080",
httpsProxy: "https://myproxy.server.com:8080",
noProxy: ["localhost", "127.0.0.1"],
trustedCa: "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_GPUMIG.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_ND96asr_v4",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
GpuInstanceProfile = GpuInstanceProfile.Mig3G,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
HttpProxyConfig = new ManagedClusterHttpProxyConfig
{
HttpProxy = "http://myproxy.server.com:8080",
HttpsProxy = "https://myproxy.server.com:8080",
NoProxy = { "localhost", "127.0.0.1" },
TrustedCA = "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"gpuInstanceProfile": "MIG3g",
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_ND96asr_v4"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
},
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"gpuInstanceProfile": "MIG3g",
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_ND96asr_v4"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
},
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
},
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterHttpProxyConfig;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_HTTPProxy.json
*/
/**
* Sample code: Create Managed Cluster with HTTP proxy configured.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithHTTPProxyConfigured(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
.withHttpProxyConfig(new ManagedClusterHttpProxyConfig().withHttpProxy("http://myproxy.server.com:8080")
.withHttpsProxy("https://myproxy.server.com:8080")
.withNoProxy(Arrays.asList("localhost", "127.0.0.1"))
.withTrustedCa("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=")),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_httpproxy.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": ["localhost", "127.0.0.1"],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_HTTPProxy.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_HTTPProxy.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithHttpProxyConfigured() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
NoProxy: []*string{
to.Ptr("localhost"),
to.Ptr("127.0.0.1")},
TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
},
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
// HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
// HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
// NoProxy: []*string{
// to.Ptr("localhost"),
// to.Ptr("127.0.0.1")},
// TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
// },
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_HTTPProxy.json
*/
async function createManagedClusterWithHttpProxyConfigured() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
httpProxyConfig: {
httpProxy: "http://myproxy.server.com:8080",
httpsProxy: "https://myproxy.server.com:8080",
noProxy: ["localhost", "127.0.0.1"],
trustedCa: "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_HTTPProxy.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
HttpProxyConfig = new ManagedClusterHttpProxyConfig
{
HttpProxy = "http://myproxy.server.com:8080",
HttpsProxy = "https://myproxy.server.com:8080",
NoProxy = { "localhost", "127.0.0.1" },
TrustedCA = "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
},
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
},
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with LongTermSupport
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"disableRunCommand": true
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"supportPlan": "AKSLongTermSupport",
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Base",
"tier": "Premium"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.KubernetesSupportPlan;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterApiServerAccessProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_Premium.json
*/
/**
* Sample code: Create Managed Cluster with LongTermSupport.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithLongTermSupport(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.BASE).withTier(ManagedClusterSkuTier.PREMIUM))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableEncryptionAtHost(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile().withClientId("clientid")
.withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withSupportPlan(KubernetesSupportPlan.AKSLONG_TERM_SUPPORT)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withApiServerAccessProfile(new ManagedClusterApiServerAccessProfile().withDisableRunCommand(true)),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_premium.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableEncryptionAtHost": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"apiServerAccessProfile": {"disableRunCommand": True},
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"supportPlan": "AKSLongTermSupport",
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Base", "tier": "Premium"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Premium.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Premium.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithLongTermSupport() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableEncryptionAtHost: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
DisableRunCommand: to.Ptr(true),
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
SupportPlan: to.Ptr(armcontainerservice.KubernetesSupportPlanAKSLongTermSupport),
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUNameBase),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierPremium),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
// DisableRunCommand: to.Ptr(true),
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-ee788a1f.hcp.location1.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// PrivateFQDN: to.Ptr("dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// SupportPlan: to.Ptr(armcontainerservice.KubernetesSupportPlanAKSLongTermSupport),
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// SKU: &armcontainerservice.ManagedClusterSKU{
// Name: to.Ptr(armcontainerservice.ManagedClusterSKUNameBase),
// Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierPremium),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Premium.json
*/
async function createManagedClusterWithLongTermSupport() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableEncryptionAtHost: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
apiServerAccessProfile: { disableRunCommand: true },
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Base", tier: "Premium" },
supportPlan: "AKSLongTermSupport",
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Premium.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = ManagedClusterSkuName.Base,
Tier = ManagedClusterSkuTier.Premium,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableEncryptionAtHost = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
SupportPlan = KubernetesSupportPlan.AKSLongTermSupport,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
ApiServerAccessProfile = new ManagedClusterApiServerAccessProfile
{
DisableRunCommand = true,
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"disableRunCommand": true
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"supportPlan": "AKSLongTermSupport",
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Base",
"tier": "Premium"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"disableRunCommand": true
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"supportPlan": "AKSLongTermSupport",
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Base",
"tier": "Premium"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with Node Public IP Prefix
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"nodePublicIPPrefixID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_NodePublicIPPrefix.json
*/
/**
* Sample code: Create Managed Cluster with Node Public IP Prefix.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithNodePublicIPPrefix(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true)
.withNodePublicIpPrefixId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix")
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_node_public_ip_prefix.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"nodePublicIPPrefixID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_NodePublicIPPrefix.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_NodePublicIPPrefix.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithNodePublicIpPrefix() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
NodePublicIPPrefixID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// NodePublicIPPrefixID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_NodePublicIPPrefix.json
*/
async function createManagedClusterWithNodePublicIPPrefix() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
nodePublicIPPrefixID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_NodePublicIPPrefix.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
NodePublicIPPrefixId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"),
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"nodePublicIPPrefixID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodePublicIPPrefixID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with OSSKU
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osSKU": "AzureLinux",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
},
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterHttpProxyConfig;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSSku;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_OSSKU.json
*/
/**
* Sample code: Create Managed Cluster with OSSKU.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithOSSKU(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX).withOsSku(OSSku.AZURE_LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
.withHttpProxyConfig(new ManagedClusterHttpProxyConfig().withHttpProxy("http://myproxy.server.com:8080")
.withHttpsProxy("https://myproxy.server.com:8080")
.withNoProxy(Arrays.asList("localhost", "127.0.0.1"))
.withTrustedCa("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=")),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_ossku.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osSKU": "AzureLinux",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": ["localhost", "127.0.0.1"],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_OSSKU.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_OSSKU.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithOssku() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSSKU: to.Ptr(armcontainerservice.OSSKUAzureLinux),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
NoProxy: []*string{
to.Ptr("localhost"),
to.Ptr("127.0.0.1")},
TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
},
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSSKU: to.Ptr(armcontainerservice.OSSKUAzureLinux),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
// HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
// HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
// NoProxy: []*string{
// to.Ptr("localhost"),
// to.Ptr("127.0.0.1")},
// TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
// },
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_OSSKU.json
*/
async function createManagedClusterWithOssku() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osSKU: "AzureLinux",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
httpProxyConfig: {
httpProxy: "http://myproxy.server.com:8080",
httpsProxy: "https://myproxy.server.com:8080",
noProxy: ["localhost", "127.0.0.1"],
trustedCa: "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_OSSKU.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
OSSku = ContainerServiceOSSku.AzureLinux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
HttpProxyConfig = new ManagedClusterHttpProxyConfig
{
HttpProxy = "http://myproxy.server.com:8080",
HttpsProxy = "https://myproxy.server.com:8080",
NoProxy = { "localhost", "127.0.0.1" },
TrustedCA = "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osSKU": "AzureLinux",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
},
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osSKU": "AzureLinux",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
},
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with PodIdentity enabled
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"podIdentityProfile": {
"allowNetworkPluginKubenet": true,
"enabled": true
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPodIdentityProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_PodIdentity.json
*/
/**
* Sample code: Create Managed Cluster with PodIdentity enabled.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithPodIdentityEnabled(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile().withClientId("clientid")
.withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf())
.withPodIdentityProfile(
new ManagedClusterPodIdentityProfile().withEnabled(true).withAllowNetworkPluginKubenet(true))
.withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_pod_identity.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"podIdentityProfile": {"allowNetworkPluginKubenet": True, "enabled": True},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PodIdentity.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PodIdentity.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithPodIdentityEnabled() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
PodIdentityProfile: &armcontainerservice.ManagedClusterPodIdentityProfile{
AllowNetworkPluginKubenet: to.Ptr(true),
Enabled: to.Ptr(true),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// PodIdentityProfile: &armcontainerservice.ManagedClusterPodIdentityProfile{
// AllowNetworkPluginKubenet: to.Ptr(true),
// Enabled: to.Ptr(true),
// },
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PodIdentity.json
*/
async function createManagedClusterWithPodIdentityEnabled() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
podIdentityProfile: { allowNetworkPluginKubenet: true, enabled: true },
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PodIdentity.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
PodIdentityProfile = new ManagedClusterPodIdentityProfile
{
IsEnabled = true,
AllowNetworkPluginKubenet = true,
},
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"podIdentityProfile": {
"allowNetworkPluginKubenet": true,
"enabled": true
},
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"podIdentityProfile": {
"allowNetworkPluginKubenet": true,
"enabled": true
},
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with PPG
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"proximityPlacementGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_PPG.json
*/
/**
* Sample code: Create Managed Cluster with PPG.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithPPG(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true)
.withProximityPlacementGroupId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1")
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_ppg.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"proximityPlacementGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PPG.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PPG.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithPpg() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
ProximityPlacementGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1"),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// ProximityPlacementGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PPG.json
*/
async function createManagedClusterWithPpg() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
proximityPlacementGroupID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PPG.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
ProximityPlacementGroupId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1"),
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"proximityPlacementGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"proximityPlacementGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with RunCommand disabled
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"disableRunCommand": true
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterApiServerAccessProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_DisableRunCommand.json
*/
/**
* Sample code: Create Managed Cluster with RunCommand disabled.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithRunCommandDisabled(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableEncryptionAtHost(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withApiServerAccessProfile(new ManagedClusterApiServerAccessProfile().withDisableRunCommand(true)),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_disable_run_command.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableEncryptionAtHost": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"apiServerAccessProfile": {"disableRunCommand": True},
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DisableRunCommand.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DisableRunCommand.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithRunCommandDisabled() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableEncryptionAtHost: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
DisableRunCommand: to.Ptr(true),
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
// DisableRunCommand: to.Ptr(true),
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-ee788a1f.hcp.location1.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// PrivateFQDN: to.Ptr("dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// SupportPlan: to.Ptr(armcontainerservice.KubernetesSupportPlanKubernetesOfficial),
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DisableRunCommand.json
*/
async function createManagedClusterWithRunCommandDisabled() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableEncryptionAtHost: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
apiServerAccessProfile: { disableRunCommand: true },
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DisableRunCommand.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableEncryptionAtHost = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
ApiServerAccessProfile = new ManagedClusterApiServerAccessProfile
{
DisableRunCommand = true,
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"disableRunCommand": true
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"supportPlan": "KubernetesOfficial",
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"disableRunCommand": true
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"supportPlan": "KubernetesOfficial",
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"dnsPrefix": "dnsprefix1",
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"securityProfile": {
"defender": {
"logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
"securityMonitoring": {
"enabled": true
}
},
"workloadIdentity": {
"enabled": true
}
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfileDefender;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfileDefenderSecurityMonitoring;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfileWorkloadIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_SecurityProfile.json
*/
/**
* Sample code: Create Managed Cluster with Security Profile configured.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithSecurityProfileConfigured(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withSecurityProfile(new ManagedClusterSecurityProfile()
.withDefender(new ManagedClusterSecurityProfileDefender().withLogAnalyticsWorkspaceResourceId(
"/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME")
.withSecurityMonitoring(
new ManagedClusterSecurityProfileDefenderSecurityMonitoring().withEnabled(true)))
.withWorkloadIdentity(new ManagedClusterSecurityProfileWorkloadIdentity().withEnabled(true))),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_security_profile.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"dnsPrefix": "dnsprefix1",
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"securityProfile": {
"defender": {
"logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
"securityMonitoring": {"enabled": True},
},
"workloadIdentity": {"enabled": True},
},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_SecurityProfile.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_SecurityProfile.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithSecurityProfileConfigured() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
DNSPrefix: to.Ptr("dnsprefix1"),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
SecurityProfile: &armcontainerservice.ManagedClusterSecurityProfile{
Defender: &armcontainerservice.ManagedClusterSecurityProfileDefender{
LogAnalyticsWorkspaceResourceID: to.Ptr("/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME"),
SecurityMonitoring: &armcontainerservice.ManagedClusterSecurityProfileDefenderSecurityMonitoring{
Enabled: to.Ptr(true),
},
},
WorkloadIdentity: &armcontainerservice.ManagedClusterSecurityProfileWorkloadIdentity{
Enabled: to.Ptr(true),
},
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// SecurityProfile: &armcontainerservice.ManagedClusterSecurityProfile{
// Defender: &armcontainerservice.ManagedClusterSecurityProfileDefender{
// LogAnalyticsWorkspaceResourceID: to.Ptr("/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME"),
// SecurityMonitoring: &armcontainerservice.ManagedClusterSecurityProfileDefenderSecurityMonitoring{
// Enabled: to.Ptr(true),
// },
// },
// WorkloadIdentity: &armcontainerservice.ManagedClusterSecurityProfileWorkloadIdentity{
// Enabled: to.Ptr(true),
// },
// },
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_SecurityProfile.json
*/
async function createManagedClusterWithSecurityProfileConfigured() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
dnsPrefix: "dnsprefix1",
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
securityProfile: {
defender: {
logAnalyticsWorkspaceResourceId:
"/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
securityMonitoring: { enabled: true },
},
workloadIdentity: { enabled: true },
},
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_SecurityProfile.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
SecurityProfile = new ManagedClusterSecurityProfile
{
Defender = new ManagedClusterSecurityProfileDefender
{
LogAnalyticsWorkspaceResourceId = new ResourceIdentifier("/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME"),
IsSecurityMonitoringEnabled = true,
},
IsWorkloadIdentityEnabled = true,
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"securityProfile": {
"defender": {
"logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
"securityMonitoring": {
"enabled": true
}
},
"workloadIdentity": {
"enabled": true
}
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"securityProfile": {
"defender": {
"logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
"securityMonitoring": {
"enabled": true
}
},
"workloadIdentity": {
"enabled": true
}
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with UltraSSD enabled
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"enableUltraSSD": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_EnableUltraSSD.json
*/
/**
* Sample code: Create Managed Cluster with UltraSSD enabled.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithUltraSSDEnabled(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableUltraSsd(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_enable_ultra_ssd.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"enableUltraSSD": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableUltraSSD.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableUltraSSD.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithUltraSsdEnabled() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
EnableUltraSSD: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// EnableUltraSSD: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableUltraSSD.json
*/
async function createManagedClusterWithUltraSsdEnabled() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
enableUltraSSD: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableUltraSSD.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableUltraSsd = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"enableUltraSSD": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"enableUltraSSD": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Cluster with user-assigned NAT gateway as outbound type
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": false,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "userAssignedNATGateway"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_UserAssignedNATGateway.json
*/
/**
* Sample code: Create Managed Cluster with user-assigned NAT gateway as outbound type.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithUserAssignedNATGatewayAsOutboundType(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(false).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(
new ContainerServiceNetworkProfile().withOutboundType(OutboundType.USER_ASSIGNED_NATGATEWAY)
.withLoadBalancerSku(LoadBalancerSku.STANDARD))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_user_assigned_nat_gateway.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": False,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {"loadBalancerSku": "standard", "outboundType": "userAssignedNATGateway"},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UserAssignedNATGateway.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UserAssignedNATGateway.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithUserAssignedNatGatewayAsOutboundType() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(false),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeUserAssignedNATGateway),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(false),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeUserAssignedNATGateway),
// PodCidr: to.Ptr("10.244.0.0/16"),
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UserAssignedNATGateway.json
*/
async function createManagedClusterWithUserAssignedNatGatewayAsOutboundType() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: false,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerSku: "standard",
outboundType: "userAssignedNATGateway",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UserAssignedNATGateway.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = false,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.UserAssignedNatGateway,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": false,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "userAssignedNATGateway",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": false,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "userAssignedNATGateway",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"dnsPrefix": "dnsprefix1",
"ingressProfile": {
"webAppRouting": {
"dnsZoneResourceIds": [
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME"
],
"enabled": true
}
},
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIngressProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIngressProfileWebAppRouting;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_IngressProfile_WebAppRouting.json
*/
/**
* Sample code: Create Managed Cluster with Web App Routing Ingress Profile configured.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithWebAppRoutingIngressProfileConfigured(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withIngressProfile(new ManagedClusterIngressProfile()
.withWebAppRouting(new ManagedClusterIngressProfileWebAppRouting().withEnabled(true)
.withDnsZoneResourceIds(Arrays.asList(
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME")))),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_ingress_profile_web_app_routing.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"dnsPrefix": "dnsprefix1",
"ingressProfile": {
"webAppRouting": {
"dnsZoneResourceIds": [
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME"
],
"enabled": True,
}
},
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_IngressProfile_WebAppRouting.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_IngressProfile_WebAppRouting.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithWebAppRoutingIngressProfileConfigured() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
DNSPrefix: to.Ptr("dnsprefix1"),
IngressProfile: &armcontainerservice.ManagedClusterIngressProfile{
WebAppRouting: &armcontainerservice.ManagedClusterIngressProfileWebAppRouting{
DNSZoneResourceIDs: []*string{
to.Ptr("/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME")},
Enabled: to.Ptr(true),
},
},
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// IngressProfile: &armcontainerservice.ManagedClusterIngressProfile{
// WebAppRouting: &armcontainerservice.ManagedClusterIngressProfileWebAppRouting{
// DNSZoneResourceIDs: []*string{
// to.Ptr("/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME")},
// Enabled: to.Ptr(true),
// },
// },
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_IngressProfile_WebAppRouting.json
*/
async function createManagedClusterWithWebAppRoutingIngressProfileConfigured() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
dnsPrefix: "dnsprefix1",
ingressProfile: {
webAppRouting: {
dnsZoneResourceIds: [
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME",
],
enabled: true,
},
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_IngressProfile_WebAppRouting.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
IngressWebAppRouting = new ManagedClusterIngressProfileWebAppRouting
{
IsEnabled = true,
DnsZoneResourceIds = { new ResourceIdentifier("/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME") },
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"ingressProfile": {
"webAppRouting": {
"dnsZoneResourceIds": [
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME"
],
"enabled": true
}
},
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"ingressProfile": {
"webAppRouting": {
"dnsZoneResourceIds": [
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME"
],
"enabled": true
}
},
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Private Cluster with fqdn subdomain specified
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"privateDNSZone": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"enableRBAC": true,
"fqdnSubdomain": "domain1",
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterApiServerAccessProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_PrivateClusterFQDNSubdomain.json
*/
/**
* Sample code: Create Managed Private Cluster with fqdn subdomain specified.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedPrivateClusterWithFqdnSubdomainSpecified(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withFqdnSubdomain("domain1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableEncryptionAtHost(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withApiServerAccessProfile(
new ManagedClusterApiServerAccessProfile().withEnablePrivateCluster(true).withPrivateDnsZone(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io")),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_private_cluster_fqdn_subdomain.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableEncryptionAtHost": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"apiServerAccessProfile": {
"enablePrivateCluster": True,
"privateDNSZone": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io",
},
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"enableRBAC": True,
"fqdnSubdomain": "domain1",
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterFQDNSubdomain.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterFQDNSubdomain.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedPrivateClusterWithFqdnSubdomainSpecified() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableEncryptionAtHost: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
EnablePrivateCluster: to.Ptr(true),
PrivateDNSZone: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"),
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
EnableRBAC: to.Ptr(true),
FqdnSubdomain: to.Ptr("domain1"),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
// EnablePrivateCluster: to.Ptr(true),
// PrivateDNSZone: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"),
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// EnableRBAC: to.Ptr(true),
// FqdnSubdomain: to.Ptr("domain1"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// PrivateFQDN: to.Ptr("domain1.privatelink.location1.azmk8s.io"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterFQDNSubdomain.json
*/
async function createManagedPrivateClusterWithFqdnSubdomainSpecified() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableEncryptionAtHost: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
apiServerAccessProfile: {
enablePrivateCluster: true,
privateDNSZone:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io",
},
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
enableRbac: true,
fqdnSubdomain: "domain1",
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterFQDNSubdomain.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
FqdnSubdomain = "domain1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableEncryptionAtHost = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
ApiServerAccessProfile = new ManagedClusterApiServerAccessProfile
{
EnablePrivateCluster = true,
PrivateDnsZone = "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io",
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"privateDNSZone": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"enableRBAC": true,
"fqdnSubdomain": "domain1",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"privateFQDN": "domain1.privatelink.location1.azmk8s.io",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"privateDNSZone": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"enableRBAC": true,
"fqdnSubdomain": "domain1",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"privateFQDN": "domain1.privatelink.location1.azmk8s.io",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create Managed Private Cluster with Public FQDN specified
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"enablePrivateClusterPublicFQDN": true
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterApiServerAccessProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_PrivateClusterPublicFQDN.json
*/
/**
* Sample code: Create Managed Private Cluster with Public FQDN specified.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedPrivateClusterWithPublicFQDNSpecified(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableEncryptionAtHost(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withApiServerAccessProfile(new ManagedClusterApiServerAccessProfile().withEnablePrivateCluster(true)
.withEnablePrivateClusterPublicFqdn(true)),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_private_cluster_public_fqdn.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableEncryptionAtHost": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"apiServerAccessProfile": {"enablePrivateCluster": True, "enablePrivateClusterPublicFQDN": True},
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterPublicFQDN.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterPublicFQDN.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedPrivateClusterWithPublicFqdnSpecified() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableEncryptionAtHost: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
EnablePrivateCluster: to.Ptr(true),
EnablePrivateClusterPublicFQDN: to.Ptr(true),
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
// EnablePrivateCluster: to.Ptr(true),
// EnablePrivateClusterPublicFQDN: to.Ptr(true),
// PrivateDNSZone: to.Ptr("system"),
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-ee788a1f.hcp.location1.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// PrivateFQDN: to.Ptr("dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterPublicFQDN.json
*/
async function createManagedPrivateClusterWithPublicFqdnSpecified() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableEncryptionAtHost: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
apiServerAccessProfile: {
enablePrivateCluster: true,
enablePrivateClusterPublicFqdn: true,
},
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterPublicFQDN.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableEncryptionAtHost = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
ApiServerAccessProfile = new ManagedClusterApiServerAccessProfile
{
EnablePrivateCluster = true,
EnablePrivateClusterPublicFqdn = true,
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"enablePrivateClusterPublicFQDN": true,
"privateDNSZone": "system"
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"enablePrivateClusterPublicFQDN": true,
"privateDNSZone": "system"
},
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create/Update AAD Managed Cluster with EnableAzureRBAC
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"aadProfile": {
"enableAzureRBAC": true,
"managed": true
},
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAadProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_UpdateWithEnableAzureRBAC.json
*/
/**
* Sample code: Create/Update AAD Managed Cluster with EnableAzureRBAC.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createUpdateAADManagedClusterWithEnableAzureRBAC(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS1_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withAvailabilityZones(Arrays.asList("1", "2", "3"))
.withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAadProfile(new ManagedClusterAadProfile().withManaged(true).withEnableAzureRbac(true))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_update_with_enable_azure_rbac.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"aadProfile": {"enableAzureRBAC": True, "managed": True},
"addonProfiles": {},
"agentPoolProfiles": [
{
"availabilityZones": ["1", "2", "3"],
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS1_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithEnableAzureRBAC.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithEnableAzureRBAC.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateAadManagedClusterWithEnableAzureRbac() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AADProfile: &armcontainerservice.ManagedClusterAADProfile{
EnableAzureRBAC: to.Ptr(true),
Managed: to.Ptr(true),
},
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
AvailabilityZones: []*string{
to.Ptr("1"),
to.Ptr("2"),
to.Ptr("3")},
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS1_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AADProfile: &armcontainerservice.ManagedClusterAADProfile{
// EnableAzureRBAC: to.Ptr(true),
// Managed: to.Ptr(true),
// TenantID: to.Ptr("tenantID"),
// },
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// AvailabilityZones: []*string{
// to.Ptr("1"),
// to.Ptr("2"),
// to.Ptr("3")},
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS1_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithEnableAzureRBAC.json
*/
async function createOrUpdateAadManagedClusterWithEnableAzureRbac() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
aadProfile: { enableAzureRbac: true, managed: true },
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
availabilityZones: ["1", "2", "3"],
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS1_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithEnableAzureRBAC.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS1_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
AvailabilityZones = {"1", "2", "3"},
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AadProfile = new ManagedClusterAadProfile
{
IsManagedAadEnabled = true,
IsAzureRbacEnabled = true,
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"aadProfile": {
"adminGroupObjectIDs": null,
"enableAzureRBAC": true,
"managed": true,
"tenantID": "tenantID"
},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"aadProfile": {
"adminGroupObjectIDs": null,
"enableAzureRBAC": true,
"managed": true,
"tenantID": "tenantID"
},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create/Update Managed Cluster
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
}
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"scaleDownMode": "Deallocate",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"upgradeSettings": {
"overrideSettings": {
"forceUpgrade": false,
"until": "2022-11-01T13:00:00Z"
}
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ClusterUpgradeSettings;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.Expander;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.ManagedServiceIdentityUserAssignedIdentitiesValue;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ResourceIdentityType;
import com.azure.resourcemanager.containerservice.models.ScaleDownMode;
import com.azure.resourcemanager.containerservice.models.UpgradeOverrideSettings;
import java.time.OffsetDateTime;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_Update.json
*/
/**
* Sample code: Create/Update Managed Cluster.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createUpdateManagedCluster(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku().withName(ManagedClusterSkuName.fromString("Basic"))
.withTier(ManagedClusterSkuTier.FREE))
.withIdentity(new ManagedClusterIdentity().withType(ResourceIdentityType.USER_ASSIGNED)
.withUserAssignedIdentities(mapOf(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1",
new ManagedServiceIdentityUserAssignedIdentitiesValue())))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS1_v2").withOsType(OSType.LINUX).withScaleDownMode(ScaleDownMode.DEALLOCATE)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withAvailabilityZones(Arrays.asList("1", "2", "3")).withEnableNodePublicIp(true)
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withUpgradeSettings(new ClusterUpgradeSettings().withOverrideSettings(new UpgradeOverrideSettings()
.withForceUpgrade(false).withUntil(OffsetDateTime.parse("2022-11-01T13:00:00Z"))))
.withAutoScalerProfile(
new ManagedClusterPropertiesAutoScalerProfile().withBalanceSimilarNodeGroups("true")
.withExpander(Expander.PRIORITY).withMaxNodeProvisionTime("15m").withNewPodScaleUpDelay("1m")
.withScanInterval("20s").withScaleDownDelayAfterAdd("15m").withSkipNodesWithSystemPods("false"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_update.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
},
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"availabilityZones": ["1", "2", "3"],
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"scaleDownMode": "Deallocate",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS1_v2",
}
],
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false",
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"upgradeSettings": {"overrideSettings": {"forceUpgrade": False, "until": "2022-11-01T13:00:00Z"}},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Update.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"time"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Update.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedCluster() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Identity: &armcontainerservice.ManagedClusterIdentity{
Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {},
},
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
AvailabilityZones: []*string{
to.Ptr("1"),
to.Ptr("2"),
to.Ptr("3")},
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
ScaleDownMode: to.Ptr(armcontainerservice.ScaleDownModeDeallocate),
VMSize: to.Ptr("Standard_DS1_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
BalanceSimilarNodeGroups: to.Ptr("true"),
Expander: to.Ptr(armcontainerservice.ExpanderPriority),
MaxNodeProvisionTime: to.Ptr("15m"),
NewPodScaleUpDelay: to.Ptr("1m"),
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
SkipNodesWithSystemPods: to.Ptr("false"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
UpgradeSettings: &armcontainerservice.ClusterUpgradeSettings{
OverrideSettings: &armcontainerservice.UpgradeOverrideSettings{
ForceUpgrade: to.Ptr(false),
Until: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-01T13:00:00.000Z"); return t }()),
},
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Identity: &armcontainerservice.ManagedClusterIdentity{
// Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": &armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// ClientID: to.Ptr("clientId1"),
// PrincipalID: to.Ptr("principalId1"),
// },
// },
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// AvailabilityZones: []*string{
// to.Ptr("1"),
// to.Ptr("2"),
// to.Ptr("3")},
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// ScaleDownMode: to.Ptr(armcontainerservice.ScaleDownModeDeallocate),
// VMSize: to.Ptr("Standard_DS1_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// BalanceSimilarNodeGroups: to.Ptr("true"),
// Expander: to.Ptr(armcontainerservice.ExpanderPriority),
// MaxNodeProvisionTime: to.Ptr("15m"),
// NewPodScaleUpDelay: to.Ptr("1m"),
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// SkipNodesWithSystemPods: to.Ptr("false"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// UpgradeSettings: &armcontainerservice.ClusterUpgradeSettings{
// OverrideSettings: &armcontainerservice.UpgradeOverrideSettings{
// ForceUpgrade: to.Ptr(false),
// Until: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-01T13:00:00.000Z"); return t}()),
// },
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Update.json
*/
async function createOrUpdateManagedCluster() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
availabilityZones: ["1", "2", "3"],
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
scaleDownMode: "Deallocate",
vmSize: "Standard_DS1_v2",
},
],
autoScalerProfile: {
balanceSimilarNodeGroups: "true",
expander: "priority",
maxNodeProvisionTime: "15m",
newPodScaleUpDelay: "1m",
scaleDownDelayAfterAdd: "15m",
scanInterval: "20s",
skipNodesWithSystemPods: "false",
},
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/00000000000000000000000000000000/resourcegroups/rgName1/providers/MicrosoftManagedIdentity/userAssignedIdentities/identity1":
{},
},
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
upgradeSettings: {
overrideSettings: {
forceUpgrade: false,
until: new Date("2022-11-01T13:00:00Z"),
},
},
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Update.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
ClusterIdentity = new ManagedClusterIdentity
{
ResourceIdentityType = "UserAssigned",
UserAssignedIdentities =
{
[new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1")] = new UserAssignedIdentity()
},
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS1_v2",
OSType = ContainerServiceOSType.Linux,
ScaleDownMode = ScaleDownMode.Deallocate,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
AvailabilityZones = {"1", "2", "3"},
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
UpgradeOverrideSettings = new UpgradeOverrideSettings
{
ForceUpgrade = false,
Until = DateTimeOffset.Parse("2022-11-01T13:00:00Z"),
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
BalanceSimilarNodeGroups = "true",
Expander = AutoScaleExpander.Priority,
MaxNodeProvisionTime = "15m",
NewPodScaleUpDelay = "1m",
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
SkipNodesWithSystemPods = "false",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"clientId": "clientId1",
"principalId": "principalId1"
}
}
},
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"scaleDownMode": "Deallocate",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"upgradeSettings": {
"overrideSettings": {
"forceUpgrade": false,
"until": "2022-11-01T13:00:00Z"
}
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"clientId": "clientId1",
"principalId": "principalId1"
}
}
},
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"scaleDownMode": "Deallocate",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create/Update Managed Cluster with Azure Service Mesh
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"properties": {
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
},
"enabled": true
}
},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"serviceMeshProfile": {
"istio": {
"certificateAuthority": {
"plugin": {
"certChainObjectName": "cert-chain",
"certObjectName": "ca-cert",
"keyObjectName": "ca-key",
"keyVaultId": "/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
"rootCertObjectName": "root-cert"
}
},
"components": {
"egressGateways": [
{
"name": "test-istio-egress",
"enabled": true,
"gatewayConfigurationName": "test-gateway-configuration"
}
],
"ingressGateways": [
{
"enabled": true,
"mode": "Internal"
}
]
}
},
"mode": "Istio"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.IstioCertificateAuthority;
import com.azure.resourcemanager.containerservice.models.IstioComponents;
import com.azure.resourcemanager.containerservice.models.IstioEgressGateway;
import com.azure.resourcemanager.containerservice.models.IstioIngressGateway;
import com.azure.resourcemanager.containerservice.models.IstioIngressGatewayMode;
import com.azure.resourcemanager.containerservice.models.IstioPluginCertificateAuthority;
import com.azure.resourcemanager.containerservice.models.IstioServiceMesh;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAddonProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ServiceMeshMode;
import com.azure.resourcemanager.containerservice.models.ServiceMeshProfile;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_AzureServiceMesh.json
*/
/**
* Sample code: Create/Update Managed Cluster with Azure Service Mesh.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createUpdateManagedClusterWithAzureServiceMesh(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile().withClientId("clientid")
.withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf("azureKeyvaultSecretsProvider",
new ManagedClusterAddonProfile().withEnabled(true).withConfig(
mapOf("enableSecretRotation", "fakeTokenPlaceholder", "rotationPollInterval", "2m"))))
.withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
.withServiceMeshProfile(
new ServiceMeshProfile().withMode(ServiceMeshMode.ISTIO)
.withIstio(new IstioServiceMesh()
.withComponents(new IstioComponents()
.withIngressGateways(Arrays.asList(new IstioIngressGateway()
.withMode(IstioIngressGatewayMode.INTERNAL).withEnabled(true)))
.withEgressGateways(Arrays
.asList(new IstioEgressGateway().withEnabled(true).withName("test-istio-egress")
.withGatewayConfigurationName("test-gateway-configuration"))))
.withCertificateAuthority(new IstioCertificateAuthority()
.withPlugin(new IstioPluginCertificateAuthority().withKeyVaultId("fakeTokenPlaceholder")
.withCertObjectName("ca-cert").withKeyObjectName("fakeTokenPlaceholder")
.withRootCertObjectName("root-cert").withCertChainObjectName("cert-chain"))))),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_azure_service_mesh.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"config": {"enableSecretRotation": "true", "rotationPollInterval": "2m"},
"enabled": True,
}
},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"serviceMeshProfile": {
"istio": {
"certificateAuthority": {
"plugin": {
"certChainObjectName": "cert-chain",
"certObjectName": "ca-cert",
"keyObjectName": "ca-key",
"keyVaultId": "/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
"rootCertObjectName": "root-cert",
}
},
"components": {
"egressGateways": [
{
"enabled": True,
"gatewayConfigurationName": "test-gateway-configuration",
"name": "test-istio-egress",
}
],
"ingressGateways": [{"enabled": True, "mode": "Internal"}],
},
},
"mode": "Istio",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureServiceMesh.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureServiceMesh.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedClusterWithAzureServiceMesh() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{
"azureKeyvaultSecretsProvider": {
Config: map[string]*string{
"enableSecretRotation": to.Ptr("true"),
"rotationPollInterval": to.Ptr("2m"),
},
Enabled: to.Ptr(true),
},
},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServiceMeshProfile: &armcontainerservice.ServiceMeshProfile{
Istio: &armcontainerservice.IstioServiceMesh{
CertificateAuthority: &armcontainerservice.IstioCertificateAuthority{
Plugin: &armcontainerservice.IstioPluginCertificateAuthority{
CertChainObjectName: to.Ptr("cert-chain"),
CertObjectName: to.Ptr("ca-cert"),
KeyObjectName: to.Ptr("ca-key"),
KeyVaultID: to.Ptr("/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv"),
RootCertObjectName: to.Ptr("root-cert"),
},
},
Components: &armcontainerservice.IstioComponents{
EgressGateways: []*armcontainerservice.IstioEgressGateway{
{
Name: to.Ptr("test-istio-egress"),
Enabled: to.Ptr(true),
GatewayConfigurationName: to.Ptr("test-gateway-configuration"),
}},
IngressGateways: []*armcontainerservice.IstioIngressGateway{
{
Enabled: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.IstioIngressGatewayModeInternal),
}},
},
},
Mode: to.Ptr(armcontainerservice.ServiceMeshModeIstio),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{
// "azureKeyvaultSecretsProvider": &armcontainerservice.ManagedClusterAddonProfile{
// Config: map[string]*string{
// "enableSecretRotation": to.Ptr("true"),
// "rotationPollInterval": to.Ptr("2m"),
// },
// Enabled: to.Ptr(true),
// },
// },
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServiceMeshProfile: &armcontainerservice.ServiceMeshProfile{
// Istio: &armcontainerservice.IstioServiceMesh{
// CertificateAuthority: &armcontainerservice.IstioCertificateAuthority{
// Plugin: &armcontainerservice.IstioPluginCertificateAuthority{
// CertChainObjectName: to.Ptr("cert-chain"),
// CertObjectName: to.Ptr("ca-cert"),
// KeyObjectName: to.Ptr("ca-key"),
// KeyVaultID: to.Ptr("/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv"),
// RootCertObjectName: to.Ptr("root-cert"),
// },
// },
// Components: &armcontainerservice.IstioComponents{
// EgressGateways: []*armcontainerservice.IstioEgressGateway{
// {
// Name: to.Ptr("test-istio-egress"),
// Enabled: to.Ptr(true),
// GatewayConfigurationName: to.Ptr("test-gateway-configuration"),
// }},
// IngressGateways: []*armcontainerservice.IstioIngressGateway{
// {
// Enabled: to.Ptr(true),
// Mode: to.Ptr(armcontainerservice.IstioIngressGatewayModeInternal),
// }},
// },
// Revisions: []*string{
// to.Ptr("asm-1-17")},
// },
// Mode: to.Ptr(armcontainerservice.ServiceMeshModeIstio),
// },
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureServiceMesh.json
*/
async function createOrUpdateManagedClusterWithAzureServiceMesh() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {
azureKeyvaultSecretsProvider: {
config: { enableSecretRotation: "true", rotationPollInterval: "2m" },
enabled: true,
},
},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
serviceMeshProfile: {
istio: {
certificateAuthority: {
plugin: {
certChainObjectName: "cert-chain",
certObjectName: "ca-cert",
keyObjectName: "ca-key",
keyVaultId:
"/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
rootCertObjectName: "root-cert",
},
},
components: {
egressGateways: [
{
name: "test-istio-egress",
enabled: true,
gatewayConfigurationName: "test-gateway-configuration",
},
],
ingressGateways: [{ enabled: true, mode: "Internal" }],
},
},
mode: "Istio",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureServiceMesh.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles =
{
["azureKeyvaultSecretsProvider"] = new ManagedClusterAddonProfile(true)
{
Config =
{
["enableSecretRotation"] = "true",
["rotationPollInterval"] = "2m"
},
}
},
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
ServiceMeshProfile = new ServiceMeshProfile(ServiceMeshMode.Istio)
{
Istio = new IstioServiceMesh
{
Components = new IstioComponents
{
IngressGateways = { new IstioIngressGateway(IstioIngressGatewayMode.Internal, true) },
EgressGateways = {new IstioEgressGateway(true, "test-istio-egress")
{
GatewayConfigurationName = "test-gateway-configuration",
}},
},
CertificateAuthorityPlugin = new IstioPluginCertificateAuthority
{
KeyVaultId = new ResourceIdentifier("/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv"),
CertObjectName = "ca-cert",
KeyObjectName = "ca-key",
RootCertObjectName = "root-cert",
CertChainObjectName = "cert-chain",
},
},
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
},
"enabled": true
}
},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"serviceMeshProfile": {
"istio": {
"certificateAuthority": {
"plugin": {
"certChainObjectName": "cert-chain",
"certObjectName": "ca-cert",
"keyObjectName": "ca-key",
"keyVaultId": "/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
"rootCertObjectName": "root-cert"
}
},
"components": {
"egressGateways": [
{
"name": "test-istio-egress",
"enabled": true,
"gatewayConfigurationName": "test-gateway-configuration"
}
],
"ingressGateways": [
{
"enabled": true,
"mode": "Internal"
}
]
},
"revisions": [
"asm-1-17"
]
},
"mode": "Istio"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"properties": {
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
},
"enabled": true
}
},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"count": 3,
"enableEncryptionAtHost": true,
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS2_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"serviceMeshProfile": {
"istio": {
"certificateAuthority": {
"plugin": {
"certChainObjectName": "cert-chain",
"certObjectName": "ca-cert",
"keyObjectName": "ca-key",
"keyVaultId": "/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
"rootCertObjectName": "root-cert"
}
},
"components": {
"egressGateways": [
{
"name": "test-istio-egress",
"enabled": true,
"gatewayConfigurationName": "test-gateway-configuration"
}
],
"ingressGateways": [
{
"enabled": true,
"mode": "Internal"
}
]
},
"revisions": [
"asm-1-17"
]
},
"mode": "Istio"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create/Update Managed Cluster with dual-stack networking
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
}
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"scaleDownMode": "Deallocate",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"ipFamilies": [
"IPv4",
"IPv6"
],
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.Expander;
import com.azure.resourcemanager.containerservice.models.IpFamily;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.ManagedServiceIdentityUserAssignedIdentitiesValue;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ResourceIdentityType;
import com.azure.resourcemanager.containerservice.models.ScaleDownMode;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_DualStackNetworking.json
*/
/**
* Sample code: Create/Update Managed Cluster with dual-stack networking.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createUpdateManagedClusterWithDualStackNetworking(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku().withName(ManagedClusterSkuName.fromString("Basic"))
.withTier(ManagedClusterSkuTier.FREE))
.withIdentity(new ManagedClusterIdentity().withType(ResourceIdentityType.USER_ASSIGNED)
.withUserAssignedIdentities(mapOf(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1",
new ManagedServiceIdentityUserAssignedIdentitiesValue())))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS1_v2").withOsType(OSType.LINUX).withScaleDownMode(ScaleDownMode.DEALLOCATE)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withAvailabilityZones(Arrays.asList("1", "2", "3")).withEnableNodePublicIp(true)
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2)))
.withIpFamilies(Arrays.asList(IpFamily.IPV4, IpFamily.IPV6)))
.withAutoScalerProfile(
new ManagedClusterPropertiesAutoScalerProfile().withBalanceSimilarNodeGroups("true")
.withExpander(Expander.PRIORITY).withMaxNodeProvisionTime("15m").withNewPodScaleUpDelay("1m")
.withScanInterval("20s").withScaleDownDelayAfterAdd("15m").withSkipNodesWithSystemPods("false"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_dual_stack_networking.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
},
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"availabilityZones": ["1", "2", "3"],
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"scaleDownMode": "Deallocate",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS1_v2",
}
],
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false",
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"ipFamilies": ["IPv4", "IPv6"],
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DualStackNetworking.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DualStackNetworking.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedClusterWithDualStackNetworking() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Identity: &armcontainerservice.ManagedClusterIdentity{
Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {},
},
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
AvailabilityZones: []*string{
to.Ptr("1"),
to.Ptr("2"),
to.Ptr("3")},
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
ScaleDownMode: to.Ptr(armcontainerservice.ScaleDownModeDeallocate),
VMSize: to.Ptr("Standard_DS1_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
BalanceSimilarNodeGroups: to.Ptr("true"),
Expander: to.Ptr(armcontainerservice.ExpanderPriority),
MaxNodeProvisionTime: to.Ptr("15m"),
NewPodScaleUpDelay: to.Ptr("1m"),
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
SkipNodesWithSystemPods: to.Ptr("false"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
IPFamilies: []*armcontainerservice.IPFamily{
to.Ptr(armcontainerservice.IPFamilyIPv4),
to.Ptr(armcontainerservice.IPFamilyIPv6)},
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Identity: &armcontainerservice.ManagedClusterIdentity{
// Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": &armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// ClientID: to.Ptr("clientId1"),
// PrincipalID: to.Ptr("principalId1"),
// },
// },
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// AvailabilityZones: []*string{
// to.Ptr("1"),
// to.Ptr("2"),
// to.Ptr("3")},
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.22.1"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.22.1"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// ScaleDownMode: to.Ptr(armcontainerservice.ScaleDownModeDeallocate),
// VMSize: to.Ptr("Standard_DS1_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// BalanceSimilarNodeGroups: to.Ptr("true"),
// Expander: to.Ptr(armcontainerservice.ExpanderPriority),
// MaxNodeProvisionTime: to.Ptr("15m"),
// NewPodScaleUpDelay: to.Ptr("1m"),
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// SkipNodesWithSystemPods: to.Ptr("false"),
// },
// CurrentKubernetesVersion: to.Ptr("1.22.1"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.22.1"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// to.Ptr(armcontainerservice.IPFamilyIPv6)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip3-ipv6"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// CountIPv6: to.Ptr[int32](1),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// to.Ptr("fd11:1234::/64")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// to.Ptr("fd00:1234::/108")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DualStackNetworking.json
*/
async function createOrUpdateManagedClusterWithDualStackNetworking() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
availabilityZones: ["1", "2", "3"],
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
scaleDownMode: "Deallocate",
vmSize: "Standard_DS1_v2",
},
],
autoScalerProfile: {
balanceSimilarNodeGroups: "true",
expander: "priority",
maxNodeProvisionTime: "15m",
newPodScaleUpDelay: "1m",
scaleDownDelayAfterAdd: "15m",
scanInterval: "20s",
skipNodesWithSystemPods: "false",
},
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/00000000000000000000000000000000/resourcegroups/rgName1/providers/MicrosoftManagedIdentity/userAssignedIdentities/identity1":
{},
},
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
ipFamilies: ["IPv4", "IPv6"],
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DualStackNetworking.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
ClusterIdentity = new ManagedClusterIdentity
{
ResourceIdentityType = "UserAssigned",
UserAssignedIdentities =
{
[new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1")] = new UserAssignedIdentity()
},
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS1_v2",
OSType = ContainerServiceOSType.Linux,
ScaleDownMode = ScaleDownMode.Deallocate,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
AvailabilityZones = {"1", "2", "3"},
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
NetworkIPFamilies = { ContainerServiceIPFamily.IPv4, ContainerServiceIPFamily.IPv6 },
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
BalanceSimilarNodeGroups = "true",
Expander = AutoScaleExpander.Priority,
MaxNodeProvisionTime = "15m",
NewPodScaleUpDelay = "1m",
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
SkipNodesWithSystemPods = "false",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"clientId": "clientId1",
"principalId": "principalId1"
}
}
},
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"currentOrchestratorVersion": "1.22.1",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.22.1",
"osType": "Linux",
"provisioningState": "Succeeded",
"scaleDownMode": "Deallocate",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false"
},
"currentKubernetesVersion": "1.22.1",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.22.1",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4",
"IPv6"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip3-ipv6"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2,
"countIPv6": 1
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16",
"fd11:1234::/64"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16",
"fd00:1234::/108"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"clientId": "clientId1",
"principalId": "principalId1"
}
}
},
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"currentOrchestratorVersion": "1.22.1",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.22.1",
"osType": "Linux",
"provisioningState": "Creating",
"scaleDownMode": "Deallocate",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.22.1",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.22.1",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4",
"IPv6"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip3-ipv6"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2,
"countIPv6": 1
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16",
"fd11:1234::/64"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16",
"fd00:1234::/108"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create/Update Managed Cluster with EnableAHUB
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
}
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser",
"licenseType": "Windows_Server"
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LicenseType;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.ManagedServiceIdentityUserAssignedIdentitiesValue;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ResourceIdentityType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_UpdateWithAHUB.json
*/
/**
* Sample code: Create/Update Managed Cluster with EnableAHUB.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createUpdateManagedClusterWithEnableAHUB(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku().withName(ManagedClusterSkuName.fromString("Basic"))
.withTier(ManagedClusterSkuTier.FREE))
.withIdentity(new ManagedClusterIdentity().withType(ResourceIdentityType.USER_ASSIGNED)
.withUserAssignedIdentities(mapOf(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1",
new ManagedServiceIdentityUserAssignedIdentitiesValue())))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS1_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withAvailabilityZones(Arrays.asList("1", "2", "3"))
.withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder").withLicenseType(LicenseType.WINDOWS_SERVER))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_update_with_ahub.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
},
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"availabilityZones": ["1", "2", "3"],
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS1_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser",
"licenseType": "Windows_Server",
},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithAHUB.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithAHUB.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedClusterWithEnableAhub() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Identity: &armcontainerservice.ManagedClusterIdentity{
Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {},
},
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
AvailabilityZones: []*string{
to.Ptr("1"),
to.Ptr("2"),
to.Ptr("3")},
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS1_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
LicenseType: to.Ptr(armcontainerservice.LicenseTypeWindowsServer),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Identity: &armcontainerservice.ManagedClusterIdentity{
// Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": &armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// ClientID: to.Ptr("clientId1"),
// PrincipalID: to.Ptr("principalId1"),
// },
// },
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// AvailabilityZones: []*string{
// to.Ptr("1"),
// to.Ptr("2"),
// to.Ptr("3")},
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS1_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// LicenseType: to.Ptr(armcontainerservice.LicenseTypeWindowsServer),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithAHUB.json
*/
async function createOrUpdateManagedClusterWithEnableAhub() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
availabilityZones: ["1", "2", "3"],
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS1_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/00000000000000000000000000000000/resourcegroups/rgName1/providers/MicrosoftManagedIdentity/userAssignedIdentities/identity1":
{},
},
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
licenseType: "Windows_Server",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithAHUB.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
ClusterIdentity = new ManagedClusterIdentity
{
ResourceIdentityType = "UserAssigned",
UserAssignedIdentities =
{
[new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1")] = new UserAssignedIdentity()
},
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS1_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
AvailabilityZones = {"1", "2", "3"},
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
LicenseType = WindowsVmLicenseType.WindowsServer,
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"clientId": "clientId1",
"principalId": "principalId1"
}
}
},
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser",
"licenseType": "Windows_Server"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"clientId": "clientId1",
"principalId": "principalId1"
}
}
},
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser",
"licenseType": "Windows_Server"
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Create/Update Managed Cluster with Windows gMSA enabled
Voorbeeldaanvraag
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
}
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"enableNodePublicIP": true,
"mode": "System",
"osType": "Linux",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser",
"gmsaProfile": {
"enabled": true
}
}
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"tags": {
"archv2": "",
"tier": "production"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.ManagedServiceIdentityUserAssignedIdentitiesValue;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ResourceIdentityType;
import com.azure.resourcemanager.containerservice.models.WindowsGmsaProfile;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_UpdateWindowsGmsa.json
*/
/**
* Sample code: Create/Update Managed Cluster with Windows gMSA enabled.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createUpdateManagedClusterWithWindowsGMSAEnabled(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku().withName(ManagedClusterSkuName.fromString("Basic"))
.withTier(ManagedClusterSkuTier.FREE))
.withIdentity(new ManagedClusterIdentity().withType(ResourceIdentityType.USER_ASSIGNED)
.withUserAssignedIdentities(mapOf(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1",
new ManagedServiceIdentityUserAssignedIdentitiesValue())))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS1_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withAvailabilityZones(Arrays.asList("1", "2", "3"))
.withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder")
.withGmsaProfile(new WindowsGmsaProfile().withEnabled(true)))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_update_windows_gmsa.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
},
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"availabilityZones": ["1", "2", "3"],
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS1_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser",
"gmsaProfile": {"enabled": True},
},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWindowsGmsa.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWindowsGmsa.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedClusterWithWindowsGMsaEnabled() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Identity: &armcontainerservice.ManagedClusterIdentity{
Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {},
},
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
AvailabilityZones: []*string{
to.Ptr("1"),
to.Ptr("2"),
to.Ptr("3")},
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS1_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
GmsaProfile: &armcontainerservice.WindowsGmsaProfile{
Enabled: to.Ptr(true),
},
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Identity: &armcontainerservice.ManagedClusterIdentity{
// Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": &armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// ClientID: to.Ptr("clientId1"),
// PrincipalID: to.Ptr("principalId1"),
// },
// },
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// AvailabilityZones: []*string{
// to.Ptr("1"),
// to.Ptr("2"),
// to.Ptr("3")},
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS1_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// GmsaProfile: &armcontainerservice.WindowsGmsaProfile{
// Enabled: to.Ptr(true),
// },
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWindowsGmsa.json
*/
async function createOrUpdateManagedClusterWithWindowsGMsaEnabled() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
availabilityZones: ["1", "2", "3"],
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS1_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/00000000000000000000000000000000/resourcegroups/rgName1/providers/MicrosoftManagedIdentity/userAssignedIdentities/identity1":
{},
},
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
gmsaProfile: { enabled: true },
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWindowsGmsa.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
ClusterIdentity = new ManagedClusterIdentity
{
ResourceIdentityType = "UserAssigned",
UserAssignedIdentities =
{
[new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1")] = new UserAssignedIdentity()
},
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS1_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
AvailabilityZones = {"1", "2", "3"},
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
GmsaProfile = new WindowsGmsaProfile
{
IsEnabled = true,
},
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Voorbeeldrespons
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"clientId": "clientId1",
"principalId": "principalId1"
}
}
},
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Succeeded",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Succeeded",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser",
"gmsaProfile": {
"enabled": true
}
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
{
"name": "clustername1",
"type": "Microsoft.ContainerService/ManagedClusters",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"clientId": "clientId1",
"principalId": "principalId1"
}
}
},
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"name": "nodepool1",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"count": 3,
"currentOrchestratorVersion": "1.9.6",
"enableNodePublicIP": true,
"maxPods": 110,
"mode": "System",
"orchestratorVersion": "1.9.6",
"osType": "Linux",
"provisioningState": "Creating",
"vmSize": "Standard_DS1_v2"
}
],
"autoScalerProfile": {
"scale-down-delay-after-add": "15m",
"scan-interval": "20s"
},
"currentKubernetesVersion": "1.9.6",
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": true,
"kubernetesVersion": "1.9.6",
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"maxAgentPools": 1,
"networkProfile": {
"dnsServiceIP": "10.0.0.10",
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
],
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
}
},
"loadBalancerSku": "standard",
"networkPlugin": "kubenet",
"outboundType": "loadBalancer",
"podCidr": "10.244.0.0/16",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidr": "10.0.0.0/16",
"serviceCidrs": [
"10.0.0.0/16"
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"provisioningState": "Creating",
"servicePrincipalProfile": {
"clientId": "clientid"
},
"windowsProfile": {
"adminUsername": "azureuser",
"gmsaProfile": {
"enabled": true
}
}
},
"tags": {
"archv2": "",
"tier": "production"
}
}
Definities
| Name |
Description |
|
AdvancedNetworking
|
Geavanceerd netwerkprofiel voor het inschakelen van waarneembaarheid en beveiligingsfunctiessuite op een cluster. Zie aka.ms/aksadvancednetworking voor meer informatie.
|
|
AdvancedNetworkingObservability
|
Het waarneembaarheidsprofiel om geavanceerde metrische netwerkgegevens en stroomlogboeken met historische contexten mogelijk te maken.
|
|
AdvancedNetworkingSecurity
|
Beveiligingsprofiel voor het inschakelen van beveiligingsfuncties voor het cluster op basis van cilium.
|
|
AdvancedNetworkPolicies
|
Schakel geavanceerd netwerkbeleid in. Hiermee kunnen gebruikers netwerkbeleid voor Laag 7 configureren (FQDN, HTTP, Kafka). Beleidsregels zelf moeten worden geconfigureerd via de resources van het Cilium-netwerkbeleid, zie https://docs.cilium.io/en/latest/security/policy/index.html. Dit kan alleen worden ingeschakeld voor clusters op basis van cilium. Als deze niet is opgegeven, is de standaardwaarde FQDN als security.enabled is ingesteld op true.
|
|
AgentPoolGatewayProfile
|
Profiel van de beheerde clustergatewayagentgroep.
|
|
AgentPoolMode
|
De modus van een agentpool. Een cluster moet te allen tijde ten minste één agentgroep van het systeem hebben. Zie voor meer informatie over beperkingen en aanbevolen procedures voor agentgroepen: https://docs.microsoft.com/azure/aks/use-system-pools
|
|
AgentPoolNetworkProfile
|
Netwerkinstellingen van een agentgroep.
|
|
AgentPoolSecurityProfile
|
De beveiligingsinstellingen van een agentgroep.
|
|
AgentPoolSSHAccess
|
SSH-toegangsmethode van een agentgroep.
|
|
AgentPoolStatus
|
Bevat alleen-lezen informatie over de agentgroep.
|
|
AgentPoolType
|
Het type agentgroep.
|
|
AgentPoolUpgradeSettings
|
Instellingen voor het upgraden van een agentpool
|
|
AgentPoolWindowsProfile
|
Het specifieke profiel van de Windows-agentgroep.
|
|
ArtifactSource
|
De artefactbron. De bron waaruit de artefacten worden gedownload.
|
|
AzureKeyVaultKms
|
Azure Key Vault-service-instellingen voor sleutelbeheer voor het beveiligingsprofiel.
|
|
BackendPoolType
|
Het type beheerde binnenkomende Load Balancer BackendPool.
|
|
ClusterUpgradeSettings
|
Instellingen voor het upgraden van een cluster.
|
|
Code
|
Hiermee wordt aangegeven of het cluster wordt uitgevoerd of gestopt
|
|
ContainerServiceLinuxProfile
|
Profiel voor Linux-VM's in het containerservicecluster.
|
|
ContainerServiceNetworkProfile
|
Profiel van netwerkconfiguratie.
|
|
ContainerServiceSshConfiguration
|
SSH-configuratie voor op Linux gebaseerde VM's die worden uitgevoerd in Azure.
|
|
ContainerServiceSshPublicKey
|
Bevat informatie over openbare sleutelgegevens van het SSH-certificaat.
|
|
createdByType
|
Het type identiteit waarmee de resource is gemaakt.
|
|
CreationData
|
Gegevens die worden gebruikt bij het maken van een doelresource op basis van een bronresource.
|
|
DelegatedResource
|
Gedelegeerde resource-eigenschappen: alleen intern gebruik.
|
|
ErrorAdditionalInfo
|
Aanvullende informatie over de resourcebeheerfout.
|
|
ErrorDetail
|
De foutdetails.
|
|
ErrorResponse
|
Foutreactie
|
|
Expander
|
De expander om te gebruiken bij het opschalen. Als dit niet is opgegeven, is de standaardwaarde 'willekeurig'. Zie expanders voor meer informatie.
|
|
ExtendedLocation
|
Het complexe type van de uitgebreide locatie.
|
|
ExtendedLocationTypes
|
Het type extendedLocation.
|
|
GPUDriver
|
Of u GPU-stuurprogramma's wilt installeren. Als deze niet is opgegeven, is de standaardwaarde Installeren.
|
|
GPUInstanceProfile
|
GPUInstanceProfile dat moet worden gebruikt om het GPU MIG-exemplaarprofiel op te geven voor de ondersteunde GPU VM-SKU.
|
|
GPUProfile
|
GPU-instellingen voor de agentgroep.
|
|
IPFamily
|
Bepalen of het adres tot de IPv4- of IPv6-familie behoort
|
|
IPTag
|
Bevat de IPTag die aan het object is gekoppeld.
|
|
IstioCertificateAuthority
|
Configuratie van Istio Service Mesh Certificate Authority (CA). Voorlopig ondersteunen we alleen invoegtoepassingscertificaten, zoals hier wordt beschreven https://aka.ms/asm-plugin-ca
|
|
IstioComponents
|
Configuratie van Istio-onderdelen.
|
|
IstioEgressGateway
|
Istio uitgaande gatewayconfiguratie.
|
|
IstioIngressGateway
|
Istio-gatewayconfiguratie voor inkomend verkeer. Voorlopig ondersteunen we maximaal één externe ingangsgateway met de naam aks-istio-ingressgateway-external en één interne ingangsgateway met de naam aks-istio-ingressgateway-internal.
|
|
IstioIngressGatewayMode
|
Modus van een toegangsbeheerobjectgateway.
|
|
IstioPluginCertificateAuthority
|
Informatie over invoegtoepassingscertificaten voor Service Mesh.
|
|
IstioServiceMesh
|
Configuratie van istio-service-mesh.
|
|
KeyVaultNetworkAccessTypes
|
Netwerktoegang van de sleutelkluis. Netwerktoegang tot de sleutelkluis. De mogelijke waarden zijn Public en Private.
Public betekent dat de sleutelkluis openbare toegang vanuit alle netwerken toestaat.
Private betekent dat de sleutelkluis openbare toegang uitschakelt en private link inschakelt. De standaardwaarde is Public.
|
|
KubeletConfig
|
Kubelet-configuraties van agentknooppunten. Zie aangepaste AKS-knooppuntconfiguratie voor meer informatie.
|
|
KubeletDiskType
|
Bepaalt de plaatsing van legeDir-volumes, hoofdmap van containerruntimegegevens en tijdelijke Kubelet-opslag.
|
|
KubernetesSupportPlan
|
Verschillende ondersteuningslagen voor door AKS beheerde clusters
|
|
LicenseType
|
Het licentietype dat moet worden gebruikt voor Windows-VM's. Zie azure Hybrid User Benefits voor meer informatie.
|
|
LinuxOSConfig
|
Besturingssysteemconfiguraties van Linux-agentknooppunten. Zie aangepaste AKS-knooppuntconfiguratie voor meer informatie.
|
|
LoadBalancerSku
|
De SKU van de load balancer voor het beheerde cluster. De standaardwaarde is 'standaard'. Zie Azure Load Balancer-SKU's voor meer informatie over de verschillen tussen load balancer-SKU's.
|
|
LocalDNSForwardDestination
|
Doelserver voor DNS-query's die moeten worden doorgestuurd vanuit localDNS.
|
|
LocalDNSForwardPolicy
|
Beleid doorsturen voor het selecteren van upstream DNS-server. Zie forward plugin voor meer informatie.
|
|
LocalDNSMode
|
Wijze van inschakelen voor localDNS.
|
|
LocalDNSOverride
|
Overschrijvingen voor het localDNS-profiel.
|
|
LocalDNSProfile
|
Configureert de lokale DNS per knooppunt, met VnetDNS- en KubeDNS-overschrijvingen. LocalDNS helpt de prestaties en betrouwbaarheid van DNS-resolutie in een AKS-cluster te verbeteren. Voor meer details zie aka.ms/aks/localdns.
|
|
LocalDNSProtocol
|
Dwing TCP af of geef de voorkeur aan het UDP-protocol voor verbindingen van localDNS naar upstream DNS-server.
|
|
LocalDNSQueryLogging
|
Logboekniveau voor DNS-query's in localDNS.
|
|
LocalDNSServeStale
|
Beleid voor het leveren van verouderde gegevens. Zie cache-plug-in voor meer informatie.
|
|
LocalDNSState
|
Door het systeem gegenereerde status van localDNS.
|
|
ManagedCluster
|
Beheerd cluster.
|
|
ManagedClusterAADProfile
|
AADProfile specificeert kenmerken voor Azure Active Directory-integratie. Zie beheerde AAD op AKS-voor meer informatie.
|
|
ManagedClusterAddonProfile
|
Een Kubernetes-invoegtoepassingsprofiel voor een beheerd cluster.
|
|
ManagedClusterAddonProfileIdentity
|
Informatie over de door de gebruiker toegewezen identiteit die door deze invoegtoepassing wordt gebruikt.
|
|
ManagedClusterAgentPoolProfile
|
Profiel voor de containerserviceagentgroep.
|
|
ManagedClusterAIToolchainOperatorProfile
|
Wanneer u de operator inschakelt, worden een set beheerde CRD's en controllers van AKS in het cluster geïnstalleerd. De operator automatiseert de implementatie van OSS-modellen voor deductie- en/of trainingsdoeleinden. Het biedt een set vooraf ingestelde modellen en maakt gedistribueerde deductie mogelijk.
|
|
ManagedClusterAPIServerAccessProfile
|
Toegangsprofiel voor beheerde cluster-API-server.
|
|
ManagedClusterAutoUpgradeProfile
|
Profiel voor automatische upgrade voor een beheerd cluster.
|
|
ManagedClusterAzureMonitorProfile
|
Azure Monitor-invoegtoepassingsprofielen voor het bewaken van het beheerde cluster.
|
|
ManagedClusterAzureMonitorProfileKubeStateMetrics
|
Kube State Metrics-profiel voor de Azure Managed Prometheus-invoegtoepassing. Deze optionele instellingen zijn voor de pod kube-state-metrics die wordt geïmplementeerd met de invoegtoepassing. Zie aka.ms/AzureManagedPrometheus-optional-parameters voor meer informatie.
|
|
ManagedClusterAzureMonitorProfileMetrics
|
Profiel voor metrische gegevens voor de beheerde Azure Monitor-service voor prometheus-invoegtoepassing. Verzamel standaard metrische kubernetes-infrastructuurgegevens om naar een Azure Monitor-werkruimte te verzenden en aanvullende scraping te configureren voor aangepaste doelen. Zie aka.ms/AzureManagedPrometheus voor een overzicht.
|
|
ManagedClusterBootstrapProfile
|
Het bootstrapprofiel.
|
|
ManagedClusterCostAnalysis
|
De configuratie van de kostenanalyse voor het cluster
|
|
ManagedClusterHTTPProxyConfig
|
Http-proxyconfiguratie van cluster.
|
|
ManagedClusterIdentity
|
Identiteit voor het beheerde cluster.
|
|
ManagedClusterIngressProfile
|
Inkomend profiel voor het containerservicecluster.
|
|
ManagedClusterIngressProfileNginx
|
Nginx ingress controllerconfiguratie voor het beheerde cluster ingress profiel.
|
|
ManagedClusterIngressProfileWebAppRouting
|
Invoegtoepassingsinstellingen voor toepassingsroutering voor het toegangsbeheerprofiel.
|
|
ManagedClusterLoadBalancerProfile
|
Profiel van de load balancer van het beheerde cluster.
|
|
ManagedClusterLoadBalancerProfileManagedOutboundIPs
|
Gewenste beheerde uitgaande IP-adressen voor de load balancer van het cluster.
|
|
ManagedClusterLoadBalancerProfileOutboundIPPrefixes
|
Gewenste uitgaande IP-voorvoegselbronnen voor de load balancer van het cluster.
|
|
ManagedClusterLoadBalancerProfileOutboundIPs
|
Gewenste uitgaande IP-resources voor de load balancer van het cluster.
|
|
ManagedClusterManagedOutboundIPProfile
|
Profiel van de beheerde uitgaande IP-resources van het beheerde cluster.
|
|
ManagedClusterMetricsProfile
|
Het profiel voor metrische gegevens voor managedCluster.
|
|
ManagedClusterNATGatewayProfile
|
Profiel van de NAT-gateway van het beheerde cluster.
|
|
ManagedClusterNodeProvisioningProfile
|
Node-provisioningprofiel voor het beheerde cluster.
|
|
ManagedClusterNodeResourceGroupProfile
|
Vergrendelingsprofiel voor knooppuntresourcegroepen voor een beheerd cluster.
|
|
ManagedClusterOIDCIssuerProfile
|
Het OIDC-verlenerprofiel van het beheerde cluster.
|
|
ManagedClusterPodIdentity
|
Details over de pod-identiteit die is toegewezen aan het beheerde cluster.
|
|
ManagedClusterPodIdentityException
|
Een uitzondering op podidentiteit, waarmee pods met bepaalde labels toegang hebben tot het EINDPUNT van de Azure Instance Metadata Service (IMDS) zonder dat deze worden onderschept door de NMI-server (Node Managed Identity). Zie AAD Pod Identity uitschakelen voor een specifieke pod/toepassing voor meer informatie.
|
|
ManagedClusterPodIdentityProfile
|
Het pod-identiteitsprofiel van het beheerde cluster. Zie AAD-podidentiteit gebruiken voor meer informatie over de integratie van pod-identiteiten.
|
|
ManagedClusterPodIdentityProvisioningError
|
Een foutbericht van het inrichten van pod-identiteiten.
|
|
ManagedClusterPodIdentityProvisioningErrorBody
|
Een foutbericht van het inrichten van pod-identiteiten.
|
|
ManagedClusterPodIdentityProvisioningInfo
|
Pod-identiteitsinformatie.
|
|
ManagedClusterPodIdentityProvisioningState
|
De huidige inrichtingsstatus van de pod-identiteit.
|
|
ManagedClusterPropertiesAutoScalerProfile
|
Parameters die moeten worden toegepast op de automatische schaalaanpassing van clusters wanneer deze optie is ingeschakeld
|
|
ManagedClusterSecurityProfile
|
Beveiligingsprofiel voor het containerservicecluster.
|
|
ManagedClusterSecurityProfileDefender
|
Microsoft Defender-instellingen voor het beveiligingsprofiel.
|
|
ManagedClusterSecurityProfileDefenderSecurityMonitoring
|
Microsoft Defender-instellingen voor de detectie van bedreigingen van beveiligingsprofielen.
|
|
ManagedClusterSecurityProfileImageCleaner
|
Image Cleaner verwijdert ongebruikte installatiekopieën van knooppunten, maakt schijfruimte vrij en helpt het kwetsbaarheid voor aanvallen te verminderen. Hier volgen instellingen voor het beveiligingsprofiel.
|
|
ManagedClusterSecurityProfileWorkloadIdentity
|
Instellingen voor workloadidentiteit voor het beveiligingsprofiel.
|
|
ManagedClusterServicePrincipalProfile
|
Informatie over een service-principal-identiteit voor het cluster dat moet worden gebruikt voor het bewerken van Azure-API's.
|
|
ManagedClusterSKU
|
De SKU van een beheerd cluster.
|
|
ManagedClusterSKUName
|
De naam van een beheerde cluster-SKU.
|
|
ManagedClusterSKUTier
|
De laag van een beheerde cluster-SKU. Als dit niet is opgegeven, is de standaardwaarde 'Gratis'. Zie de AKS-prijscategorie voor meer informatie.
|
|
ManagedClusterStaticEgressGatewayProfile
|
De configuratie van de invoegtoepassing Static Egress Gateway voor het cluster.
|
|
ManagedClusterStatus
|
Bevat alleen-lezen informatie over het beheerde cluster.
|
|
ManagedClusterStorageProfile
|
Opslagprofiel voor het containerservicecluster.
|
|
ManagedClusterStorageProfileBlobCSIDriver
|
AzureBlob CSI-stuurprogramma-instellingen voor het opslagprofiel.
|
|
ManagedClusterStorageProfileDiskCSIDriver
|
AzureDisk CSI-stuurprogramma-instellingen voor het opslagprofiel.
|
|
ManagedClusterStorageProfileFileCSIDriver
|
AzureFile CSI-stuurprogramma-instellingen voor het opslagprofiel.
|
|
ManagedClusterStorageProfileSnapshotController
|
Instellingen voor momentopnamecontroller voor het opslagprofiel.
|
|
ManagedClusterWindowsProfile
|
Profiel voor Windows-VM's in het beheerde cluster.
|
|
ManagedClusterWorkloadAutoScalerProfile
|
Profiel voor automatische schaalaanpassing van werkbelastingen voor het beheerde cluster.
|
|
ManagedClusterWorkloadAutoScalerProfileKeda
|
KEDA-instellingen (Kubernetes Event-driven Autoscaling) voor het profiel voor automatische schaalaanpassing van werkbelastingen.
|
|
ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler
|
VPA-instellingen (Verticale automatische schaalaanpassing van pods) voor het profiel voor automatisch schalen van werkbelastingen.
|
|
ManagedServiceIdentityUserAssignedIdentitiesValue
|
Door de gebruiker toegewezen identiteitseigenschappen.
|
|
ManualScaleProfile
|
Specificaties op het aantal machines.
|
|
NetworkDataplane
|
Netwerkgegevensvlak dat wordt gebruikt in het Kubernetes-cluster.
|
|
NetworkMode
|
De netwerkmodus waarmee Azure CNI is geconfigureerd. Dit kan niet worden opgegeven als networkPlugin iets anders is dan 'azure'.
|
|
NetworkPlugin
|
De netwerkinvoegtoepassing die wordt gebruikt voor het bouwen van het Kubernetes-netwerk.
|
|
NetworkPluginMode
|
De modus die de netwerkinvoegtoepassing moet gebruiken.
|
|
NetworkPolicy
|
Netwerkbeleid dat wordt gebruikt voor het bouwen van het Kubernetes-netwerk.
|
|
NginxIngressControllerType
|
Type inkomend verkeer voor de standaard aangepaste NginxIngressController-resource
|
|
NodeOSUpgradeChannel
|
Kanaal voor upgrade van het besturingssysteem van het knooppunt. De manier waarop het besturingssysteem op uw knooppunten wordt bijgewerkt. De standaardwaarde is NodeImage.
|
|
NodeProvisioningDefaultNodePools
|
De set standaard Karpenter NodePools (CRD's) die is geconfigureerd voor het inrichten van knooppunten. Dit veld heeft geen effect, tenzij de modus 'Auto' is. Waarschuwing: Als u dit op een bestaand cluster wijzigt van Auto naar Geen, worden de standaard Karpenter-knooppuntpools verwijderd, waardoor de knooppunten die aan deze pools zijn gekoppeld, worden leeggemaakt en verwijderd. Het wordt sterk aanbevolen om dit niet te doen, tenzij er inactieve knooppunten klaar staan om de pods te nemen die door die actie zijn ontruimd. Als dit niet is opgegeven, is de standaardinstelling Automatisch. Voor meer informatie zie aka.ms/aks/nap#node-pools.
|
|
NodeProvisioningMode
|
De inrichtingsmodus van het knooppunt. Als dit niet is opgegeven, is de standaardwaarde Handmatig.
|
|
OSDiskType
|
Het type besturingssysteemschijf dat moet worden gebruikt voor machines in de agentgroep. De standaardwaarde is 'kortstondig' als de VIRTUELE machine deze ondersteunt en een cacheschijf heeft die groter is dan de aangevraagde OSDiskSizeGB. Anders wordt standaard 'Beheerd' gebruikt. Kan niet worden gewijzigd na het maken. Zie kortstondige os-voor meer informatie.
|
|
OSSKU
|
Hiermee geeft u de SKU van het besturingssysteem op die wordt gebruikt door de agentgroep. De standaardwaarde is Ubuntu als OSType Linux is. De standaardwaarde is Windows2019 wanneer Kubernetes <= 1.24 of Windows2022 wanneer Kubernetes >= 1.25 als OSType Windows is.
|
|
OSType
|
Het type besturingssysteem. De standaardwaarde is Linux.
|
|
OutboundType
|
De uitgaande routeringsmethode (uitgaand verkeer). Dit kan alleen worden ingesteld tijdens het maken van het cluster en kan later niet meer worden gewijzigd. Zie uitgaand uitgaand type voor meer informatie.
|
|
PodIPAllocationMode
|
Pod IP-toewijzingsmodus. De IP-toewijzingsmodus voor pods in de agentgroep. Moet worden gebruikt met podSubnetId. De standaardwaarde is DynamicIndividual.
|
|
PortRange
|
Het poortbereik.
|
|
PowerState
|
Beschrijft de energiestatus van het cluster
|
|
PrivateLinkResource
|
Een private link-resource
|
|
Protocol
|
Het netwerkprotocol van de poort.
|
|
PublicNetworkAccess
|
PublicNetworkAccess van het beheerde cluster. Openbare netwerktoegang voor AKS toestaan of weigeren
|
|
ResourceIdentityType
|
Het type identiteit dat wordt gebruikt voor het beheerde cluster. Zie Beheerde identiteiten gebruiken in AKS voor meer informatie.
|
|
ResourceReference
|
Een verwijzing naar een Azure-resource.
|
|
RestrictionLevel
|
Het beperkingsniveau dat is toegepast op de knooppuntresourcegroep van het cluster. Als dit niet is opgegeven, is de standaardwaarde 'Onbeperkt'
|
|
ScaleDownMode
|
Beschrijft hoe VM's worden toegevoegd aan of verwijderd uit agentpools. Zie factureringsstatussen.
|
|
ScaleProfile
|
Specificaties voor het schalen van een VirtualMachines-agentpool.
|
|
ScaleSetEvictionPolicy
|
Het uitzettingsbeleid voor de schaal van de virtuele machine. In het uitzettingsbeleid wordt aangegeven wat er met de VM moet gebeuren wanneer deze wordt uitgezet. De standaardinstelling is Verwijderen. Voor meer informatie over uitzetting zie spot VM's
|
|
ScaleSetPriority
|
De prioriteit van de virtuele-machineschaalset.
|
|
ServiceMeshMode
|
Modus van de service-mesh.
|
|
ServiceMeshProfile
|
Service-mesh-profiel voor een beheerd cluster.
|
|
SysctlConfig
|
Sysctl-instellingen voor Linux-agentknooppunten.
|
|
systemData
|
Metagegevens met betrekking tot het maken en de laatste wijziging van de resource.
|
|
UndrainableNodeBehavior
|
Definieert het gedrag voor oningestoorde knooppunten tijdens de upgrade. De meest voorkomende oorzaak van oningestoorde knooppunten is PDU's (Pod Disruption Budgets), maar andere problemen, zoals de respijtperiode voor podbeëindiging, overschrijden de resterende time-out voor het leegmaken van knooppunten of pods hebben nog steeds een actieve status, maar kunnen ook oningestoorde knooppunten veroorzaken.
|
|
UpgradeChannel
|
Het upgradekanaal voor automatische upgrade. De standaardwaarde is 'none'. Zie het instellen van het kanaal voor automatische upgrade van het AKS-cluster voor meer informatie.
|
|
UpgradeOverrideSettings
|
Instellingen voor onderdrukkingen bij het upgraden van een cluster.
|
|
UserAssignedIdentity
|
Details over een door de gebruiker toegewezen identiteit.
|
|
VirtualMachineNodes
|
Huidige status van een groep knooppunten met dezelfde VM-grootte.
|
|
VirtualMachinesProfile
|
Specificaties voor VirtualMachines-agentpool.
|
|
WindowsGmsaProfile
|
Windows gMSA-profiel in het beheerde cluster.
|
|
WorkloadRuntime
|
Bepaalt het type workload dat een knooppunt kan uitvoeren.
|
AdvancedNetworking
Object
Geavanceerd netwerkprofiel voor het inschakelen van waarneembaarheid en beveiligingsfunctiessuite op een cluster. Zie aka.ms/aksadvancednetworking voor meer informatie.
| Name |
Type |
Description |
|
enabled
|
boolean
|
Geeft de activering aan van geavanceerde netwerkfunctionaliteiten van waarneembaarheid en beveiliging op AKS-clusters. Wanneer dit is ingesteld op waar, worden alle waarneembaarheids- en beveiligingsfuncties ingesteld op ingeschakeld, tenzij deze expliciet zijn uitgeschakeld. Als dit niet is opgegeven, is de standaardwaarde onwaar.
|
|
observability
|
AdvancedNetworkingObservability
|
Het waarneembaarheidsprofiel om geavanceerde metrische netwerkgegevens en stroomlogboeken met historische contexten mogelijk te maken.
|
|
security
|
AdvancedNetworkingSecurity
|
Beveiligingsprofiel voor het inschakelen van beveiligingsfuncties voor het cluster op basis van cilium.
|
AdvancedNetworkingObservability
Object
Het waarneembaarheidsprofiel om geavanceerde metrische netwerkgegevens en stroomlogboeken met historische contexten mogelijk te maken.
| Name |
Type |
Description |
|
enabled
|
boolean
|
Geeft de activering aan van geavanceerde waarneembaarheidsfuncties voor netwerken op clusters.
|
AdvancedNetworkingSecurity
Object
Beveiligingsprofiel voor het inschakelen van beveiligingsfuncties voor het cluster op basis van cilium.
| Name |
Type |
Description |
|
advancedNetworkPolicies
|
AdvancedNetworkPolicies
|
Schakel geavanceerd netwerkbeleid in. Hiermee kunnen gebruikers netwerkbeleid voor Laag 7 configureren (FQDN, HTTP, Kafka). Beleidsregels zelf moeten worden geconfigureerd via de resources van het Cilium-netwerkbeleid, zie https://docs.cilium.io/en/latest/security/policy/index.html. Dit kan alleen worden ingeschakeld voor clusters op basis van cilium. Als deze niet is opgegeven, is de standaardwaarde FQDN als security.enabled is ingesteld op true.
|
|
enabled
|
boolean
|
Met deze functie kan de gebruiker netwerkbeleid configureren op basis van DNS-namen (FQDN). Het kan alleen worden ingeschakeld voor ciliumclusters. Als dit niet is opgegeven, is de standaardwaarde onwaar.
|
AdvancedNetworkPolicies
Opsomming
Schakel geavanceerd netwerkbeleid in. Hiermee kunnen gebruikers netwerkbeleid voor Laag 7 configureren (FQDN, HTTP, Kafka). Beleidsregels zelf moeten worden geconfigureerd via de resources van het Cilium-netwerkbeleid, zie https://docs.cilium.io/en/latest/security/policy/index.html. Dit kan alleen worden ingeschakeld voor clusters op basis van cilium. Als deze niet is opgegeven, is de standaardwaarde FQDN als security.enabled is ingesteld op true.
| Waarde |
Description |
|
L7
|
Schakel Layer7-netwerkbeleid in (FQDN, HTTP/S, Kafka). Deze optie is een superset van de FQDN-optie.
|
|
FQDN
|
Op FQDN gebaseerd netwerkbeleid inschakelen
|
|
None
|
Layer 7-netwerkbeleid uitschakelen (FQDN, HTTP/S, Kafka)
|
AgentPoolGatewayProfile
Object
Profiel van de beheerde clustergatewayagentgroep.
| Name |
Type |
Default value |
Description |
|
publicIPPrefixSize
|
integer
(int32)
minimum: 28
maximum: 31
|
31
|
De gatewayagentgroep koppelt één openbaar IPPrefix voor elke statische uitgaande gateway om openbaar uitgaand verkeer te bieden. De grootte van Public IPPrefix moet door de gebruiker worden geselecteerd. Elk knooppunt in de agentgroep wordt toegewezen met één IP van het IPPrefix. De IPPrefix-grootte fungeert dus als een limiet voor de grootte van de gatewayagentgroep. Vanwege de beperking van de grootte van openbare IPPrefix in Azure is het geldige waardebereik [28, 31] (/31 = 2 knooppunten/IP's, /30 = 4 knooppunten/IP's, /29 = 8 knooppunten/IP's, /28 = 16 knooppunten/IP-adressen). De standaardwaarde is 31.
|
AgentPoolMode
Opsomming
De modus van een agentpool. Een cluster moet te allen tijde ten minste één agentgroep van het systeem hebben. Zie voor meer informatie over beperkingen en aanbevolen procedures voor agentgroepen: https://docs.microsoft.com/azure/aks/use-system-pools
| Waarde |
Description |
|
System
|
Pools van systeemagenten zijn voornamelijk bedoeld voor het hosten van kritieke systeempods zoals CoreDNS en metrics-server. Systeemagentpools osType moet Linux zijn. Vm-SKU's voor systeemagentgroepen moeten ten minste 2vCPU's en 4 GB geheugen hebben.
|
|
User
|
Groepen van user-agents zijn voornamelijk bedoeld voor het hosten van uw applicatiepods.
|
|
Gateway
|
Gateway-agentpools zijn bedoeld voor het leveren van statische uitgaande IP's aan pods. Zie https://aka.ms/aks/static-egress-gateway voor meer informatie.
|
AgentPoolNetworkProfile
Object
Netwerkinstellingen van een agentgroep.
| Name |
Type |
Description |
|
allowedHostPorts
|
PortRange[]
|
De poortbereiken waartoe toegang is toegestaan. De opgegeven bereiken mogen elkaar overlappen.
|
|
applicationSecurityGroups
|
string[]
(arm-id)
|
De id's van de toepassingsbeveiligingsgroepen die door de agentgroep worden gekoppeld wanneer deze worden gemaakt.
|
|
nodePublicIPTags
|
IPTag[]
|
IPTags van openbare IP-adressen op exemplaarniveau.
|
AgentPoolSecurityProfile
Object
De beveiligingsinstellingen van een agentgroep.
| Name |
Type |
Description |
|
enableSecureBoot
|
boolean
|
Beveiligd opstarten is een functie van Vertrouwde start die ervoor zorgt dat alleen ondertekende besturingssystemen en stuurprogramma's kunnen worden opgestart. Zie aka.ms/aks/trustedlaunch voor meer informatie. Als dit niet is opgegeven, is de standaardwaarde onwaar.
|
|
enableVTPM
|
boolean
|
vTPM is een vertrouwde startfunctie voor het configureren van een toegewezen beveiligde kluis voor sleutels en metingen die lokaal op het knooppunt worden bewaard. Zie aka.ms/aks/trustedlaunch voor meer informatie. Als dit niet is opgegeven, is de standaardwaarde onwaar.
|
|
sshAccess
|
AgentPoolSSHAccess
|
SSH-toegangsmethode van een agentgroep.
|
AgentPoolSSHAccess
Opsomming
SSH-toegangsmethode van een agentgroep.
| Waarde |
Description |
|
LocalUser
|
Kan SSH op het knooppunt gebruiken als lokale gebruiker met behulp van een persoonlijke sleutel.
|
|
Disabled
|
De SSH-service wordt uitgeschakeld op het knooppunt.
|
AgentPoolStatus
Object
Bevat alleen-lezen informatie over de agentgroep.
| Name |
Type |
Description |
|
provisioningError
|
ErrorDetail
|
De gedetailleerde informatie van de agentengroep in de fout. Behoudt de gedetailleerde informatie over storingen. Als er geen fout is opgetreden, wordt dit veld weggelaten.
|
AgentPoolType
Opsomming
Het type agentgroep.
| Waarde |
Description |
|
VirtualMachineScaleSets
|
Maak een agentgroep die wordt ondersteund door een virtuele-machineschaalset.
|
|
AvailabilitySet
|
Het gebruik hiervan wordt sterk afgeraden.
|
|
VirtualMachines
|
Maak een agentgroep die wordt ondersteund door een VM-indelingsmodus met één exemplaar.
|
AgentPoolUpgradeSettings
Object
Instellingen voor het upgraden van een agentpool
| Name |
Type |
Description |
|
drainTimeoutInMinutes
|
integer
(int32)
minimum: 1
maximum: 1440
|
De drain timeout voor een knooppunt. De hoeveelheid tijd (in minuten) om te wachten op verwijdering van pods en respijtvolle beëindiging per knooppunt. Deze verwijderingswachttijd eert het wachten op budgetten voor podonderbreking. Als deze tijd wordt overschreden, mislukt de upgrade. Als dit niet is opgegeven, is de standaardwaarde 30 minuten.
|
|
maxSurge
|
string
|
Het maximum aantal knooppunten of het maximumpercentage van knooppunten dat tijdens de upgrade is overgegaan. Dit kan worden ingesteld op een geheel getal (bijvoorbeeld '5') of een percentage (bijvoorbeeld '50%'). Als een percentage is opgegeven, is dit het percentage van de totale grootte van de agentgroep op het moment van de upgrade. Voor percentages worden breukknooppunten naar boven afgerond. Als dit niet is opgegeven, is de standaardwaarde 10%. Zie voor meer informatie, inclusief aanbevolen procedures: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster
|
|
maxUnavailable
|
string
|
Het maximum aantal of het percentage knooppunten dat tegelijkertijd niet beschikbaar is tijdens de upgrade. Dit kan worden ingesteld op een geheel getal (bijvoorbeeld '1') of een percentage (bijvoorbeeld '5%'). Als een percentage is opgegeven, is dit het percentage van de totale grootte van de agentgroep op het moment van de upgrade. Voor percentages worden breukknooppunten naar boven afgerond. Als dit niet is opgegeven, is de standaardwaarde 0. Zie voor meer informatie, inclusief aanbevolen procedures: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster
|
|
nodeSoakDurationInMinutes
|
integer
(int32)
minimum: 0
maximum: 30
|
De inweekduur voor een knoop. De hoeveelheid tijd (in minuten) die moet worden gewacht na het leegmaken van een knooppunt en voordat u het opnieuw opgeeft en verdergaat met het volgende knooppunt. Als dit niet is opgegeven, is de standaardwaarde 0 minuten.
|
|
undrainableNodeBehavior
|
UndrainableNodeBehavior
|
Definieert het gedrag voor oningestoorde knooppunten tijdens de upgrade. De meest voorkomende oorzaak van oningestoorde knooppunten is PDU's (Pod Disruption Budgets), maar andere problemen, zoals de respijtperiode voor podbeëindiging, overschrijden de resterende time-out voor het leegmaken van knooppunten of pods hebben nog steeds een actieve status, maar kunnen ook oningestoorde knooppunten veroorzaken.
|
AgentPoolWindowsProfile
Object
Het specifieke profiel van de Windows-agentgroep.
| Name |
Type |
Description |
|
disableOutboundNat
|
boolean
|
Of OutboundNAT in Windows-knooppunten moet worden uitgeschakeld. De standaardwaarde is onwaar. Uitgaande NAT kan alleen worden uitgeschakeld als het cluster uitgaandetype NAT Gateway is en de Windows-agentgroep geen openbaar IP-adres van het knooppunt heeft ingeschakeld.
|
ArtifactSource
Opsomming
De artefactbron. De bron waaruit de artefacten worden gedownload.
| Waarde |
Description |
|
Cache
|
Afbeeldingen ophalen uit Azure Container Registry met cache
|
|
Direct
|
afbeeldingen ophalen uit Microsoft Artifact Registry
|
AzureKeyVaultKms
Object
Azure Key Vault-service-instellingen voor sleutelbeheer voor het beveiligingsprofiel.
| Name |
Type |
Default value |
Description |
|
enabled
|
boolean
|
|
Of u de Azure Key Vault-sleutelbeheerservice wilt inschakelen. De standaardwaarde is onwaar.
|
|
keyId
|
string
|
|
Id van Azure Key Vault-sleutel. Zie de indeling van de sleutel-id voor meer informatie. Wanneer de Azure Key Vault-sleutelbeheerservice is ingeschakeld, is dit veld vereist en moet dit een geldige sleutel-id zijn. Wanneer de Azure Key Vault-service voor sleutelbeheer is uitgeschakeld, laat u het veld leeg.
|
|
keyVaultNetworkAccess
|
KeyVaultNetworkAccessTypes
|
Public
|
Netwerktoegang van de sleutelkluis. Netwerktoegang tot de sleutelkluis. De mogelijke waarden zijn Public en Private.
Public betekent dat de sleutelkluis openbare toegang vanuit alle netwerken toestaat.
Private betekent dat de sleutelkluis openbare toegang uitschakelt en private link inschakelt. De standaardwaarde is Public.
|
|
keyVaultResourceId
|
string
(arm-id)
|
|
Resource-id van sleutelkluis. Als keyVaultNetworkAccess is Private, is dit veld vereist en moet dit een geldige resource-id zijn. Wanneer keyVaultNetworkAccess is Public, laat u het veld leeg.
|
BackendPoolType
Opsomming
Het type beheerde binnenkomende Load Balancer BackendPool.
ClusterUpgradeSettings
Object
Instellingen voor het upgraden van een cluster.
Code
Opsomming
Hiermee wordt aangegeven of het cluster wordt uitgevoerd of gestopt
| Waarde |
Description |
|
Running
|
Het cluster wordt uitgevoerd.
|
|
Stopped
|
Het cluster is gestopt.
|
ContainerServiceLinuxProfile
Object
Profiel voor Linux-VM's in het containerservicecluster.
| Name |
Type |
Description |
|
adminUsername
|
string
pattern: ^[A-Za-z][-A-Za-z0-9_]*$
|
De gebruikersnaam van de beheerder die moet worden gebruikt voor Virtuele Linux-machines.
|
|
ssh
|
ContainerServiceSshConfiguration
|
De SSH-configuratie voor op Linux gebaseerde VM's die worden uitgevoerd in Azure.
|
ContainerServiceNetworkProfile
Object
Profiel van netwerkconfiguratie.
| Name |
Type |
Default value |
Description |
|
advancedNetworking
|
AdvancedNetworking
|
|
Geavanceerd netwerkprofiel voor het inschakelen van waarneembaarheid en beveiligingsfunctiessuite op een cluster. Zie aka.ms/aksadvancednetworking voor meer informatie.
|
|
dnsServiceIP
|
string
pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
|
10.0.0.10
|
Een IP-adres dat is toegewezen aan de Kubernetes DNS-service. Deze moet zich binnen het Kubernetes-serviceadresbereik bevinden dat is opgegeven in serviceCidr.
|
|
ipFamilies
|
IPFamily[]
|
|
De IP-families die worden gebruikt om IP-versies op te geven die beschikbaar zijn voor het cluster. IP-families worden gebruikt om clusters met één stack of dubbele stack te bepalen. Voor één stack is de verwachte waarde IPv4. Voor dual-stack zijn de verwachte waarden IPv4 en IPv6.
|
|
loadBalancerProfile
|
ManagedClusterLoadBalancerProfile
|
|
Profiel van de load balancer van het cluster.
|
|
loadBalancerSku
|
LoadBalancerSku
|
|
De SKU van de load balancer voor het beheerde cluster. De standaardwaarde is 'standaard'. Zie Azure Load Balancer-SKU's voor meer informatie over de verschillen tussen load balancer-SKU's.
|
|
natGatewayProfile
|
ManagedClusterNATGatewayProfile
|
|
Profiel van de CLUSTER NAT-gateway.
|
|
networkDataplane
|
NetworkDataplane
|
|
Netwerkgegevensvlak dat wordt gebruikt in het Kubernetes-cluster.
|
|
networkMode
|
NetworkMode
|
|
De netwerkmodus waarmee Azure CNI is geconfigureerd. Dit kan niet worden opgegeven als networkPlugin iets anders is dan 'azure'.
|
|
networkPlugin
|
NetworkPlugin
|
|
De netwerkinvoegtoepassing die wordt gebruikt voor het bouwen van het Kubernetes-netwerk.
|
|
networkPluginMode
|
NetworkPluginMode
|
|
De modus die de netwerkinvoegtoepassing moet gebruiken.
|
|
networkPolicy
|
NetworkPolicy
|
|
Netwerkbeleid dat wordt gebruikt voor het bouwen van het Kubernetes-netwerk.
|
|
outboundType
|
OutboundType
|
loadBalancer
|
De uitgaande routeringsmethode (uitgaand verkeer). Dit kan alleen worden ingesteld tijdens het maken van het cluster en kan later niet meer worden gewijzigd. Zie uitgaand uitgaand type voor meer informatie.
|
|
podCidr
|
string
pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
|
10.244.0.0/16
|
Een CIDR-notatie-IP-bereik waaruit pod-IP's moeten worden toegewezen wanneer kubenet wordt gebruikt.
|
|
podCidrs
|
string[]
|
|
Het IP-adres van de CIDR-notatie varieert van waaruit pod-IP-adressen moeten worden toegewezen. Er wordt één IPv4-CIDR verwacht voor netwerken met één stack. Twee CIDR's, één voor elke IP-familie (IPv4/IPv6), wordt verwacht voor dual-stack-netwerken.
|
|
serviceCidr
|
string
pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
|
10.0.0.0/16
|
Een IP-adresbereik voor CIDR-notatie van waaruit IP-adressen van serviceclusters moeten worden toegewezen. Deze mag niet overlappen met IP-adresbereiken van het subnet.
|
|
serviceCidrs
|
string[]
|
|
Het IP-adres van de CIDR-notatie varieert van waaruit ip-adressen van serviceclusters moeten worden toegewezen. Er wordt één IPv4-CIDR verwacht voor netwerken met één stack. Twee CIDR's, één voor elke IP-familie (IPv4/IPv6), wordt verwacht voor dual-stack-netwerken. Ze mogen niet overlappen met IP-adresbereiken van het subnet.
|
|
staticEgressGatewayProfile
|
ManagedClusterStaticEgressGatewayProfile
|
|
Het profiel voor de invoegtoepassing Static Egress Gateway. Zie voor meer informatie over statische uitgaande gateway https://aka.ms/aks/static-egress-gateway.
|
ContainerServiceSshConfiguration
Object
SSH-configuratie voor op Linux gebaseerde VM's die worden uitgevoerd in Azure.
| Name |
Type |
Description |
|
publicKeys
|
ContainerServiceSshPublicKey[]
|
De lijst met openbare SSH-sleutels die worden gebruikt voor verificatie met op Linux gebaseerde VM's. Er kan maximaal 1 sleutel worden opgegeven.
|
ContainerServiceSshPublicKey
Object
Bevat informatie over openbare sleutelgegevens van het SSH-certificaat.
| Name |
Type |
Description |
|
keyData
|
string
|
Openbare certificaatsleutel die wordt gebruikt voor verificatie met VM's via SSH. Het certificaat moet een PEM-indeling hebben met of zonder headers.
|
createdByType
Opsomming
Het type identiteit waarmee de resource is gemaakt.
| Waarde |
Description |
|
User
|
|
|
Application
|
|
|
ManagedIdentity
|
|
|
Key
|
|
CreationData
Object
Gegevens die worden gebruikt bij het maken van een doelresource op basis van een bronresource.
| Name |
Type |
Description |
|
sourceResourceId
|
string
(arm-id)
|
Dit is de ARM-id van het bronobject dat moet worden gebruikt om het doelobject te maken.
|
DelegatedResource
Object
Gedelegeerde resource-eigenschappen: alleen intern gebruik.
| Name |
Type |
Description |
|
location
|
string
|
De bronresourcelocatie : alleen intern gebruik.
|
|
referralResource
|
string
|
De delegatie-id van de verwijzingsdelegering (optioneel) - alleen intern gebruik.
|
|
resourceId
|
string
|
De ARM-resource-id van de gedelegeerde resource, alleen intern gebruik.
|
|
tenantId
|
string
(uuid)
|
De tenant-id van de gedelegeerde resource: alleen intern gebruik.
|
ErrorAdditionalInfo
Object
Aanvullende informatie over de resourcebeheerfout.
| Name |
Type |
Description |
|
info
|
object
|
De aanvullende informatie.
|
|
type
|
string
|
Het extra informatietype.
|
ErrorDetail
Object
De foutdetails.
| Name |
Type |
Description |
|
additionalInfo
|
ErrorAdditionalInfo[]
|
De fout bevat aanvullende informatie.
|
|
code
|
string
|
De foutcode.
|
|
details
|
ErrorDetail[]
|
De foutdetails.
|
|
message
|
string
|
Het foutbericht.
|
|
target
|
string
|
Het foutdoel.
|
ErrorResponse
Object
Foutreactie
| Name |
Type |
Description |
|
error
|
ErrorDetail
|
Het foutobject.
|
Expander
Opsomming
De expander om te gebruiken bij het opschalen. Als dit niet is opgegeven, is de standaardwaarde 'willekeurig'. Zie expanders voor meer informatie.
| Waarde |
Description |
|
least-waste
|
Hiermee selecteert u de knooppuntgroep met de minste inactieve CPU (indien gelijk, ongebruikt geheugen) na opschalen. Dit is handig wanneer u verschillende klassen knooppunten hebt, bijvoorbeeld een hoog CPU- of hoog geheugenknooppunt, en alleen wilt uitbreiden wanneer er pods in behandeling zijn die veel van deze resources nodig hebben.
|
|
most-pods
|
Selecteert de knooppuntgroep die de meeste pods kan plannen bij het omhoog schalen. Dit is handig wanneer u nodeSelector gebruikt om ervoor te zorgen dat bepaalde pods op bepaalde knooppunten terechtkomen. Dit zorgt er niet voor dat de automatische schaalaanpassing grotere knooppunten versus kleiner selecteert, omdat er meerdere kleinere knooppunten tegelijk kunnen worden toegevoegd.
|
|
priority
|
Selecteert de knooppuntgroep die de hoogste prioriteit heeft die door de gebruiker is toegewezen. De configuratie wordt beschreven in meer details hier.
|
|
random
|
Wordt gebruikt wanneer u geen specifieke behoefte hebt aan een andere schaal van de knooppuntgroepen.
|
ExtendedLocation
Object
Het complexe type van de uitgebreide locatie.
| Name |
Type |
Description |
|
name
|
string
|
De naam van de uitgebreide locatie.
|
|
type
|
ExtendedLocationTypes
|
Het type van de uitgebreide locatie.
|
ExtendedLocationTypes
Opsomming
Het type extendedLocation.
| Waarde |
Description |
|
EdgeZone
|
Azure Edge Zone extended location type.
|
GPUDriver
Opsomming
Of u GPU-stuurprogramma's wilt installeren. Als deze niet is opgegeven, is de standaardwaarde Installeren.
| Waarde |
Description |
|
Install
|
Stuurprogramma installeren.
|
|
None
|
Sla de installatie van de driver over.
|
GPUInstanceProfile
Opsomming
GPUInstanceProfile dat moet worden gebruikt om het GPU MIG-exemplaarprofiel op te geven voor de ondersteunde GPU VM-SKU.
| Waarde |
Description |
|
MIG1g
|
MIG 1G GPU-instantieprofiel.
|
|
MIG2g
|
MIG 2G GPU-instantieprofiel.
|
|
MIG3g
|
MIG 3G GPU-instantieprofiel.
|
|
MIG4g
|
MIG 4G GPU-instanceprofiel.
|
|
MIG7g
|
MIG 7G GPU-instantieprofiel.
|
GPUProfile
Object
GPU-instellingen voor de agentgroep.
| Name |
Type |
Description |
|
driver
|
GPUDriver
|
Of u GPU-stuurprogramma's wilt installeren. Als deze niet is opgegeven, is de standaardwaarde Installeren.
|
IPFamily
Opsomming
Bepalen of het adres tot de IPv4- of IPv6-familie behoort
| Waarde |
Description |
|
IPv4
|
IPv4-familie
|
|
IPv6
|
IPv6-familie
|
IPTag
Object
Bevat de IPTag die aan het object is gekoppeld.
| Name |
Type |
Description |
|
ipTagType
|
string
|
Het TYPE IP-tag. Voorbeeld: RoutingPreference.
|
|
tag
|
string
|
De waarde van de IP-tag die is gekoppeld aan het openbare IP-adres. Voorbeeld: Internet.
|
IstioCertificateAuthority
Object
Configuratie van Istio Service Mesh Certificate Authority (CA). Voorlopig ondersteunen we alleen invoegtoepassingscertificaten, zoals hier wordt beschreven https://aka.ms/asm-plugin-ca
IstioComponents
Object
Configuratie van Istio-onderdelen.
IstioEgressGateway
Object
Istio uitgaande gatewayconfiguratie.
| Name |
Type |
Description |
|
enabled
|
boolean
|
Hiermee wordt aangegeven of de uitgaande gateway moet worden ingeschakeld.
|
|
gatewayConfigurationName
|
string
|
Naam van de aangepaste resource voor de gatewayconfiguratie voor de Istio-invoegtoepassingsgateway. Moet worden opgegeven bij het inschakelen van de Istio-uitgaande gateway. Moet worden geïmplementeerd in dezelfde naamruimte waarin de Istio-gateway voor uitgaand verkeer wordt geïmplementeerd.
|
|
name
|
string
pattern: [a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*
|
Naam van de Uitgaande gateway van de Istio-invoegtoepassing.
|
|
namespace
|
string
|
Naamruimte waarin de Uitgaande gateway van de Istio-invoegtoepassing moet worden geïmplementeerd. Als dit niet is opgegeven, is de standaardwaarde aks-istio-egress.
|
IstioIngressGateway
Object
Istio-gatewayconfiguratie voor inkomend verkeer. Voorlopig ondersteunen we maximaal één externe ingangsgateway met de naam aks-istio-ingressgateway-external en één interne ingangsgateway met de naam aks-istio-ingressgateway-internal.
| Name |
Type |
Description |
|
enabled
|
boolean
|
Hiermee wordt aangegeven of de toegangsbeheergateway moet worden ingeschakeld.
|
|
mode
|
IstioIngressGatewayMode
|
Modus van een toegangsbeheerobjectgateway.
|
IstioIngressGatewayMode
Opsomming
Modus van een toegangsbeheerobjectgateway.
| Waarde |
Description |
|
External
|
De gateway voor inkomend verkeer krijgt een openbaar IP-adres toegewezen en is openbaar toegankelijk.
|
|
Internal
|
Aan de gateway voor inkomend verkeer wordt een intern IP-adres toegewezen en deze is niet openbaar toegankelijk.
|
IstioPluginCertificateAuthority
Object
Informatie over invoegtoepassingscertificaten voor Service Mesh.
| Name |
Type |
Description |
|
certChainObjectName
|
string
|
Naam van certificaatketenobject in Azure Key Vault.
|
|
certObjectName
|
string
|
Naam van tussenliggend certificaatobject in Azure Key Vault.
|
|
keyObjectName
|
string
|
Naam van tussenliggend certificaatobject voor persoonlijke sleutel in Azure Key Vault.
|
|
keyVaultId
|
string
(arm-id)
|
De resource-id van de Sleutelkluis.
|
|
rootCertObjectName
|
string
|
De naam van het basiscertificaatobject in Azure Key Vault.
|
IstioServiceMesh
Object
Configuratie van istio-service-mesh.
| Name |
Type |
Description |
|
certificateAuthority
|
IstioCertificateAuthority
|
Configuratie van Istio Service Mesh Certificate Authority (CA). Voorlopig ondersteunen we alleen invoegtoepassingscertificaten, zoals hier wordt beschreven https://aka.ms/asm-plugin-ca
|
|
components
|
IstioComponents
|
Configuratie van Istio-onderdelen.
|
|
revisions
|
string[]
|
De lijst met revisies van het Istio-besturingsvlak. Wanneer er geen upgrade wordt uitgevoerd, bevat dit één waarde. Wanneer de canary-upgrade wordt uitgevoerd, kan dit slechts twee opeenvolgende waarden bevatten. Zie voor meer informatie: https://learn.microsoft.com/en-us/azure/aks/istio-upgrade
|
KeyVaultNetworkAccessTypes
Opsomming
Netwerktoegang van de sleutelkluis. Netwerktoegang tot de sleutelkluis. De mogelijke waarden zijn Public en Private.
Public betekent dat de sleutelkluis openbare toegang vanuit alle netwerken toestaat.
Private betekent dat de sleutelkluis openbare toegang uitschakelt en private link inschakelt. De standaardwaarde is Public.
| Waarde |
Description |
|
Public
|
Key Vault maakt openbare toegang mogelijk vanaf alle netwerken.
|
|
Private
|
Key Vault schakelt publieke toegang uit en maakt private verbinding mogelijk.
|
KubeletConfig
Object
Kubelet-configuraties van agentknooppunten. Zie aangepaste AKS-knooppuntconfiguratie voor meer informatie.
| Name |
Type |
Description |
|
allowedUnsafeSysctls
|
string[]
|
Toegestane lijst met onveilige sysctls of onveilige sysctl-patronen (eindigend op *).
|
|
containerLogMaxFiles
|
integer
(int32)
minimum: 2
|
Het maximum aantal containerlogboekbestanden dat aanwezig kan zijn voor een container. Het getal moet ≥ 2 zijn.
|
|
containerLogMaxSizeMB
|
integer
(int32)
|
De maximale grootte (bijvoorbeeld 10Mi) van het containerlogboekbestand voordat het wordt gedraaid.
|
|
cpuCfsQuota
|
boolean
|
Als het afdwingen van CPU CFS-quota is ingeschakeld voor containers die CPU-limieten opgeven. De standaardwaarde is waar.
|
|
cpuCfsQuotaPeriod
|
string
|
De waarde van de CPU CFS-quotumperiode. De standaardwaarde is '100ms'. Geldige waarden zijn een reeks decimale getallen met een optionele breuk en een eenheidsachtervoegsel. Bijvoorbeeld: '300ms', '2h45m'. Ondersteunde eenheden zijn 'ns', 'us', 'ms', 's', 'm' en 'h'.
|
|
cpuManagerPolicy
|
string
|
Het CPU Manager-beleid dat moet worden gebruikt. De standaardwaarde is 'none'. Zie Het Beleid voor CPU-beheer van Kubernetes voor meer informatie. Toegestane waarden zijn 'none' en 'static'.
|
|
failSwapOn
|
boolean
|
Als deze optie is ingesteld op true, kan de Kubelet niet worden gestart als wisselen is ingeschakeld op het knooppunt.
|
|
imageGcHighThreshold
|
integer
(int32)
|
Het percentage schijfgebruik waarna garbagecollection van installatiekopieën altijd wordt uitgevoerd. Als u de garbagecollection van de installatiekopieën wilt uitschakelen, stelt u in op 100. De standaardwaarde is 85%
|
|
imageGcLowThreshold
|
integer
(int32)
|
Het percentage schijfgebruik voordat de garbagecollection van installatiekopieën nooit wordt uitgevoerd. Dit kan niet hoger worden ingesteld dan imageGcHighThreshold. De standaardwaarde is 80%
|
|
podMaxPids
|
integer
(int32)
|
Het maximum aantal processen per pod.
|
|
topologyManagerPolicy
|
string
|
Het topologiebeheerbeleid dat moet worden gebruikt. Zie Kubernetes Topology Manager voor meer informatie. De standaardwaarde is 'none'. Toegestane waarden zijn 'none', 'best-effort', 'restricted' en 'single-numa-node'.
|
KubeletDiskType
Opsomming
Bepaalt de plaatsing van legeDir-volumes, hoofdmap van containerruntimegegevens en tijdelijke Kubelet-opslag.
| Waarde |
Description |
|
OS
|
Kubelet gebruikt de OS-schijf voor zijn gegevens.
|
|
Temporary
|
Kubelet zal de tijdelijke schijf gebruiken voor zijn gegevens.
|
KubernetesSupportPlan
Opsomming
Verschillende ondersteuningslagen voor door AKS beheerde clusters
| Waarde |
Description |
|
KubernetesOfficial
|
Ondersteuning voor de versie is hetzelfde als voor het open source Kubernetes-aanbod. Officiële opensource-communityversies van Kubernetes gedurende 1 jaar na de release.
|
|
AKSLongTermSupport
|
Ondersteuning voor de versie verlengd tot na de KubernetesOfficiële ondersteuning van 1 jaar. AKS blijft cv's patchen voor nog eens 1 jaar, voor een totaal van 2 jaar ondersteuning.
|
LicenseType
Opsomming
Het licentietype dat moet worden gebruikt voor Windows-VM's. Zie azure Hybrid User Benefits voor meer informatie.
| Waarde |
Description |
|
None
|
Er worden geen aanvullende licenties toegepast.
|
|
Windows_Server
|
Maakt Azure Hybrid User Benefits mogelijk voor Windows-VM's.
|
LinuxOSConfig
Object
Besturingssysteemconfiguraties van Linux-agentknooppunten. Zie aangepaste AKS-knooppuntconfiguratie voor meer informatie.
| Name |
Type |
Description |
|
swapFileSizeMB
|
integer
(int32)
|
De grootte in MB van een wisselbestand dat op elk knooppunt wordt gemaakt.
|
|
sysctls
|
SysctlConfig
|
Sysctl-instellingen voor Linux-agentknooppunten.
|
|
transparentHugePageDefrag
|
string
|
Of de kernel agressief gebruik moet maken van geheugencompressie om meer enorme pagina's beschikbaar te maken. Geldige waarden zijn 'altijd', 'uitstellen', 'uitstellen+madvise', 'madvise' en 'nooit'. De standaardwaarde is 'madvise'. Zie Transparent Hugepagesvoor meer informatie.
|
|
transparentHugePageEnabled
|
string
|
Of transparante enorme pagina's zijn ingeschakeld. Geldige waarden zijn 'altijd', 'madvise' en 'nooit'. De standaardwaarde is altijd. Zie Transparent Hugepagesvoor meer informatie.
|
LoadBalancerSku
Opsomming
De SKU van de load balancer voor het beheerde cluster. De standaardwaarde is 'standaard'. Zie Azure Load Balancer-SKU's voor meer informatie over de verschillen tussen load balancer-SKU's.
| Waarde |
Description |
|
standard
|
Gebruik een standaard Load Balancer. Dit is de aanbevolen Load Balancer-SKU. Zie het artikel standard Load Balancer voor meer informatie over het werken met de load balancer in het beheerde cluster.
|
|
basic
|
Gebruik een eenvoudige Load Balancer met beperkte functionaliteit.
|
LocalDNSForwardDestination
Opsomming
Doelserver voor DNS-query's die moeten worden doorgestuurd vanuit localDNS.
| Waarde |
Description |
|
ClusterCoreDNS
|
Stuur DNS-query's door van localDNS naar cluster CoreDNS.
|
|
VnetDNS
|
Stuur DNS-query's door van localDNS naar de DNS-server die is geconfigureerd in het VNET. Een VNET kan meerdere DNS-servers hebben geconfigureerd.
|
LocalDNSForwardPolicy
Opsomming
Beleid doorsturen voor het selecteren van upstream DNS-server. Zie forward plugin voor meer informatie.
| Waarde |
Description |
|
Sequential
|
Implementeert sequentiële upstream DNS-serverselectie. Zie forward plugin voor meer informatie.
|
|
RoundRobin
|
Implementeert round robin upstream DNS-serverselectie. Zie forward plugin voor meer informatie.
|
|
Random
|
Implementeert willekeurige upstream DNS-serverselectie. Zie forward plugin voor meer informatie.
|
LocalDNSMode
Opsomming
Wijze van inschakelen voor localDNS.
| Waarde |
Description |
|
Preferred
|
Als de huidige orchestratorversie deze functie ondersteunt, geef er dan de voorkeur aan localDNS in te schakelen.
|
|
Required
|
Schakel localDNS in.
|
|
Disabled
|
Schakel localDNS uit.
|
LocalDNSOverride
Object
Overschrijvingen voor het localDNS-profiel.
| Name |
Type |
Default value |
Description |
|
cacheDurationInSeconds
|
integer
(int32)
|
3600
|
Cache max TTL in seconden. Zie cache-plug-in voor meer informatie.
|
|
forwardDestination
|
LocalDNSForwardDestination
|
ClusterCoreDNS
|
Doelserver voor DNS-query's die moeten worden doorgestuurd vanuit localDNS.
|
|
forwardPolicy
|
LocalDNSForwardPolicy
|
Sequential
|
Beleid doorsturen voor het selecteren van upstream DNS-server. Zie forward plugin voor meer informatie.
|
|
maxConcurrent
|
integer
(int32)
|
1000
|
Maximaal aantal gelijktijdige query's. Zie forward plugin voor meer informatie.
|
|
protocol
|
LocalDNSProtocol
|
PreferUDP
|
Dwing TCP af of geef de voorkeur aan het UDP-protocol voor verbindingen van localDNS naar upstream DNS-server.
|
|
queryLogging
|
LocalDNSQueryLogging
|
Error
|
Logboekniveau voor DNS-query's in localDNS.
|
|
serveStale
|
LocalDNSServeStale
|
Immediate
|
Beleid voor het leveren van verouderde gegevens. Zie cache-plug-in voor meer informatie.
|
|
serveStaleDurationInSeconds
|
integer
(int32)
|
3600
|
Serveer oud in seconden. Zie cache-plug-in voor meer informatie.
|
LocalDNSProfile
Object
Configureert de lokale DNS per knooppunt, met VnetDNS- en KubeDNS-overschrijvingen. LocalDNS helpt de prestaties en betrouwbaarheid van DNS-resolutie in een AKS-cluster te verbeteren. Voor meer details zie aka.ms/aks/localdns.
| Name |
Type |
Default value |
Description |
|
kubeDNSOverrides
|
<string,
LocalDNSOverride>
|
|
KubeDNS-overschrijvingen zijn van toepassing op DNS-verkeer van pods met dnsPolicy:ClusterFirst (ook wel KubeDNS-verkeer genoemd).
|
|
mode
|
LocalDNSMode
|
Preferred
|
Wijze van inschakelen voor localDNS.
|
|
state
|
LocalDNSState
|
|
Door het systeem gegenereerde status van localDNS.
|
|
vnetDNSOverrides
|
<string,
LocalDNSOverride>
|
|
VnetDNS-overschrijvingen zijn van toepassing op DNS-verkeer van pods met dnsPolicy:default of kubelet (ook wel VnetDNS-verkeer genoemd).
|
LocalDNSProtocol
Opsomming
Dwing TCP af of geef de voorkeur aan het UDP-protocol voor verbindingen van localDNS naar upstream DNS-server.
| Waarde |
Description |
|
PreferUDP
|
Geef de voorkeur aan het UDP-protocol voor verbindingen van localDNS naar de upstream DNS-server.
|
|
ForceTCP
|
Dwing het TCP-protocol af voor verbindingen van localDNS naar de upstream DNS-server.
|
LocalDNSQueryLogging
Opsomming
Logboekniveau voor DNS-query's in localDNS.
| Waarde |
Description |
|
Error
|
Maakt foutregistratie in localDNS mogelijk. Zie fouten plugin voor meer informatie.
|
|
Log
|
Maakt het vastleggen van query's in localDNS mogelijk. Zie log plugin voor meer informatie.
|
LocalDNSServeStale
Opsomming
Beleid voor het leveren van verouderde gegevens. Zie cache-plug-in voor meer informatie.
| Waarde |
Description |
|
Verify
|
Lever verouderde gegevens met verificatie. Controleer eerst of een vermelding nog steeds niet beschikbaar is bij de bron voordat u de verlopen vermelding naar de client verzendt. Zie cache-plug-in voor meer informatie.
|
|
Immediate
|
Serveer verouderde gegevens onmiddellijk. Stuur de verlopen invoer naar de klant voordat u controleert of de invoer beschikbaar is bij de bron. Zie cache-plug-in voor meer informatie.
|
|
Disable
|
Schakel de weergave van verlopen gegevens uit.
|
LocalDNSState
Opsomming
Door het systeem gegenereerde status van localDNS.
| Waarde |
Description |
|
Enabled
|
localDNS is ingeschakeld.
|
|
Disabled
|
localDNS is uitgeschakeld.
|
ManagedCluster
Object
Beheerd cluster.
| Name |
Type |
Description |
|
eTag
|
string
|
Als eTag is opgegeven in de hoofdtekst van het antwoord, kan deze ook worden opgegeven als een header volgens de normale etag-conventie. Entiteitstags worden gebruikt voor het vergelijken van twee of meer entiteiten uit dezelfde aangevraagde resource. HTTP/1.1 maakt gebruik van entiteitstags in de etag (sectie 14.19), If-Match (sectie 14.24), If-None-Match (sectie 14.26) en If-Range (sectie 14.27) koptekstvelden.
|
|
extendedLocation
|
ExtendedLocation
|
De uitgebreide locatie van de virtuele machine.
|
|
id
|
string
(arm-id)
|
Volledig gekwalificeerde resource-id voor de resource. Bijv. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
|
|
identity
|
ManagedClusterIdentity
|
De identiteit van het beheerde cluster, indien geconfigureerd.
|
|
kind
|
string
|
Dit wordt voornamelijk gebruikt om verschillende gebruikersinterface-ervaringen beschikbaar te maken in de portal voor verschillende soorten
|
|
location
|
string
|
De geografische locatie waar de resource zich bevindt
|
|
name
|
string
|
De naam van de resource
|
|
properties.aadProfile
|
ManagedClusterAADProfile
|
De Azure Active Directory-configuratie.
|
|
properties.addonProfiles
|
<string,
ManagedClusterAddonProfile>
|
Het profiel van de invoegtoepassing voor beheerde clusters.
|
|
properties.agentPoolProfiles
|
ManagedClusterAgentPoolProfile[]
|
De eigenschappen van de agentgroep.
|
|
properties.aiToolchainOperatorProfile
|
ManagedClusterAIToolchainOperatorProfile
|
Operatorinstellingen voor AI-hulpprogrammaketens die van toepassing zijn op het hele cluster.
|
|
properties.apiServerAccessProfile
|
ManagedClusterAPIServerAccessProfile
|
Het toegangsprofiel voor beheerde cluster-API-server.
|
|
properties.autoScalerProfile
|
ManagedClusterPropertiesAutoScalerProfile
|
Parameters die moeten worden toegepast op de automatische schaalaanpassing van clusters wanneer deze optie is ingeschakeld
|
|
properties.autoUpgradeProfile
|
ManagedClusterAutoUpgradeProfile
|
De configuratie van de automatische upgrade.
|
|
properties.azureMonitorProfile
|
ManagedClusterAzureMonitorProfile
|
Azure Monitor-invoegtoepassingsprofielen voor het bewaken van het beheerde cluster.
|
|
properties.azurePortalFQDN
|
string
|
De speciale FQDN die door Azure Portal wordt gebruikt voor toegang tot het beheerde cluster. Deze FQDN is alleen bedoeld voor gebruik door Azure Portal en mag niet worden gebruikt door andere clients. Voor De Azure-portal moeten bepaalde CORS-headers (Cross-Origin Resource Sharing) in sommige antwoorden worden verzonden, die kubernetes APIServer niet standaard verwerkt. Deze speciale FQDN ondersteunt CORS, zodat Azure Portal goed kan functioneren.
|
|
properties.bootstrapProfile
|
ManagedClusterBootstrapProfile
|
Profiel van de bootstrapconfiguratie van het cluster.
|
|
properties.currentKubernetesVersion
|
string
|
De versie van Kubernetes het beheerde cluster wordt uitgevoerd. Als kubernetesVersion een volledig opgegeven versie is <major.minor.patch>, is dit veld precies gelijk aan het veld. Als kubernetesVersion is <major.minor>, bevat dit veld de volledige <major.minor.patch> versie die wordt gebruikt.
|
|
properties.disableLocalAccounts
|
boolean
|
Als lokale accounts moeten worden uitgeschakeld op het beheerde cluster. Als deze optie is ingesteld op true, worden statische referenties uitgeschakeld voor dit cluster. Dit mag alleen worden gebruikt voor beheerde clusters waarvoor AAD is ingeschakeld. Zie lokale accounts uitschakelenvoor meer informatie.
|
|
properties.diskEncryptionSetID
|
string
(arm-id)
|
De resource-id van de schijfversleuteling die moet worden gebruikt voor het inschakelen van versleuteling at rest. Dit is van het formulier: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}
|
|
properties.dnsPrefix
|
string
|
Het DNS-voorvoegsel van het beheerde cluster. Dit kan niet worden bijgewerkt zodra het beheerde cluster is gemaakt.
|
|
properties.enableRBAC
|
boolean
|
Of Kubernetes Role-Based toegangsbeheer moet worden ingeschakeld.
|
|
properties.fqdn
|
string
|
De FQDN van de hoofdgroep.
|
|
properties.fqdnSubdomain
|
string
|
Het FQDN-subdomein van het privécluster met aangepaste privé-DNS-zone. Dit kan niet worden bijgewerkt zodra het beheerde cluster is gemaakt.
|
|
properties.httpProxyConfig
|
ManagedClusterHTTPProxyConfig
|
Configuraties voor het inrichten van het cluster met HTTP-proxyservers.
|
|
properties.identityProfile
|
<string,
UserAssignedIdentity>
|
De gebruikersidentiteit die is gekoppeld aan het beheerde cluster. Deze identiteit wordt gebruikt door de kubelet. Er is slechts één door de gebruiker toegewezen identiteit toegestaan. De enige geaccepteerde sleutel is 'kubeletidentity', met de waarde 'resourceId': '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
|
|
properties.ingressProfile
|
ManagedClusterIngressProfile
|
Inkomend profiel voor het beheerde cluster.
|
|
properties.kubernetesVersion
|
string
|
De versie van Kubernetes die door de gebruiker is opgegeven. Beide patchversie <major.minor.patch> (bijvoorbeeld 1.20.13) en <major.minor> (bijvoorbeeld 1.20) worden ondersteund. Wanneer <major.minor> is opgegeven, wordt automatisch de meest recente ondersteunde GA-patchversie gekozen. Het cluster bijwerken met dezelfde <major.minor> nadat het is gemaakt (bijvoorbeeld 1.14.x -> 1.14) activeert geen upgrade, zelfs als er een nieuwere patchversie beschikbaar is. Wanneer u een upgrade uitvoert van een ondersteund AKS-cluster, kunnen secundaire versies van Kubernetes niet worden overgeslagen. Alle upgrades moeten sequentieel worden uitgevoerd op primaire versienummer. Bijvoorbeeld, upgrades tussen 1.14.x -> 1.15.x of 1.15.x -> 1.16.x zijn toegestaan, maar 1.14.x -> 1.16.x is niet toegestaan. Zie een AKS-cluster upgraden voor meer informatie.
|
|
properties.linuxProfile
|
ContainerServiceLinuxProfile
|
Het profiel voor Linux-VM's in het beheerde cluster.
|
|
properties.maxAgentPools
|
integer
(int32)
|
Het maximum aantal agentgroepen voor het beheerde cluster.
|
|
properties.metricsProfile
|
ManagedClusterMetricsProfile
|
Optionele configuratie van metrische clustergegevens.
|
|
properties.networkProfile
|
ContainerServiceNetworkProfile
|
Het netwerkconfiguratieprofiel.
|
|
properties.nodeProvisioningProfile
|
ManagedClusterNodeProvisioningProfile
|
Inrichtingsinstellingen voor knooppunten die van toepassing zijn op het hele cluster.
|
|
properties.nodeResourceGroup
|
string
|
De naam van de resourcegroep met agentgroepknooppunten.
|
|
properties.nodeResourceGroupProfile
|
ManagedClusterNodeResourceGroupProfile
|
Profiel van de configuratie van de knooppuntresourcegroep.
|
|
properties.oidcIssuerProfile
|
ManagedClusterOIDCIssuerProfile
|
Het OIDC-verlenerprofiel van het beheerde cluster.
|
|
properties.podIdentityProfile
|
ManagedClusterPodIdentityProfile
|
Het pod-identiteitsprofiel van het beheerde cluster. Zie AAD-podidentiteit gebruiken voor meer informatie over de integratie van AAD-podidentiteiten.
|
|
properties.powerState
|
PowerState
|
De energiestatus van het cluster.
|
|
properties.privateFQDN
|
string
|
De FQDN-naam van het privécluster.
|
|
properties.privateLinkResources
|
PrivateLinkResource[]
|
Private Link-resources die zijn gekoppeld aan het cluster.
|
|
properties.provisioningState
|
string
|
De huidige inrichtingsstatus.
|
|
properties.publicNetworkAccess
|
PublicNetworkAccess
|
PublicNetworkAccess van het beheerde cluster. Openbare netwerktoegang voor AKS toestaan of weigeren
|
|
properties.resourceUID
|
string
|
De resourceUID identificeert op unieke wijze ManagedClusters die ARM ResourceIds hergebruiken (d.w.z.: maken, verwijderen, volgorde maken)
|
|
properties.securityProfile
|
ManagedClusterSecurityProfile
|
Beveiligingsprofiel voor het beheerde cluster.
|
|
properties.serviceMeshProfile
|
ServiceMeshProfile
|
Service-mesh-profiel voor een beheerd cluster.
|
|
properties.servicePrincipalProfile
|
ManagedClusterServicePrincipalProfile
|
Informatie over een service-principal-identiteit voor het cluster dat moet worden gebruikt voor het bewerken van Azure-API's.
|
|
properties.status
|
ManagedClusterStatus
|
Bevat alleen-lezen informatie over het beheerde cluster.
|
|
properties.storageProfile
|
ManagedClusterStorageProfile
|
Opslagprofiel voor het beheerde cluster.
|
|
properties.supportPlan
|
KubernetesSupportPlan
|
Het ondersteuningsplan voor het beheerde cluster. Als dit niet is opgegeven, is de standaardwaarde 'KubernetesOfficial'.
|
|
properties.upgradeSettings
|
ClusterUpgradeSettings
|
Instellingen voor het upgraden van een cluster.
|
|
properties.windowsProfile
|
ManagedClusterWindowsProfile
|
Het profiel voor Virtuele Windows-machines in het beheerde cluster.
|
|
properties.workloadAutoScalerProfile
|
ManagedClusterWorkloadAutoScalerProfile
|
Profiel voor automatische schaalaanpassing van werkbelastingen voor het beheerde cluster.
|
|
sku
|
ManagedClusterSKU
|
De beheerde cluster-SKU.
|
|
systemData
|
systemData
|
Azure Resource Manager-metagegevens met createdBy- en modifiedBy-gegevens.
|
|
tags
|
object
|
Resourcetags.
|
|
type
|
string
|
Het type bron. Bijv. "Microsoft.Compute/virtualMachines" of "Microsoft.Storage/storageAccounts"
|
ManagedClusterAADProfile
Object
AADProfile specificeert kenmerken voor Azure Active Directory-integratie. Zie beheerde AAD op AKS-voor meer informatie.
| Name |
Type |
Description |
|
adminGroupObjectIDs
|
string[]
|
De lijst met AAD-groepsobject-id's die de beheerdersrol van het cluster hebben.
|
|
clientAppID
|
string
|
(AFGESCHAFT) De AAD-toepassings-id van de client. Meer informatie vindt u op https://aka.ms/aks/aad-legacy.
|
|
enableAzureRBAC
|
boolean
|
Of u Azure RBAC wilt inschakelen voor Kubernetes-autorisatie.
|
|
managed
|
boolean
|
Of beheerde AAD moet worden ingeschakeld.
|
|
serverAppID
|
string
|
(AFGESCHAFT) De AAD-toepassings-id van de server. Meer informatie vindt u op https://aka.ms/aks/aad-legacy.
|
|
serverAppSecret
|
string
(password)
|
(AFGESCHAFT) Het AAD-toepassingsgeheim van de server. Meer informatie vindt u op https://aka.ms/aks/aad-legacy.
|
|
tenantID
|
string
|
De AAD-tenant-id die moet worden gebruikt voor verificatie. Als dit niet is opgegeven, wordt de tenant van het implementatieabonnement gebruikt.
|
ManagedClusterAddonProfile
Object
Een Kubernetes-invoegtoepassingsprofiel voor een beheerd cluster.
| Name |
Type |
Description |
|
config
|
object
|
Sleutel-waardeparen voor het configureren van een invoegtoepassing.
|
|
enabled
|
boolean
|
Of de invoegtoepassing al dan niet is ingeschakeld.
|
|
identity
|
ManagedClusterAddonProfileIdentity
|
Informatie over de door de gebruiker toegewezen identiteit die door deze invoegtoepassing wordt gebruikt.
|
ManagedClusterAddonProfileIdentity
Object
Informatie over de door de gebruiker toegewezen identiteit die door deze invoegtoepassing wordt gebruikt.
| Name |
Type |
Description |
|
clientId
|
string
|
De client-id van de door de gebruiker toegewezen identiteit.
|
|
objectId
|
string
|
De object-id van de door de gebruiker toegewezen identiteit.
|
|
resourceId
|
string
(arm-id)
|
De resource-id van de door de gebruiker toegewezen identiteit.
|
ManagedClusterAgentPoolProfile
Object
Profiel voor de containerserviceagentgroep.
| Name |
Type |
Default value |
Description |
|
availabilityZones
|
string[]
|
|
De lijst met beschikbaarheidszones die moeten worden gebruikt voor knooppunten. Dit kan alleen worden opgegeven als de eigenschap AgentPoolType virtualMachineScaleSets is.
|
|
capacityReservationGroupID
|
string
(arm-id)
|
|
De volledig gekwalificeerde resource ID van de Capacity Reservation Group om virtuele machines te leveren vanuit een gereserveerde groep virtuele machines. Dit is als de vorm: '/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Compute/capacityreservationgroups/{capacityReservationGroupName}' Klanten gebruiken het om een agentpool aan te maken met een gespecificeerde CRG. Voor meer informatie, zie Capaciteitsreservering
|
|
count
|
integer
(int32)
|
|
Aantal agents (VM's) voor het hosten van Docker-containers. Toegestane waarden moeten zich in het bereik van 0 tot 1000 (inclusief) bevinden voor gebruikersgroepen en in het bereik van 1 tot 1000 (inclusief) voor systeemgroepen. De standaardwaarde is 1.
|
|
creationData
|
CreationData
|
|
CreationData moet worden gebruikt om de bronmomentopname-id op te geven als de knooppuntgroep wordt gemaakt/bijgewerkt met behulp van een momentopname.
|
|
currentOrchestratorVersion
|
string
|
|
De versie van Kubernetes die de agentgroep uitvoert. Als orchestratorVersion een volledig opgegeven versie is <major.minor.patch>, is dit veld precies gelijk aan het veld. Als orchestratorVersion is <major.minor>, bevat dit veld de volledige <major.minor.patch> versie die wordt gebruikt.
|
|
eTag
|
string
|
|
Unieke alleen-lezen tekenreeks die wordt gebruikt voor het implementeren van optimistische gelijktijdigheid. De eTag-waarde wordt gewijzigd wanneer de resource wordt bijgewerkt. Geef een if-match of if-none-match header op met de eTag-waarde voor een volgende aanvraag om optimistische gelijktijdigheid mogelijk te maken volgens de normale eTag-conventie.
|
|
enableAutoScaling
|
boolean
|
|
Of automatische schaalaanpassing moet worden ingeschakeld
|
|
enableEncryptionAtHost
|
boolean
|
|
Hiermee wordt aangegeven of hostgebaseerde besturingssysteem- en gegevensstationsversleuteling moeten worden ingeschakeld. Dit wordt alleen ondersteund op bepaalde VM-grootten en in bepaalde Azure-regio's. Zie voor meer informatie: https://docs.microsoft.com/azure/aks/enable-host-encryption
|
|
enableFIPS
|
boolean
|
|
Of u een besturingssysteem met FIPS wilt gebruiken. Zie Een knooppuntgroep met FIPS-functionaliteit toevoegen voor meer informatie.
|
|
enableNodePublicIP
|
boolean
|
|
Of aan elk knooppunt een eigen openbaar IP-adres wordt toegewezen. Voor sommige scenario's moeten knooppunten in een knooppuntgroep mogelijk hun eigen toegewezen openbare IP-adressen ontvangen. Een veelvoorkomend scenario is voor gamingworkloads, waarbij een console een directe verbinding moet maken met een virtuele cloudmachine om hops te minimaliseren. Zie voor meer informatie het toewijzen van een openbaar IP-adres per knooppunt. De standaardwaarde is onwaar.
|
|
enableUltraSSD
|
boolean
|
|
Of UltraSSD moet worden ingeschakeld
|
|
gatewayProfile
|
AgentPoolGatewayProfile
|
|
Profiel dat specifiek is voor een beheerde agentgroep in de gatewaymodus. Dit veld kan niet worden ingesteld als de agentgroepmodus geen gateway is.
|
|
gpuInstanceProfile
|
GPUInstanceProfile
|
|
GPUInstanceProfile dat moet worden gebruikt om het GPU MIG-exemplaarprofiel op te geven voor de ondersteunde GPU VM-SKU.
|
|
gpuProfile
|
GPUProfile
|
|
GPU-instellingen voor de agentgroep.
|
|
hostGroupID
|
string
(arm-id)
|
|
De volledig gekwalificeerde resource-id van de toegewezen hostgroep waaruit virtuele machines kunnen worden ingericht, die alleen worden gebruikt in het scenario voor het maken en niet mogen worden gewijzigd nadat deze is ingesteld. Dit is van het formulier: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. Zie toegewezen Azure-hostsvoor meer informatie.
|
|
kubeletConfig
|
KubeletConfig
|
|
De Kubelet-configuratie op de agentpoolknooppunten.
|
|
kubeletDiskType
|
KubeletDiskType
|
|
Bepaalt de plaatsing van legeDir-volumes, hoofdmap van containerruntimegegevens en tijdelijke Kubelet-opslag.
|
|
linuxOSConfig
|
LinuxOSConfig
|
|
De besturingssysteemconfiguratie van Linux-agentknooppunten.
|
|
localDNSProfile
|
LocalDNSProfile
|
|
Configureert de lokale DNS per knooppunt, met VnetDNS- en KubeDNS-overschrijvingen. LocalDNS helpt de prestaties en betrouwbaarheid van DNS-resolutie in een AKS-cluster te verbeteren. Voor meer details zie aka.ms/aks/localdns.
|
|
maxCount
|
integer
(int32)
|
|
Het maximum aantal knooppunten voor automatisch schalen
|
|
maxPods
|
integer
(int32)
|
|
Het maximum aantal pods dat op een knooppunt kan worden uitgevoerd.
|
|
messageOfTheDay
|
string
|
|
Bericht van de dag voor Linux-knooppunten, met base64 gecodeerd. Een met base64 gecodeerde tekenreeks die na het decoderen naar /etc/motd wordt geschreven. Hiermee kunt u het bericht van de dag aanpassen voor Linux-knooppunten. Deze mag niet worden opgegeven voor Windows-knooppunten. Het moet een statische tekenreeks zijn (dat wil bijvoorbeeld onbewerkt worden afgedrukt en niet worden uitgevoerd als een script).
|
|
minCount
|
integer
(int32)
|
|
Het minimale aantal knooppunten voor automatisch schalen
|
|
mode
|
AgentPoolMode
|
|
De modus van een agentpool. Een cluster moet te allen tijde ten minste één agentgroep van het systeem hebben. Zie voor meer informatie over beperkingen en aanbevolen procedures voor agentgroepen: https://docs.microsoft.com/azure/aks/use-system-pools
|
|
name
|
string
pattern: ^[a-z][a-z0-9]{0,11}$
|
|
Unieke naam van het profiel van de agentgroep in de context van het abonnement en de resourcegroep. Namen van Windows-agentgroepen moeten maximaal 6 tekens bevatten.
|
|
networkProfile
|
AgentPoolNetworkProfile
|
|
Netwerkinstellingen van een agentgroep.
|
|
nodeImageVersion
|
string
|
|
De versie van de knooppuntinstallatiekopieën
|
|
nodeLabels
|
object
|
|
De knooppuntlabels die moeten worden bewaard op alle knooppunten in de agentgroep.
|
|
nodePublicIPPrefixID
|
string
(arm-id)
|
|
De id van het openbare IP-voorvoegsel waaruit VM-knooppunten IP-adressen moeten gebruiken. Dit is van de vorm: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}
|
|
nodeTaints
|
string[]
|
|
De taints die zijn toegevoegd aan nieuwe knooppunten tijdens het maken en schalen van knooppuntgroepen. Bijvoorbeeld key=value:NoSchedule.
|
|
orchestratorVersion
|
string
|
|
De versie van Kubernetes die door de gebruiker is opgegeven. Beide patchversie <major.minor.patch> (bijvoorbeeld 1.20.13) en <major.minor> (bijvoorbeeld 1.20) worden ondersteund. Wanneer <major.minor> is opgegeven, wordt automatisch de meest recente ondersteunde GA-patchversie gekozen. Het cluster bijwerken met dezelfde <major.minor> nadat het is gemaakt (bijvoorbeeld 1.14.x -> 1.14) activeert geen upgrade, zelfs als er een nieuwere patchversie beschikbaar is. Als best practice moet u alle knooppuntgroepen in een AKS-cluster upgraden naar dezelfde Kubernetes-versie. De versie van de knooppuntgroep moet dezelfde primaire versie hebben als het besturingsvlak. De secundaire versie van de knooppuntgroep moet zich in twee secundaire versies van de versie van het besturingsvlak bevindt. De versie van de knooppuntgroep mag niet groter zijn dan de versie van het besturingsvlak. Zie een knooppuntgroep bijwerkenvoor meer informatie.
|
|
osDiskSizeGB
|
integer
(int32)
minimum: 0
maximum: 2048
|
|
Grootte van besturingssysteemschijf in GB die moet worden gebruikt om de schijfgrootte op te geven voor elke computer in de hoofd-/agentgroep. Als u 0 opgeeft, wordt de standaard osDisk-grootte toegepast op basis van de opgegeven vmSize.
|
|
osDiskType
|
OSDiskType
|
|
Het type besturingssysteemschijf dat moet worden gebruikt voor machines in de agentgroep. De standaardwaarde is 'kortstondig' als de VIRTUELE machine deze ondersteunt en een cacheschijf heeft die groter is dan de aangevraagde OSDiskSizeGB. Anders wordt standaard 'Beheerd' gebruikt. Kan niet worden gewijzigd na het maken. Zie kortstondige os-voor meer informatie.
|
|
osSKU
|
OSSKU
|
|
Hiermee geeft u de SKU van het besturingssysteem op die wordt gebruikt door de agentgroep. De standaardwaarde is Ubuntu als OSType Linux is. De standaardwaarde is Windows2019 wanneer Kubernetes <= 1.24 of Windows2022 wanneer Kubernetes >= 1.25 als OSType Windows is.
|
|
osType
|
OSType
|
Linux
|
Het type besturingssysteem. De standaardwaarde is Linux.
|
|
podIPAllocationMode
|
PodIPAllocationMode
|
|
Pod IP-toewijzingsmodus. De IP-toewijzingsmodus voor pods in de agentgroep. Moet worden gebruikt met podSubnetId. De standaardwaarde is DynamicIndividual.
|
|
podSubnetID
|
string
(arm-id)
|
|
De id van het subnet waaraan pods worden samengevoegd wanneer deze worden gestart. Als u dit weglaat, worden pod-IP's statisch toegewezen aan het knooppuntsubnet (zie vnetSubnetID voor meer informatie). Dit is van het formulier: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}
|
|
powerState
|
PowerState
|
|
Of de agentgroep wordt uitgevoerd of gestopt. Wanneer een agentgroep voor het eerst wordt gemaakt, wordt deze in eerste instantie uitgevoerd. De agentgroep kan worden gestopt door dit veld in te stellen op Gestopt. Een gestopte agentgroep stopt alle VM's en brengt geen factureringskosten met zich mee. Een agentgroep kan alleen worden gestopt als deze actief is en de inrichtingsstatus is geslaagd
|
|
provisioningState
|
string
|
|
De huidige implementatie- of inrichtingsstatus.
|
|
proximityPlacementGroupID
|
string
(arm-id)
|
|
De id voor nabijheidsplaatsingsgroep.
|
|
scaleDownMode
|
ScaleDownMode
|
|
De omlaagschaalmodus die moet worden gebruikt bij het schalen van de agentgroep. Dit heeft ook invloed op het gedrag van automatische schaalaanpassing van clusters. Als dit niet is opgegeven, wordt deze standaard verwijderd.
|
|
scaleSetEvictionPolicy
|
ScaleSetEvictionPolicy
|
Delete
|
Het uitzettingsbeleid voor de schaal van de virtuele machine. In het uitzettingsbeleid wordt aangegeven wat er met de VM moet gebeuren wanneer deze wordt uitgezet. De standaardinstelling is Verwijderen. Voor meer informatie over uitzetting zie spot VM's
|
|
scaleSetPriority
|
ScaleSetPriority
|
Regular
|
De prioriteit van de virtuele-machineschaalset.
|
|
securityProfile
|
AgentPoolSecurityProfile
|
|
De beveiligingsinstellingen van een agentgroep.
|
|
spotMaxPrice
|
number
(float)
|
-1
|
De maximale prijs (in Amerikaanse dollars) die u bereid bent te betalen voor spot-instanties. Mogelijke waarden zijn een decimale waarde die groter is dan nul of -1 die aangeeft dat de standaardprijs moet worden up-to op aanvraag. Mogelijke waarden zijn een decimale waarde die groter is dan nul of -1 die de bereidheid aangeeft om een on-demand prijs te betalen. Zie prijzen voor spot-VM's voor meer informatie over spotprijzen
|
|
status
|
AgentPoolStatus
|
|
Bevat alleen-lezen informatie over de agentgroep.
|
|
tags
|
object
|
|
De tags die moeten worden bewaard in de virtuele-machineschaalset van de agentgroep.
|
|
type
|
AgentPoolType
|
|
Het type agentgroep.
|
|
upgradeSettings
|
AgentPoolUpgradeSettings
|
|
Instellingen voor het upgraden van de agentpool
|
|
virtualMachineNodesStatus
|
VirtualMachineNodes[]
|
|
De status van knooppunten in een VirtualMachines-agentgroep.
|
|
virtualMachinesProfile
|
VirtualMachinesProfile
|
|
Specificaties voor VirtualMachines-agentpool.
|
|
vmSize
|
string
|
|
De grootte van de VM's van de agentgroep. Beschikbaarheid van VM-grootte verschilt per regio. Als een knooppunt onvoldoende rekenresources (geheugen, cpu, enzovoort) bevat, kunnen pods mogelijk niet correct worden uitgevoerd. Zie voor meer informatie over beperkte VM-grootten: https://docs.microsoft.com/azure/aks/quotas-skus-regions
|
|
vnetSubnetID
|
string
(arm-id)
|
|
De id van het subnet waaraan agentpoolknooppunten en eventueel pods worden toegevoegd bij het opstarten. Als dit niet is opgegeven, worden er een VNET en subnet gegenereerd en gebruikt. Als er geen podSubnetID is opgegeven, is dit van toepassing op knooppunten en pods, anders geldt dit voor alleen knooppunten. Dit is van het formulier: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}
|
|
windowsProfile
|
AgentPoolWindowsProfile
|
|
Het specifieke profiel van de Windows-agentgroep.
|
|
workloadRuntime
|
WorkloadRuntime
|
|
Bepaalt het type workload dat een knooppunt kan uitvoeren.
|
Object
Wanneer u de operator inschakelt, worden een set beheerde CRD's en controllers van AKS in het cluster geïnstalleerd. De operator automatiseert de implementatie van OSS-modellen voor deductie- en/of trainingsdoeleinden. Het biedt een set vooraf ingestelde modellen en maakt gedistribueerde deductie mogelijk.
| Name |
Type |
Description |
|
enabled
|
boolean
|
Of AI-toolchain-operator moet worden ingeschakeld voor het cluster. Hiermee wordt aangegeven of de AI-toolchainoperator is ingeschakeld of niet.
|
ManagedClusterAPIServerAccessProfile
Object
Toegangsprofiel voor beheerde cluster-API-server.
| Name |
Type |
Description |
|
authorizedIPRanges
|
string[]
|
De IP-bereiken die zijn geautoriseerd voor toegang tot de Kubernetes-API-server. IP-bereiken worden opgegeven in CIDR-indeling, bijvoorbeeld 137.117.106.88/29. Deze functie is niet compatibel met clusters die gebruikmaken van openbaar IP per knooppunt of clusters die een Basic Load Balancer gebruiken. Zie geautoriseerde IP-bereiken voor API-servers voor meer informatie.
|
|
disableRunCommand
|
boolean
|
Of u de opdracht uitvoeren voor het cluster wilt uitschakelen of niet.
|
|
enablePrivateCluster
|
boolean
|
Of u het cluster wilt maken als een privécluster of niet. Zie Een privé-AKS-cluster maken voor meer informatie.
|
|
enablePrivateClusterPublicFQDN
|
boolean
|
Of u nu extra openbare FQDN voor een privécluster wilt maken of niet.
|
|
enableVnetIntegration
|
boolean
|
Of u nu apiserver-vnet-integratie voor het cluster wilt inschakelen of niet. Zie aka.ms/AksVnetIntegration voor meer details.
|
|
privateDNSZone
|
string
|
De privé-DNS-zonemodus voor het cluster. De standaardwaarde is System. Zie Privé-DNS-zone configureren voor meer informatie. Toegestane waarden zijn 'systeem' en 'geen'.
|
|
subnetId
|
string
(arm-id)
|
Het subnet dat moet worden gebruikt wanneer vnet-integratie van apiserver is ingeschakeld. Het is vereist bij het maken van een nieuw cluster met BYO Vnet of bij het bijwerken van een bestaand cluster om apiserver vnet-integratie mogelijk te maken.
|
ManagedClusterAutoUpgradeProfile
Object
Profiel voor automatische upgrade voor een beheerd cluster.
ManagedClusterAzureMonitorProfile
Object
Azure Monitor-invoegtoepassingsprofielen voor het bewaken van het beheerde cluster.
| Name |
Type |
Description |
|
metrics
|
ManagedClusterAzureMonitorProfileMetrics
|
Profiel voor metrische gegevens voor de beheerde Azure Monitor-service voor prometheus-invoegtoepassing. Verzamel standaard metrische kubernetes-infrastructuurgegevens om naar een Azure Monitor-werkruimte te verzenden en aanvullende scraping te configureren voor aangepaste doelen. Zie aka.ms/AzureManagedPrometheus voor een overzicht.
|
ManagedClusterAzureMonitorProfileKubeStateMetrics
Object
Kube State Metrics-profiel voor de Azure Managed Prometheus-invoegtoepassing. Deze optionele instellingen zijn voor de pod kube-state-metrics die wordt geïmplementeerd met de invoegtoepassing. Zie aka.ms/AzureManagedPrometheus-optional-parameters voor meer informatie.
| Name |
Type |
Description |
|
metricAnnotationsAllowList
|
string
|
Door komma's gescheiden lijst met Kubernetes-aantekeningssleutels die worden gebruikt in de metrische labels van de resource (voorbeeld: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). De metrische waarde bevat standaard alleen resourcenaam- en naamruimtelabels.
|
|
metricLabelsAllowlist
|
string
|
Door komma's gescheiden lijst met extra Kubernetes-labelsleutels die worden gebruikt in de metrische labels van de resource (voorbeeld: 'naamruimten=[k8s-label-1,k8s-label-n,...],pods=[app],...'). De metrische waarde bevat standaard alleen resourcenaam- en naamruimtelabels.
|
ManagedClusterAzureMonitorProfileMetrics
Object
Profiel voor metrische gegevens voor de beheerde Azure Monitor-service voor prometheus-invoegtoepassing. Verzamel standaard metrische kubernetes-infrastructuurgegevens om naar een Azure Monitor-werkruimte te verzenden en aanvullende scraping te configureren voor aangepaste doelen. Zie aka.ms/AzureManagedPrometheus voor een overzicht.
| Name |
Type |
Description |
|
enabled
|
boolean
|
Of u nu de Azure Managed Prometheus-invoegtoepassing voor Prometheus-bewaking wilt in- of uitschakelen. Zie aka.ms/AzureManagedPrometheus-aks-enable voor meer informatie over het in- en uitschakelen.
|
|
kubeStateMetrics
|
ManagedClusterAzureMonitorProfileKubeStateMetrics
|
Kube State Metrics-profiel voor de Azure Managed Prometheus-invoegtoepassing. Deze optionele instellingen zijn voor de pod kube-state-metrics die wordt geïmplementeerd met de invoegtoepassing. Zie aka.ms/AzureManagedPrometheus-optional-parameters voor meer informatie.
|
ManagedClusterBootstrapProfile
Object
Het bootstrapprofiel.
| Name |
Type |
Default value |
Description |
|
artifactSource
|
ArtifactSource
|
Direct
|
De artefactbron. De bron waaruit de artefacten worden gedownload.
|
|
containerRegistryId
|
string
(arm-id)
|
|
De resource-id van Azure Container Registry. Het register moet privénetwerktoegang, Premium SKU en zoneredundantie hebben.
|
ManagedClusterCostAnalysis
Object
De configuratie van de kostenanalyse voor het cluster
| Name |
Type |
Description |
|
enabled
|
boolean
|
Of kostenanalyse moet worden ingeschakeld. De SKU.-laag van het beheerde cluster moet zijn ingesteld op Standard of Premium om deze functie in te schakelen. Als u dit inschakelt, worden kubernetes-naamruimte- en implementatiegegevens toegevoegd aan de kostenanalyseweergaven in Azure Portal. Als dit niet is opgegeven, is de standaardwaarde onwaar. Zie aka.ms/aks/docs/cost-analysis voor meer informatie.
|
ManagedClusterHTTPProxyConfig
Object
Http-proxyconfiguratie van cluster.
| Name |
Type |
Description |
|
httpProxy
|
string
|
Het eindpunt van de HTTP-proxyserver dat moet worden gebruikt.
|
|
httpsProxy
|
string
|
Het eindpunt van de HTTPS-proxyserver dat moet worden gebruikt.
|
|
noProxy
|
string[]
|
De eindpunten die geen proxy mogen doorlopen.
|
|
trustedCa
|
string
|
Alternatief CA-certificaat dat moet worden gebruikt om verbinding te maken met proxyservers.
|
ManagedClusterIdentity
Object
Identiteit voor het beheerde cluster.
| Name |
Type |
Description |
|
delegatedResources
|
<string,
DelegatedResource>
|
De gedelegeerde identiteitsbronnen die zijn toegewezen aan dit beheerde cluster. Dit kan alleen worden ingesteld door een andere Azure-resourceprovider en het beheerde cluster accepteert slechts één gedelegeerde identiteitsresource. Alleen intern gebruik.
|
|
principalId
|
string
|
De principal-id van het systeem toegewezen identiteit die wordt gebruikt door mastercomponenten.
|
|
tenantId
|
string
|
De tenant-id van de aan het systeem toegewezen identiteit die wordt gebruikt door mastercomponenten.
|
|
type
|
ResourceIdentityType
|
Het type identiteit dat wordt gebruikt voor het beheerde cluster. Zie Beheerde identiteiten gebruiken in AKS voor meer informatie.
|
|
userAssignedIdentities
|
<string,
ManagedServiceIdentityUserAssignedIdentitiesValue>
|
De gebruikersidentiteit die is gekoppeld aan het beheerde cluster. Deze identiteit wordt gebruikt in het besturingsvlak. Er is slechts één door de gebruiker toegewezen identiteit toegestaan. De sleutels moeten ARM-resource-id's zijn in de vorm: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}.
|
ManagedClusterIngressProfile
Object
Inkomend profiel voor het containerservicecluster.
ManagedClusterIngressProfileNginx
Object
Nginx ingress controllerconfiguratie voor het beheerde cluster ingress profiel.
| Name |
Type |
Description |
|
defaultIngressControllerType
|
NginxIngressControllerType
|
Type inkomend verkeer voor de standaard aangepaste NginxIngressController-resource
|
ManagedClusterIngressProfileWebAppRouting
Object
Invoegtoepassingsinstellingen voor toepassingsroutering voor het toegangsbeheerprofiel.
| Name |
Type |
Description |
|
dnsZoneResourceIds
|
string[]
(arm-id)
|
Resource-id's van de DNS-zones die moeten worden gekoppeld aan de invoegtoepassing Toepassingsroutering. Wordt alleen gebruikt wanneer de invoegtoepassing Toepassingsroutering is ingeschakeld. Openbare en privé-DNS-zones kunnen zich in verschillende resourcegroepen bevinden, maar alle openbare DNS-zones moeten zich in dezelfde resourcegroep bevinden en alle privé-DNS-zones moeten zich in dezelfde resourcegroep bevinden.
|
|
enabled
|
boolean
|
Hiermee wordt aangegeven of de invoegtoepassing Toepassingsroutering moet worden ingeschakeld.
|
|
identity
|
UserAssignedIdentity
|
Beheerde identiteit van de Application Routing-add-on. Dit is de identiteit waaraan machtigingen moeten worden verleend, bijvoorbeeld om de gekoppelde Azure DNS-resource te beheren en certificaten op te halen uit Azure Key Vault. Zie dit overzicht van de add-on voor meer instructies.
|
|
nginx
|
ManagedClusterIngressProfileNginx
|
Configuratie voor de standaard NginxIngressController. Zie meer op https://learn.microsoft.com/en-us/azure/aks/app-routing-nginx-configuration#the-default-nginx-ingress-controller.
|
ManagedClusterLoadBalancerProfile
Object
Profiel van de load balancer van het beheerde cluster.
| Name |
Type |
Default value |
Description |
|
allocatedOutboundPorts
|
integer
(int32)
minimum: 0
maximum: 64000
|
0
|
Het gewenste aantal toegewezen SNAT-poorten per VM. Toegestane waarden liggen tussen 0 en 64000 (inclusief). De standaardwaarde is 0, wat resulteert in dynamisch toewijzen van poorten in Azure.
|
|
backendPoolType
|
BackendPoolType
|
NodeIPConfiguration
|
Het type beheerde binnenkomende Load Balancer BackendPool.
|
|
effectiveOutboundIPs
|
ResourceReference[]
|
|
De effectieve uitgaande IP-resources van de load balancer van het cluster.
|
|
enableMultipleStandardLoadBalancers
|
boolean
|
|
Schakel meerdere standard load balancers per AKS-cluster in of niet.
|
|
idleTimeoutInMinutes
|
integer
(int32)
minimum: 4
maximum: 120
|
30
|
Gewenste time-out voor inactiviteit van uitgaande stroom in minuten. Toegestane waarden liggen in het bereik van 4 tot 120 (inclusief). De standaardwaarde is 30 minuten.
|
|
managedOutboundIPs
|
ManagedClusterLoadBalancerProfileManagedOutboundIPs
|
|
Gewenste beheerde uitgaande IP-adressen voor de load balancer van het cluster.
|
|
outboundIPPrefixes
|
ManagedClusterLoadBalancerProfileOutboundIPPrefixes
|
|
Gewenste uitgaande IP-voorvoegselbronnen voor de load balancer van het cluster.
|
|
outboundIPs
|
ManagedClusterLoadBalancerProfileOutboundIPs
|
|
Gewenste uitgaande IP-resources voor de load balancer van het cluster.
|
ManagedClusterLoadBalancerProfileManagedOutboundIPs
Object
Gewenste beheerde uitgaande IP-adressen voor de load balancer van het cluster.
| Name |
Type |
Default value |
Description |
|
count
|
integer
(int32)
minimum: 1
maximum: 100
|
1
|
Het gewenste aantal uitgaande IPv4-IP's dat door Azure is gemaakt/beheerd voor de load balancer van het cluster. Toegestane waarden moeten tussen 1 en 100 (inclusief) liggen. De standaardwaarde is 1.
|
|
countIPv6
|
integer
(int32)
minimum: 0
maximum: 100
|
0
|
Het gewenste aantal uitgaande IP-adressen van IPv6 dat door Azure is gemaakt/beheerd voor de load balancer van het cluster. Toegestane waarden moeten tussen 1 en 100 (inclusief) liggen. De standaardwaarde is 0 voor één stack en 1 voor dubbele stack.
|
ManagedClusterLoadBalancerProfileOutboundIPPrefixes
Object
Gewenste uitgaande IP-voorvoegselbronnen voor de load balancer van het cluster.
| Name |
Type |
Description |
|
publicIPPrefixes
|
ResourceReference[]
|
Een lijst met resources voor openbare IP-voorvoegsels.
|
ManagedClusterLoadBalancerProfileOutboundIPs
Object
Gewenste uitgaande IP-resources voor de load balancer van het cluster.
| Name |
Type |
Description |
|
publicIPs
|
ResourceReference[]
|
Een lijst met openbare IP-resources.
|
ManagedClusterManagedOutboundIPProfile
Object
Profiel van de beheerde uitgaande IP-resources van het beheerde cluster.
| Name |
Type |
Default value |
Description |
|
count
|
integer
(int32)
minimum: 1
maximum: 16
|
1
|
Het gewenste aantal uitgaande IP-adressen dat is gemaakt/beheerd door Azure. Toegestane waarden moeten binnen het bereik van 1 tot 16 (inclusief) liggen. De standaardwaarde is 1.
|
ManagedClusterMetricsProfile
Object
Het profiel voor metrische gegevens voor managedCluster.
| Name |
Type |
Description |
|
costAnalysis
|
ManagedClusterCostAnalysis
|
De configuratie voor gedetailleerde kostenanalyse per Kubernetes-resource.
|
ManagedClusterNATGatewayProfile
Object
Profiel van de NAT-gateway van het beheerde cluster.
| Name |
Type |
Default value |
Description |
|
effectiveOutboundIPs
|
ResourceReference[]
|
|
De effectieve uitgaande IP-resources van de CLUSTER NAT-gateway.
|
|
idleTimeoutInMinutes
|
integer
(int32)
minimum: 4
maximum: 120
|
4
|
Gewenste time-out voor inactiviteit van uitgaande stroom in minuten. Toegestane waarden liggen in het bereik van 4 tot 120 (inclusief). De standaardwaarde is 4 minuten.
|
|
managedOutboundIPProfile
|
ManagedClusterManagedOutboundIPProfile
|
|
Profiel van de beheerde uitgaande IP-resources van de CLUSTER NAT-gateway.
|
ManagedClusterNodeProvisioningProfile
Object
Node-provisioningprofiel voor het beheerde cluster.
| Name |
Type |
Default value |
Description |
|
defaultNodePools
|
NodeProvisioningDefaultNodePools
|
Auto
|
De set standaard Karpenter NodePools (CRD's) die is geconfigureerd voor het inrichten van knooppunten. Dit veld heeft geen effect, tenzij de modus 'Auto' is. Waarschuwing: Als u dit op een bestaand cluster wijzigt van Auto naar Geen, worden de standaard Karpenter-knooppuntpools verwijderd, waardoor de knooppunten die aan deze pools zijn gekoppeld, worden leeggemaakt en verwijderd. Het wordt sterk aanbevolen om dit niet te doen, tenzij er inactieve knooppunten klaar staan om de pods te nemen die door die actie zijn ontruimd. Als dit niet is opgegeven, is de standaardinstelling Automatisch. Voor meer informatie zie aka.ms/aks/nap#node-pools.
|
|
mode
|
NodeProvisioningMode
|
|
De inrichtingsmodus van het knooppunt. Als dit niet is opgegeven, is de standaardwaarde Handmatig.
|
ManagedClusterNodeResourceGroupProfile
Object
Vergrendelingsprofiel voor knooppuntresourcegroepen voor een beheerd cluster.
| Name |
Type |
Description |
|
restrictionLevel
|
RestrictionLevel
|
Het beperkingsniveau dat is toegepast op de knooppuntresourcegroep van het cluster. Als dit niet is opgegeven, is de standaardwaarde 'Onbeperkt'
|
ManagedClusterOIDCIssuerProfile
Object
Het OIDC-verlenerprofiel van het beheerde cluster.
| Name |
Type |
Description |
|
enabled
|
boolean
|
Of de OIDC-verlener is ingeschakeld.
|
|
issuerURL
|
string
|
De URL van de OIDC-uitgever van het beheerde cluster.
|
ManagedClusterPodIdentity
Object
Details over de pod-identiteit die is toegewezen aan het beheerde cluster.
| Name |
Type |
Description |
|
bindingSelector
|
string
|
De bindingselector die moet worden gebruikt voor de AzureIdentityBinding-resource.
|
|
identity
|
UserAssignedIdentity
|
De door de gebruiker toegewezen identiteitsgegevens.
|
|
name
|
string
|
De naam van de pod-identiteit.
|
|
namespace
|
string
|
De naamruimte van de pod-identiteit.
|
|
provisioningInfo
|
ManagedClusterPodIdentityProvisioningInfo
|
De provisioning-informatie voor de pod-identiteit.
|
|
provisioningState
|
ManagedClusterPodIdentityProvisioningState
|
De huidige inrichtingsstatus van de pod-identiteit.
|
ManagedClusterPodIdentityException
Object
Een uitzondering op podidentiteit, waarmee pods met bepaalde labels toegang hebben tot het EINDPUNT van de Azure Instance Metadata Service (IMDS) zonder dat deze worden onderschept door de NMI-server (Node Managed Identity). Zie AAD Pod Identity uitschakelen voor een specifieke pod/toepassing voor meer informatie.
| Name |
Type |
Description |
|
name
|
string
|
De naam van de uitzondering voor de pod-identiteit.
|
|
namespace
|
string
|
De naamruimte van de pod-id-uitzondering.
|
|
podLabels
|
object
|
De podlabels die overeenkomen.
|
ManagedClusterPodIdentityProfile
Object
Het pod-identiteitsprofiel van het beheerde cluster. Zie AAD-podidentiteit gebruiken voor meer informatie over de integratie van pod-identiteiten.
| Name |
Type |
Description |
|
allowNetworkPluginKubenet
|
boolean
|
Of pod-identiteit mag worden uitgevoerd op clusters met Kubenet-netwerken. Uitvoeren in Kubenet is standaard uitgeschakeld vanwege de beveiligingsgerelateerde aard van AAD Pod Identity en de risico's van IP-adresvervalsing. Zie het gebruik van de Kubenet-netwerkinvoegtoepassing met AAD Pod Identity voor meer informatie.
|
|
enabled
|
boolean
|
Of de pod-id-invoegtoepassing is ingeschakeld.
|
|
userAssignedIdentities
|
ManagedClusterPodIdentity[]
|
De pod-identiteiten die in het cluster moeten worden gebruikt.
|
|
userAssignedIdentityExceptions
|
ManagedClusterPodIdentityException[]
|
De uitzonderingen voor pod-identiteiten die moeten worden toegestaan.
|
ManagedClusterPodIdentityProvisioningError
Object
Een foutbericht van het inrichten van pod-identiteiten.
ManagedClusterPodIdentityProvisioningErrorBody
Object
Een foutbericht van het inrichten van pod-identiteiten.
| Name |
Type |
Description |
|
code
|
string
|
Een id voor de fout. Codes zijn invariant en zijn bedoeld om programmatisch te worden gebruikt.
|
|
details
|
ManagedClusterPodIdentityProvisioningErrorBody[]
|
Een lijst met aanvullende informatie over de fout.
|
|
message
|
string
|
Een bericht met een beschrijving van de fout, bedoeld om te worden weergegeven in een gebruikersinterface.
|
|
target
|
string
|
Het doel van de specifieke fout. Bijvoorbeeld de naam van de eigenschap in fout.
|
ManagedClusterPodIdentityProvisioningInfo
Object
Pod-identiteitsinformatie.
ManagedClusterPodIdentityProvisioningState
Opsomming
De huidige inrichtingsstatus van de pod-identiteit.
| Waarde |
Description |
|
Assigned
|
Pod-identiteit wordt toegewezen.
|
|
Canceled
|
Toewijzing van de podidentiteit is geannuleerd.
|
|
Deleting
|
De identiteit van de pod wordt verwijderd.
|
|
Failed
|
Toewijzing van podidentiteit mislukt.
|
|
Succeeded
|
Toewijzing van podidentiteit geslaagd.
|
|
Updating
|
De identiteit van de pod wordt bijgewerkt.
|
ManagedClusterPropertiesAutoScalerProfile
Object
Parameters die moeten worden toegepast op de automatische schaalaanpassing van clusters wanneer deze optie is ingeschakeld
| Name |
Type |
Description |
|
balance-similar-node-groups
|
string
|
Detecteert vergelijkbare knooppuntgroepen en balanceert het aantal knooppunten ertussen. Geldige waarden zijn 'true' en 'false'
|
|
daemonset-eviction-for-empty-nodes
|
boolean
|
DaemonSet-pods worden netjes beëindigd vanaf lege knooppunten. Als deze optie is ingesteld op true, worden alle daemonset-pods op lege knooppunten verwijderd voordat het knooppunt wordt verwijderd. Als de daemonset-pod niet kan worden verwijderd, wordt een ander knooppunt gekozen voor schalen. Als dit is ingesteld op false, wordt het knooppunt verwijderd zonder ervoor te zorgen dat daemonset-pods worden verwijderd of verwijderd.
|
|
daemonset-eviction-for-occupied-nodes
|
boolean
|
DaemonSet-pods worden netjes beëindigd van niet-lege knooppunten. Als deze optie is ingesteld op true, worden alle daemonset-pods op bezette knooppunten verwijderd voordat het knooppunt wordt verwijderd. Als de daemonset-pod niet kan worden verwijderd, wordt een ander knooppunt gekozen voor schalen. Als dit is ingesteld op false, wordt het knooppunt verwijderd zonder ervoor te zorgen dat daemonset-pods worden verwijderd of verwijderd.
|
|
expander
|
Expander
|
De expander om te gebruiken bij het opschalen. Als dit niet is opgegeven, is de standaardwaarde 'willekeurig'. Zie expanders voor meer informatie.
|
|
ignore-daemonsets-utilization
|
boolean
|
Moet CA DaemonSet-pods negeren bij het berekenen van het resourcegebruik voor het verkleinen. Indien ingesteld op true, worden de resources die door daemonset worden gebruikt, in aanmerking genomen bij het nemen van beslissingen over omlaag schalen.
|
|
max-empty-bulk-delete
|
string
|
Het maximum aantal lege knooppunten dat tegelijkertijd kan worden verwijderd. Dit moet een positief geheel getal zijn. De standaardwaarde is 10.
|
|
max-graceful-termination-sec
|
string
|
Het maximum aantal seconden dat de automatische schaalaanpassing van clusters wacht op beëindiging van pods bij het omlaag schalen van een knooppunt. De standaardwaarde is 600.
|
|
max-node-provision-time
|
string
|
De maximale tijd waarop de automatische schaalaanpassing wacht tot een knooppunt is ingericht. De standaardwaarde is 15 min. Waarden moeten een geheel getal zijn, gevolgd door een 'm'. Er wordt geen andere tijdseenheid dan minuten (m) ondersteund.
|
|
max-total-unready-percentage
|
string
|
Het maximumpercentage van ongelezen knooppunten in het cluster. Nadat dit percentage is overschreden, stopt de automatische schaalaanpassing van clusters bewerkingen. De standaardwaarde is 45. Het maximum is 100 en het minimum is 0.
|
|
new-pod-scale-up-delay
|
string
|
Niet-geplande pods negeren voordat ze een bepaalde leeftijd hebben. Voor scenario's zoals burst-/batchschaal waarbij u niet wilt dat CA reageert voordat de kubernetes-scheduler alle pods kan plannen, kunt u ca laten weten dat niet-geplande pods worden genegeerd voordat ze een bepaalde leeftijd hebben. De standaardwaarde is '0s'. Waarden moeten een geheel getal zijn, gevolgd door een eenheid ('s' voor seconden, 'm' voor minuten, 'h' voor uren, enzovoort).
|
|
ok-total-unready-count
|
string
|
Het aantal toegestane ongelezen knooppunten, ongeacht het maximumaantal ongelezen knooppunten. Dit moet een geheel getal zijn. De standaardwaarde is 3.
|
|
scale-down-delay-after-add
|
string
|
Hoe lang na de opschaling hervat de evaluatie voor neerschalen? De standaardwaarde is '10m'. Waarden moeten een geheel getal zijn, gevolgd door een 'm'. Er wordt geen andere tijdseenheid dan minuten (m) ondersteund.
|
|
scale-down-delay-after-delete
|
string
|
Hoe lang na het verwijderen van knooppunten de evaluatie voor afschaling wordt hervat. De standaardwaarde is het scaninterval. Waarden moeten een geheel getal zijn, gevolgd door een 'm'. Er wordt geen andere tijdseenheid dan minuten (m) ondersteund.
|
|
scale-down-delay-after-failure
|
string
|
Hoe lang na het falen van de afschaling wordt de evaluatie van de afschaling hervat? De standaardwaarde is '3m'. Waarden moeten een geheel getal zijn, gevolgd door een 'm'. Er wordt geen andere tijdseenheid dan minuten (m) ondersteund.
|
|
scale-down-unneeded-time
|
string
|
Hoe lang een knooppunt niet meer hoeft te worden gebruikt voordat het in aanmerking komt voor omlaag schalen. De standaardwaarde is '10m'. Waarden moeten een geheel getal zijn, gevolgd door een 'm'. Er wordt geen andere tijdseenheid dan minuten (m) ondersteund.
|
|
scale-down-unready-time
|
string
|
Hoe lang een onklaar knooppunt overbodig moet zijn voordat het in aanmerking komt voor verkleining. De standaardwaarde is '20m'. Waarden moeten een geheel getal zijn, gevolgd door een 'm'. Er wordt geen andere tijdseenheid dan minuten (m) ondersteund.
|
|
scale-down-utilization-threshold
|
string
|
Knooppuntgebruiksniveau, gedefinieerd als som van aangevraagde resources gedeeld door capaciteit, waaronder een knooppunt kan worden overwogen voor omlaag schalen. De standaardwaarde is '0,5'.
|
|
scan-interval
|
string
|
Hoe vaak het cluster opnieuw wordt geëvalueerd voor omhoog of omlaag schalen. De standaardwaarde is '10'. Waarden moeten een geheel getal van seconden zijn.
|
|
skip-nodes-with-local-storage
|
string
|
Als automatische schaalaanpassing van clusters knooppunten met pods met lokale opslag overslaat, bijvoorbeeld EmptyDir of HostPath. De standaardwaarde is waar.
|
|
skip-nodes-with-system-pods
|
string
|
Als cluster autoscaler het verwijderen van nodes met pods uit kube-system overslaat (behalve DaemonSet of mirror pods). De standaardwaarde is waar.
|
ManagedClusterSecurityProfile
Object
Beveiligingsprofiel voor het containerservicecluster.
ManagedClusterSecurityProfileDefender
Object
Microsoft Defender-instellingen voor het beveiligingsprofiel.
| Name |
Type |
Description |
|
logAnalyticsWorkspaceResourceId
|
string
(arm-id)
|
Resource-id van de Log Analytics-werkruimte die moet worden gekoppeld aan Microsoft Defender. Als Microsoft Defender is ingeschakeld, is dit veld vereist en moet dit een geldige resource-id voor de werkruimte zijn. Als Microsoft Defender is uitgeschakeld, laat u het veld leeg.
|
|
securityMonitoring
|
ManagedClusterSecurityProfileDefenderSecurityMonitoring
|
Microsoft Defender-bedreigingsdetectie voor cloudinstellingen voor het beveiligingsprofiel.
|
ManagedClusterSecurityProfileDefenderSecurityMonitoring
Object
Microsoft Defender-instellingen voor de detectie van bedreigingen van beveiligingsprofielen.
| Name |
Type |
Description |
|
enabled
|
boolean
|
Of defender-bedreigingsdetectie moet worden ingeschakeld
|
ManagedClusterSecurityProfileImageCleaner
Object
Image Cleaner verwijdert ongebruikte installatiekopieën van knooppunten, maakt schijfruimte vrij en helpt het kwetsbaarheid voor aanvallen te verminderen. Hier volgen instellingen voor het beveiligingsprofiel.
| Name |
Type |
Description |
|
enabled
|
boolean
|
Of u Image Cleaner wilt inschakelen op een AKS-cluster.
|
|
intervalHours
|
integer
(int32)
|
Scaninterval van Image Cleaner in uren.
|
ManagedClusterSecurityProfileWorkloadIdentity
Object
Instellingen voor workloadidentiteit voor het beveiligingsprofiel.
| Name |
Type |
Description |
|
enabled
|
boolean
|
Hiermee wordt aangegeven of de workloadidentiteit moet worden ingeschakeld.
|
ManagedClusterServicePrincipalProfile
Object
Informatie over een service-principal-identiteit voor het cluster dat moet worden gebruikt voor het bewerken van Azure-API's.
| Name |
Type |
Description |
|
clientId
|
string
|
De id voor de service-principal.
|
|
secret
|
string
(password)
|
Het geheime wachtwoord dat is gekoppeld aan de service-principal in tekst zonder opmaak.
|
ManagedClusterSKU
Object
De SKU van een beheerd cluster.
ManagedClusterSKUName
Opsomming
De naam van een beheerde cluster-SKU.
| Waarde |
Description |
|
Base
|
Basisoptie voor het AKS-besturingsvlak.
|
|
Automatic
|
Automatische clusters zijn geoptimaliseerd om de meeste productieworkloads uit te voeren met een configuratie die voldoet aan AKS-best practices en aanbevelingen voor cluster- en workloadconfiguratie, schaalbaarheid en beveiliging. Zie aka.ms/aks/automatic voor meer informatie over automatische clusters.
|
ManagedClusterSKUTier
Opsomming
De laag van een beheerde cluster-SKU. Als dit niet is opgegeven, is de standaardwaarde 'Gratis'. Zie de AKS-prijscategorie voor meer informatie.
| Waarde |
Description |
|
Premium
|
Cluster heeft premium mogelijkheden naast alle mogelijkheden die zijn opgenomen in 'Standaard'. Premium maakt selectie van LongTermSupport (aka.ms/aks/lts) mogelijk voor bepaalde Kubernetes-versies.
|
|
Standard
|
Aanbevolen voor bedrijfskritische workloads en productieworkloads. Omvat automatische schaalaanpassing van kubernetes-besturingsvlak, workloadintensieve tests en maximaal 5000 knooppunten per cluster. Garandeert 99.95% beschikbaarheid van het Kubernetes API-servereindpunt voor clusters die gebruikmaken van beschikbaarheidszones en 99.9% beschikbaarheid voor clusters die geen beschikbaarheidszones gebruiken.
|
|
Free
|
Het clusterbeheer is gratis, maar er worden kosten in rekening gebracht voor VM-, opslag- en netwerkgebruik. Het meest geschikt voor experimenteren, leren, eenvoudig testen of workloads met minder dan 10 knooppunten. Niet aanbevolen voor productiegebruiksscenario's.
|
ManagedClusterStaticEgressGatewayProfile
Object
De configuratie van de invoegtoepassing Static Egress Gateway voor het cluster.
| Name |
Type |
Description |
|
enabled
|
boolean
|
Schakel de add-on Static Egress Gateway in. Geeft aan of de invoegtoepassing Static Egress Gateway is ingeschakeld of niet.
|
ManagedClusterStatus
Object
Bevat alleen-lezen informatie over het beheerde cluster.
| Name |
Type |
Description |
|
provisioningError
|
ErrorDetail
|
De fout bevat gedetailleerde informatie van het beheerde cluster. Behoudt de gedetailleerde informatie over storingen. Als er geen fout is opgetreden, wordt dit veld weggelaten.
|
ManagedClusterStorageProfile
Object
Opslagprofiel voor het containerservicecluster.
ManagedClusterStorageProfileBlobCSIDriver
Object
AzureBlob CSI-stuurprogramma-instellingen voor het opslagprofiel.
| Name |
Type |
Description |
|
enabled
|
boolean
|
Of u azureBlob CSI-stuurprogramma wilt inschakelen. De standaardwaarde is onwaar.
|
ManagedClusterStorageProfileDiskCSIDriver
Object
AzureDisk CSI-stuurprogramma-instellingen voor het opslagprofiel.
| Name |
Type |
Description |
|
enabled
|
boolean
|
Of u azureDisk CSI-stuurprogramma wilt inschakelen. De standaardwaarde is waar.
|
ManagedClusterStorageProfileFileCSIDriver
Object
AzureFile CSI-stuurprogramma-instellingen voor het opslagprofiel.
| Name |
Type |
Description |
|
enabled
|
boolean
|
Of u azureFile CSI-stuurprogramma wilt inschakelen. De standaardwaarde is waar.
|
ManagedClusterStorageProfileSnapshotController
Object
Instellingen voor momentopnamecontroller voor het opslagprofiel.
| Name |
Type |
Description |
|
enabled
|
boolean
|
Hiermee wordt aangegeven of momentopnamecontroller moet worden ingeschakeld. De standaardwaarde is waar.
|
ManagedClusterWindowsProfile
Object
Profiel voor Windows-VM's in het beheerde cluster.
| Name |
Type |
Description |
|
adminPassword
|
string
(password)
|
Hiermee geeft u het wachtwoord van het beheerdersaccount.
Minimale lengte: 8 tekens
maximale lengte: 123 tekens
Complexiteitsvereisten: aan 3 van de 4 onderstaande voorwaarden moet worden voldaan
Heeft lagere tekens
Bevat bovenliggende tekens
Heeft een cijfer
Heeft een speciaal teken (Regex-overeenkomst [\W_])
Niet-toegestane waarden: "abc@123", "P@$$w 0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Wachtwoord!", "Wachtwoord1", "Wachtwoord22", "iloveyou!"
|
|
adminUsername
|
string
|
Hiermee geeft u de naam van het beheerdersaccount.
Beperking: kan niet eindigen op '.'
niet-toegestane waarden: 'administrator', 'admin', 'user', 'user1', 'test', 'user2', 'test1', 'user3', 'admin1', "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5".
Minimale lengte: 1 teken
maximale lengte: 20 tekens
|
|
enableCSIProxy
|
boolean
|
Hiermee wordt aangegeven of CSI-proxy moet worden ingeschakeld. Zie de GitHub-opslagplaats van de CSI-proxy voor meer informatie over de CSI-proxy.
|
|
gmsaProfile
|
WindowsGmsaProfile
|
Het Windows gMSA-profiel in het beheerde cluster.
|
|
licenseType
|
LicenseType
|
Het licentietype dat moet worden gebruikt voor Windows-VM's. Zie azure Hybrid User Benefits voor meer informatie.
|
ManagedClusterWorkloadAutoScalerProfile
Object
Profiel voor automatische schaalaanpassing van werkbelastingen voor het beheerde cluster.
ManagedClusterWorkloadAutoScalerProfileKeda
Object
KEDA-instellingen (Kubernetes Event-driven Autoscaling) voor het profiel voor automatische schaalaanpassing van werkbelastingen.
| Name |
Type |
Description |
|
enabled
|
boolean
|
Of keda moet worden ingeschakeld.
|
ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler
Object
VPA-instellingen (Verticale automatische schaalaanpassing van pods) voor het profiel voor automatisch schalen van werkbelastingen.
| Name |
Type |
Default value |
Description |
|
enabled
|
boolean
|
False
|
Hiermee wordt aangegeven of VPA moet worden ingeschakeld. De standaardwaarde is onwaar.
|
ManagedServiceIdentityUserAssignedIdentitiesValue
Object
Door de gebruiker toegewezen identiteitseigenschappen.
| Name |
Type |
Description |
|
clientId
|
string
|
De client-id van de door de gebruiker toegewezen identiteit.
|
|
principalId
|
string
|
De principal-id van de door de gebruiker toegewezen identiteit.
|
ManualScaleProfile
Object
Specificaties op het aantal machines.
| Name |
Type |
Description |
|
count
|
integer
(int32)
|
Aantal knooppunten.
|
|
size
|
string
|
VM-grootte die AKS gebruikt bij het maken en schalen, bijvoorbeeld 'Standard_E4s_v3', 'Standard_E16s_v3' of 'Standard_D16s_v5'.
|
NetworkDataplane
Opsomming
Netwerkgegevensvlak dat wordt gebruikt in het Kubernetes-cluster.
| Waarde |
Description |
|
azure
|
Gebruik Azure-netwerkdataplane.
|
|
cilium
|
Gebruik het datavlak van het Cilium-netwerk. Zie Azure CNI Powered by Cilium voor meer informatie.
|
NetworkMode
Opsomming
De netwerkmodus waarmee Azure CNI is geconfigureerd. Dit kan niet worden opgegeven als networkPlugin iets anders is dan 'azure'.
| Waarde |
Description |
|
transparent
|
Er wordt geen brug gemaakt. Intra-VM pod-naar-podcommunicatie verloopt via IP-routes die zijn gemaakt door Azure CNI. Zie Transparante modus voor meer informatie.
|
|
bridge
|
Dit wordt niet meer ondersteund
|
NetworkPlugin
Opsomming
De netwerkinvoegtoepassing die wordt gebruikt voor het bouwen van het Kubernetes-netwerk.
NetworkPluginMode
Opsomming
De modus die de netwerkinvoegtoepassing moet gebruiken.
| Waarde |
Description |
|
overlay
|
In combinatie met networkPlugin=azure krijgen pods IP's uit de PodCIDR-adresruimte, maar worden Azure Routing Domains gebruikt in plaats van de routetabellen van Kubenet. Ga voor meer informatie naar https://aka.ms/aks/azure-cni-overlay.
|
NetworkPolicy
Opsomming
Netwerkbeleid dat wordt gebruikt voor het bouwen van het Kubernetes-netwerk.
| Waarde |
Description |
|
none
|
Netwerkbeleid wordt niet afgedwongen. Dit is de standaardwaarde wanneer NetworkPolicy niet is opgegeven.
|
|
calico
|
Gebruik het netwerkbeleid van Calico. Zie verschillen tussen Azure- en Calico-beleid voor meer informatie.
|
|
azure
|
Gebruik Azure-netwerkbeleid. Zie verschillen tussen Azure- en Calico-beleid voor meer informatie.
|
|
cilium
|
Gebruik Cilium om netwerkbeleid af te dwingen. Hiervoor moet networkDataplane 'cilium' zijn.
|
NginxIngressControllerType
Opsomming
Type inkomend verkeer voor de standaard aangepaste NginxIngressController-resource
| Waarde |
Description |
|
AnnotationControlled
|
De standaard NginxIngressController wordt aangemaakt. Gebruikers kunnen de standaard aangepaste NginxIngressController-resource bewerken om aantekeningen van load balancers te configureren.
|
|
External
|
De standaard NginxIngressController wordt aangemaakt en de operator levert er een externe loadbalancer mee. Elke aantekening om de standaard loadbalancer intern te maken, wordt overschreven.
|
|
Internal
|
De standaard NginxIngressController wordt aangemaakt en de operator voorziet er een interne loadbalancer van. Elke aantekening om de standaard loadbalancer extern te maken, wordt overschreven.
|
|
None
|
De standaard Ingress Controller wordt niet gemaakt. Het wordt niet verwijderd door het systeem als het bestaat. Gebruikers moeten indien gewenst de standaard NginxIngressController Custom Resource handmatig verwijderen.
|
NodeOSUpgradeChannel
Opsomming
Kanaal voor upgrade van het besturingssysteem van het knooppunt. De manier waarop het besturingssysteem op uw knooppunten wordt bijgewerkt. De standaardwaarde is NodeImage.
| Waarde |
Description |
|
None
|
Er zal geen poging worden gedaan om het besturingssysteem van uw machine bij te werken, noch door het besturingssysteem, noch door VHD's. Dit betekent dat u zelf verantwoordelijk bent voor uw beveiligingsupdates
|
|
Unmanaged
|
Updates van het besturingssysteem worden automatisch toegepast via de ingebouwde patching-infrastructuur van het besturingssysteem. Nieuw geschaald in machines wordt in eerste instantie niet gepatcht en wordt op een bepaald moment gepatcht door de infrastructuur van het besturingssysteem. Het gedrag van deze optie is afhankelijk van het betreffende besturingssysteem. Ubuntu en Mariner passen beveiligingspatches toe via een upgrade zonder toezicht, ongeveer één keer per dag rond 06:00 UTC. Windows past beveiligingspatches niet automatisch toe en dus is deze optie voor hen tot nader order gelijk aan Geen
|
|
NodeImage
|
AKS zal de knooppunten bijwerken met een nieuw gepatchte VHD met beveiligingsfixes en bugfixes in een wekelijkse cadans. Met de VHD-updatemachines wordt de installatiekopie teruggerold naar die VHD na onderhoudsvensters en piekinstellingen. Er worden geen extra VHD-kosten gemaakt bij het kiezen van deze optie als AKS als host voor de installatiekopieën.
|
|
SecurityPatch
|
AKS downloadt en actualiseert de nodes met geteste beveiligingsupdates. Deze updates respecteren de instellingen van het onderhoudsvenster en produceren een nieuwe VHD die wordt gebruikt op nieuwe knooppunten. In sommige gevallen is het niet mogelijk om de updates toe te passen, in dergelijke gevallen worden de bestaande knooppunten ook opnieuw geinstallatiekopieën op de zojuist geproduceerde VHD om de wijzigingen toe te passen. Met deze optie worden extra kosten in rekening gebracht voor het hosten van de nieuwe Beveiligingspatch-VHD's in uw resourcegroep voor just-in-timeverbruik.
|
NodeProvisioningDefaultNodePools
Opsomming
De set standaard Karpenter NodePools (CRD's) die is geconfigureerd voor het inrichten van knooppunten. Dit veld heeft geen effect, tenzij de modus 'Auto' is. Waarschuwing: Als u dit op een bestaand cluster wijzigt van Auto naar Geen, worden de standaard Karpenter-knooppuntpools verwijderd, waardoor de knooppunten die aan deze pools zijn gekoppeld, worden leeggemaakt en verwijderd. Het wordt sterk aanbevolen om dit niet te doen, tenzij er inactieve knooppunten klaar staan om de pods te nemen die door die actie zijn ontruimd. Als dit niet is opgegeven, is de standaardinstelling Automatisch. Voor meer informatie zie aka.ms/aks/nap#node-pools.
| Waarde |
Description |
|
None
|
Er worden geen Karpenter NodePools automatisch ingericht. Automatisch schalen vindt alleen plaats als de gebruiker een of meer NodePool CRD-exemplaren maakt.
|
|
Auto
|
Een standaardset Karpenter NodePools wordt ingericht
|
NodeProvisioningMode
Opsomming
De inrichtingsmodus van het knooppunt. Als dit niet is opgegeven, is de standaardwaarde Handmatig.
| Waarde |
Description |
|
Manual
|
Knooppunten worden handmatig door de gebruiker ingericht
|
|
Auto
|
Knooppunten worden automatisch ingericht door AKS met behulp van Karpenter (zie aka.ms/aks/nap voor meer informatie). Knooppuntgroepen met een vaste grootte kunnen nog steeds worden gemaakt, maar automatisch schalen van knooppuntgroepen kan niet zijn. (Zie aka.ms/aks/nap voor meer informatie).
|
OSDiskType
Opsomming
Het type besturingssysteemschijf dat moet worden gebruikt voor machines in de agentgroep. De standaardwaarde is 'kortstondig' als de VIRTUELE machine deze ondersteunt en een cacheschijf heeft die groter is dan de aangevraagde OSDiskSizeGB. Anders wordt standaard 'Beheerd' gebruikt. Kan niet worden gewijzigd na het maken. Zie kortstondige os-voor meer informatie.
| Waarde |
Description |
|
Managed
|
Azure repliceert de schijf van het besturingssysteem voor een virtuele machine naar Azure-opslag om gegevensverlies te voorkomen als de VM naar een andere host moet worden verplaatst. Omdat containers niet zijn ontworpen om de lokale status persistent te maken, biedt dit gedrag een beperkte waarde en biedt dit enkele nadelen, waaronder tragere inrichting van knooppunten en een hogere lees-/schrijflatentie.
|
|
Ephemeral
|
Kortstondige besturingssysteemschijven worden alleen op de hostcomputer opgeslagen, net als een tijdelijke schijf. Dit biedt een lagere latentie voor lezen/schrijven, samen met snellere schaalaanpassing van knooppunten en clusterupgrades.
|
OSSKU
Opsomming
Hiermee geeft u de SKU van het besturingssysteem op die wordt gebruikt door de agentgroep. De standaardwaarde is Ubuntu als OSType Linux is. De standaardwaarde is Windows2019 wanneer Kubernetes <= 1.24 of Windows2022 wanneer Kubernetes >= 1.25 als OSType Windows is.
| Waarde |
Description |
|
Ubuntu
|
Gebruik Ubuntu als het besturingssysteem voor knooppuntinstallatiekopieën.
|
|
AzureLinux
|
Gebruik AzureLinux als het besturingssysteem voor knooppuntinstallatiekopieën. Azure Linux is een door containers geoptimaliseerde Linux-distributie die is gebouwd door Microsoft. Ga naar https://aka.ms/azurelinux voor meer informatie.
|
|
AzureLinux3
|
Gebruik AzureLinux3 als besturingssysteem voor knooppuntafbeeldingen. Azure Linux is een door containers geoptimaliseerde Linux-distributie die is gebouwd door Microsoft. Ga naar https://aka.ms/azurelinux voor meer informatie. Ga voor beperkingen naar https://aka.ms/aks/node-images. Zie voor richtlijnen voor het migreren van het besturingssysteem.https://aka.ms/aks/upgrade-os-version
|
|
CBLMariner
|
Afgeschafte OSSKU. Microsoft raadt aan dat nieuwe implementaties in plaats daarvan 'AzureLinux' kiezen.
|
|
Windows2019
|
Gebruik Windows2019 als het besturingssysteem voor knooppuntinstallatiekopieën. Niet ondersteund voor systeemknooppuntgroepen. Windows2019 ondersteunt alleen Windows2019-containers; Windows2022-containers kunnen niet worden uitgevoerd en omgekeerd.
|
|
Windows2022
|
Gebruik Windows2022 als het besturingssysteem voor knooppuntinstallatiekopieën. Niet ondersteund voor systeemknooppuntgroepen. Windows2022 ondersteunt alleen Windows2022-containers; Windows2019-containers kunnen niet worden uitgevoerd en omgekeerd.
|
|
Ubuntu2204
|
Gebruik Ubuntu2204 als besturingssysteem voor knooppuntafbeeldingen, maar Ubuntu 22.04 wordt mogelijk niet voor alle knooppuntpools ondersteund. Zie voor beperkingen en ondersteunde Kubernetes-versies https://aka.ms/aks/supported-ubuntu-versions
|
|
Ubuntu2404
|
Gebruik Ubuntu2404 als besturingssysteem voor knooppuntafbeeldingen, maar Ubuntu 24.04 wordt mogelijk niet voor alle knooppuntpools ondersteund. Zie voor beperkingen en ondersteunde Kubernetes-versies https://aka.ms/aks/supported-ubuntu-versions
|
OSType
Opsomming
Het type besturingssysteem. De standaardwaarde is Linux.
| Waarde |
Description |
|
Linux
|
Gebruik Linux.
|
|
Windows
|
Gebruik Windows.
|
OutboundType
Opsomming
De uitgaande routeringsmethode (uitgaand verkeer). Dit kan alleen worden ingesteld tijdens het maken van het cluster en kan later niet meer worden gewijzigd. Zie uitgaand uitgaand type voor meer informatie.
| Waarde |
Description |
|
loadBalancer
|
De load balancer wordt gebruikt voor uitgaand verkeer via een aan AKS toegewezen openbaar IP-adres. Dit ondersteunt Kubernetes-services van het type LoadBalancer. Zie loadbalancer van het uitgaande typevoor meer informatie.
|
|
userDefinedRouting
|
Uitgangspaden moeten worden gedefinieerd door de gebruiker. Dit is een geavanceerd scenario en vereist de juiste netwerkconfiguratie. Zie uitgaande type userDefinedRoutingvoor meer informatie.
|
|
managedNATGateway
|
De door AKS beheerde NAT-gateway wordt gebruikt voor uitgaand verkeer.
|
|
userAssignedNATGateway
|
De door de gebruiker toegewezen NAT-gateway die aan het clustersubnet is gekoppeld, wordt gebruikt voor uitgaand verkeer. Dit is een geavanceerd scenario en vereist de juiste netwerkconfiguratie.
|
|
none
|
Het AKS-cluster is niet ingesteld op een uitgaand type. Alle AKS-knooppunten volgen het standaardgedrag van uitgaande Azure-VM's. Verwijs naar https://azure.microsoft.com/en-us/updates/default-outbound-access-for-vms-in-azure-will-be-retired-transition-to-a-new-method-of-internet-access/
|
PodIPAllocationMode
Opsomming
Pod IP-toewijzingsmodus. De IP-toewijzingsmodus voor pods in de agentgroep. Moet worden gebruikt met podSubnetId. De standaardwaarde is DynamicIndividual.
| Waarde |
Description |
|
DynamicIndividual
|
Elk knooppunt wordt toegewezen met een niet-aaneengesloten lijst met IP-adressen die aan pods kunnen worden toegewezen. Dit is beter voor het maximaliseren van een klein tot gemiddeld subnet van grootte /16 of kleiner. Het Azure CNI-cluster met dynamische IP-toewijzing wordt standaard in deze modus gebruikt als de klant niet expliciet een podIPAllocationMode opgeeft
|
|
StaticBlock
|
Elk knooppunt krijgt statisch CIDR-blokken toegewezen met de grootte /28 = 16 IP's per blok om te voldoen aan de maxPods per knooppunt. Aantal CIDR-blokken >= (maxPods / 16). Het blok telt in plaats van één IP-adres ten opzichte van de privé-IP-limiet van Azure Vnet van 65.000. Daarom is de blokmodus geschikt voor het uitvoeren van grotere workloads met meer dan de huidige limiet van 65.000 pods in een cluster. Deze modus is beter geschikt voor schaalaanpassing met grotere subnetten van /15 of groter
|
PortRange
Object
Het poortbereik.
| Name |
Type |
Description |
|
portEnd
|
integer
(int32)
minimum: 1
maximum: 65535
|
De maximale poort die is opgenomen in het bereik. Het moet variëren van 1 tot 65535 en groter zijn dan of gelijk zijn aan portStart.
|
|
portStart
|
integer
(int32)
minimum: 1
maximum: 65535
|
De minimale poort die is opgenomen in het bereik. Het moet variëren van 1 tot 65535 en kleiner dan of gelijk aan portEnd.
|
|
protocol
|
Protocol
|
Het netwerkprotocol van de poort.
|
PowerState
Object
Beschrijft de energiestatus van het cluster
| Name |
Type |
Description |
|
code
|
Code
|
Hiermee wordt aangegeven of het cluster wordt uitgevoerd of gestopt
|
PrivateLinkResource
Object
Een private link-resource
| Name |
Type |
Description |
|
groupId
|
string
|
De groeps-id van de resource.
|
|
id
|
string
|
De id van de private link-resource.
|
|
name
|
string
|
De naam van de private link-resource. Zie de naamgevingsregels voor meer details.
|
|
privateLinkServiceID
|
string
(arm-id)
|
De Private Link-service-ID van de bron, dit veld wordt alleen intern blootgesteld aan NRP.
|
|
requiredMembers
|
string[]
|
De vereiste leden van de resource
|
|
type
|
string
|
Het hulpbrontype.
|
Protocol
Opsomming
Het netwerkprotocol van de poort.
| Waarde |
Description |
|
TCP
|
TCP-protocol.
|
|
UDP
|
UDP-protocol.
|
PublicNetworkAccess
Opsomming
PublicNetworkAccess van het beheerde cluster. Openbare netwerktoegang voor AKS toestaan of weigeren
| Waarde |
Description |
|
Enabled
|
Inslag/uitgaand naar de managedCluster is toegestaan.
|
|
Disabled
|
Binnenkomend verkeer naar managedCluster is uitgeschakeld, verkeer van managedCluster is toegestaan.
|
ResourceIdentityType
Opsomming
Het type identiteit dat wordt gebruikt voor het beheerde cluster. Zie Beheerde identiteiten gebruiken in AKS voor meer informatie.
| Waarde |
Description |
|
SystemAssigned
|
Gebruik een impliciet gemaakt systeem waaraan beheerde identiteit is toegewezen om clusterresources te beheren. Hoofdonderdelen in het besturingsvlak, zoals kube-controller-manager, gebruiken de aan het systeem toegewezen beheerde identiteit om Azure-resources te manipuleren.
|
|
UserAssigned
|
Gebruik een door de gebruiker opgegeven identiteit om clusterbronnen te beheren. Hoofdonderdelen in het besturingsvlak, zoals kube-controller-manager, gebruiken de opgegeven beheerde identiteit waaraan de gebruiker is toegewezen om Azure-resources te manipuleren.
|
|
None
|
Gebruik geen beheerde identiteit voor het beheerde cluster, maar in plaats daarvan wordt een service-principal gebruikt.
|
ResourceReference
Object
Een verwijzing naar een Azure-resource.
| Name |
Type |
Description |
|
id
|
string
(arm-id)
|
De volledig gekwalificeerde Azure-resource-id.
|
RestrictionLevel
Opsomming
Het beperkingsniveau dat is toegepast op de knooppuntresourcegroep van het cluster. Als dit niet is opgegeven, is de standaardwaarde 'Onbeperkt'
| Waarde |
Description |
|
Unrestricted
|
Alle RBAC-machtigingen zijn toegestaan op de resourcegroep voor beheerde knooppunten
|
|
ReadOnly
|
Alleen */read RBAC-machtigingen zijn toegestaan voor de resourcegroep voor beheerde knooppunten
|
ScaleDownMode
Opsomming
Beschrijft hoe VM's worden toegevoegd aan of verwijderd uit agentpools. Zie factureringsstatussen.
| Waarde |
Description |
|
Delete
|
Maak nieuwe exemplaren tijdens het opschalen en verwijder exemplaren tijdens het verkleinen.
|
|
Deallocate
|
Probeer niet-toegewezen exemplaren (indien aanwezig) te starten tijdens het opschalen en verdelen van exemplaren tijdens het verkleinen.
|
ScaleProfile
Object
Specificaties voor het schalen van een VirtualMachines-agentpool.
| Name |
Type |
Description |
|
manual
|
ManualScaleProfile[]
|
Specificaties over het schalen van de VirtualMachines-agentpool naar een vaste grootte.
|
ScaleSetEvictionPolicy
Opsomming
Het uitzettingsbeleid voor de schaal van de virtuele machine. In het uitzettingsbeleid wordt aangegeven wat er met de VM moet gebeuren wanneer deze wordt uitgezet. De standaardinstelling is Verwijderen. Voor meer informatie over uitzetting zie spot VM's
| Waarde |
Description |
|
Delete
|
Knooppunten in de onderliggende schaalset van de knooppuntenpool worden verwijderd wanneer ze worden verwijderd.
|
|
Deallocate
|
Knooppunten in de onderliggende schaalset van de knooppuntgroep worden bij uitzetting ingesteld op de status gestopt-niet-toegewezen. Knooppunten met het aantal gestopte toewijzingsstatussen ten opzichte van uw rekenquotum en kunnen problemen veroorzaken met het schalen of upgraden van clusters.
|
ScaleSetPriority
Opsomming
De prioriteit van de virtuele-machineschaalset.
| Waarde |
Description |
|
Spot
|
Er worden VM's met spotprioriteit gebruikt. Er is geen SLA voor spot-knooppunten. Zie plek op AKS- voor meer informatie.
|
|
Regular
|
Er worden gewone VM's gebruikt.
|
ServiceMeshMode
Opsomming
Modus van de service-mesh.
| Waarde |
Description |
|
Istio
|
Istio werd ingezet als een AKS-add-on.
|
|
Disabled
|
Mesh is uitgeschakeld.
|
ServiceMeshProfile
Object
Service-mesh-profiel voor een beheerd cluster.
SysctlConfig
Object
Sysctl-instellingen voor Linux-agentknooppunten.
| Name |
Type |
Description |
|
fsAioMaxNr
|
integer
(int32)
|
Sysctl-instelling fs.aio-max-nr.
|
|
fsFileMax
|
integer
(int32)
|
Sysctl instelling fs.file-max.
|
|
fsInotifyMaxUserWatches
|
integer
(int32)
|
Sysctl-instelling fs.inotify.max_user_watches.
|
|
fsNrOpen
|
integer
(int32)
|
Sysctl-instelling fs.nr_open.
|
|
kernelThreadsMax
|
integer
(int32)
|
Sysctl-instelling kernel.threads-max.
|
|
netCoreNetdevMaxBacklog
|
integer
(int32)
|
Sysctl-instelling net.core.netdev_max_backlog.
|
|
netCoreOptmemMax
|
integer
(int32)
|
Sysctl-instelling net.core.optmem_max.
|
|
netCoreRmemDefault
|
integer
(int32)
|
Sysctl-instelling net.core.rmem_default.
|
|
netCoreRmemMax
|
integer
(int32)
|
Sysctl-instelling net.core.rmem_max.
|
|
netCoreSomaxconn
|
integer
(int32)
|
Sysctl instelling net.core.somaxconn.
|
|
netCoreWmemDefault
|
integer
(int32)
|
Sysctl-instelling net.core.wmem_default.
|
|
netCoreWmemMax
|
integer
(int32)
|
Sysctl-instelling net.core.wmem_max.
|
|
netIpv4IpLocalPortRange
|
string
|
Sysctl-instelling net.ipv4.ip_local_port_range.
|
|
netIpv4NeighDefaultGcThresh1
|
integer
(int32)
|
Sysctl-instelling net.ipv4.neigh.default.gc_thresh1.
|
|
netIpv4NeighDefaultGcThresh2
|
integer
(int32)
|
Sysctl-instelling net.ipv4.neigh.default.gc_thresh2.
|
|
netIpv4NeighDefaultGcThresh3
|
integer
(int32)
|
Sysctl-instelling net.ipv4.neigh.default.gc_thresh3.
|
|
netIpv4TcpFinTimeout
|
integer
(int32)
|
Sysctl-instelling net.ipv4.tcp_fin_timeout.
|
|
netIpv4TcpKeepaliveProbes
|
integer
(int32)
|
Sysctl-instelling net.ipv4.tcp_keepalive_probes.
|
|
netIpv4TcpKeepaliveTime
|
integer
(int32)
|
Sysctl-instelling net.ipv4.tcp_keepalive_time.
|
|
netIpv4TcpMaxSynBacklog
|
integer
(int32)
|
Sysctl-instelling net.ipv4.tcp_max_syn_backlog.
|
|
netIpv4TcpMaxTwBuckets
|
integer
(int32)
|
Sysctl-instelling net.ipv4.tcp_max_tw_buckets.
|
|
netIpv4TcpTwReuse
|
boolean
|
Sysctl-instelling net.ipv4.tcp_tw_reuse.
|
|
netIpv4TcpkeepaliveIntvl
|
integer
(int32)
minimum: 10
maximum: 90
|
Sysctl-instelling net.ipv4.tcp_keepalive_intvl.
|
|
netNetfilterNfConntrackBuckets
|
integer
(int32)
minimum: 65536
maximum: 524288
|
Sysctl-instelling net.netfilter.nf_conntrack_buckets.
|
|
netNetfilterNfConntrackMax
|
integer
(int32)
minimum: 131072
maximum: 2097152
|
Sysctl-instelling net.netfilter.nf_conntrack_max.
|
|
vmMaxMapCount
|
integer
(int32)
|
Sysctl-instelling vm.max_map_count.
|
|
vmSwappiness
|
integer
(int32)
|
Sysctl-instelling vm.swappiness.
|
|
vmVfsCachePressure
|
integer
(int32)
|
Sysctl-instelling vm.vfs_cache_pressure.
|
systemData
Object
Metagegevens met betrekking tot het maken en de laatste wijziging van de resource.
| Name |
Type |
Description |
|
createdAt
|
string
(date-time)
|
De tijdstempel van het maken van resources (UTC).
|
|
createdBy
|
string
|
De identiteit waarmee de resource is gemaakt.
|
|
createdByType
|
createdByType
|
Het type identiteit waarmee de resource is gemaakt.
|
|
lastModifiedAt
|
string
(date-time)
|
De tijdstempel van de laatste wijziging van de resource (UTC)
|
|
lastModifiedBy
|
string
|
De identiteit die de resource voor het laatst heeft gewijzigd.
|
|
lastModifiedByType
|
createdByType
|
Het type identiteit dat de resource voor het laatst heeft gewijzigd.
|
UndrainableNodeBehavior
Opsomming
Definieert het gedrag voor oningestoorde knooppunten tijdens de upgrade. De meest voorkomende oorzaak van oningestoorde knooppunten is PDU's (Pod Disruption Budgets), maar andere problemen, zoals de respijtperiode voor podbeëindiging, overschrijden de resterende time-out voor het leegmaken van knooppunten of pods hebben nog steeds een actieve status, maar kunnen ook oningestoorde knooppunten veroorzaken.
| Waarde |
Description |
|
Cordon
|
AKS zal de geblokkeerde knooppunten afsluiten en ze tijdens de upgrade vervangen door piekknooppunten. De geblokkeerde knooppunten worden vastgezet en vervangen door piekknooppunten. De geblokkeerde knooppunten hebben het label 'kubernetes.azure.com/upgrade-status:Quarantined'. Voor elk geblokkeerd knooppunt wordt een piekknooppunt bewaard. Er wordt een poging gedaan om alle andere piekknooppunten te verwijderen. Als er voldoende piekknooppunten zijn om geblokkeerde knooppunten te vervangen, heeft de upgradebewerking en het beheerde cluster de status Mislukt. Anders hebben de upgradebewerking en het beheerde cluster de status Geannuleerd.
|
|
Schedule
|
AKS markeert de geblokkeerde knooppunten als planbaar, maar de geblokkeerde knooppunten worden niet geüpgraded. Er wordt een poging gedaan om alle piekknooppunten te verwijderen. De upgradebewerking en het beheerde cluster hebben de status Mislukt als er geblokkeerde knooppunten zijn.
|
UpgradeChannel
Opsomming
Het upgradekanaal voor automatische upgrade. De standaardwaarde is 'none'. Zie het instellen van het kanaal voor automatische upgrade van het AKS-cluster voor meer informatie.
| Waarde |
Description |
|
rapid
|
Upgrade het cluster automatisch naar de nieuwste ondersteunde patchrelease op de meest recente ondersteunde secundaire versie. In gevallen waarin het cluster zich in een versie van Kubernetes bevindt die zich op een secundaire N-2-versie bevindt, waarbij N de meest recente ondersteunde secundaire versie is, wordt het cluster eerst bijgewerkt naar de meest recente ondersteunde patchversie op N-1 secundaire versie. Als een cluster bijvoorbeeld versie 1.17.7 en versie 1.17.9, 1.18.4, 1.18.6 en 1.19.1 beschikbaar is, wordt uw cluster eerst bijgewerkt naar 1.18.6 en wordt vervolgens bijgewerkt naar 1.19.1.
|
|
stable
|
Upgrade het cluster automatisch naar de meest recente ondersteunde patchrelease op secundaire versie N-1, waarbij N de meest ondersteunde secundaire versie is. Als een cluster bijvoorbeeld versie 1.17.7 en versie 1.17.9, 1.18.4, 1.18.6 en 1.19.1 beschikbaar is, wordt uw cluster bijgewerkt naar 1.18.6.
|
|
patch
|
Upgrade het cluster automatisch naar de nieuwste ondersteunde patchversie wanneer deze beschikbaar komt, terwijl de secundaire versie hetzelfde blijft. Als een cluster bijvoorbeeld versie 1.17.7 en versie 1.17.9, 1.18.4, 1.18.6 en 1.19.1 beschikbaar is, wordt uw cluster bijgewerkt naar 1.17.9.
|
|
node-image
|
Upgrade de knooppuntafbeelding automatisch naar de nieuwste beschikbare versie. Overweeg om in plaats daarvan nodeOSUpgradeChannel te gebruiken, omdat u dan de patching van het besturingssysteem van node los van de patching van de Kubernetes-versie kunt configureren
|
|
none
|
Hiermee worden automatische upgrades uitgeschakeld en blijft het cluster op de huidige versie van Kubernetes.
|
UpgradeOverrideSettings
Object
Instellingen voor onderdrukkingen bij het upgraden van een cluster.
| Name |
Type |
Description |
|
forceUpgrade
|
boolean
|
Of het cluster moet worden geforceerd bijgewerkt. Met deze optie wordt de upgradebewerking geïnstrueerd om upgradebeveiligingen te omzeilen, zoals controleren op afgeschaft API-gebruik. Schakel deze optie alleen met voorzichtigheid in.
|
|
until
|
string
(date-time)
|
Totdat de onderdrukkingen effectief zijn. Houd er rekening mee dat dit alleen overeenkomt met de begintijd van een upgrade en dat de effectiviteit niet verandert zodra een upgrade wordt gestart, zelfs niet als de upgrade verloopt als de until upgrade verloopt. Dit veld is niet standaard ingesteld. Deze moet worden ingesteld om de onderdrukkingen van kracht te laten worden.
|
UserAssignedIdentity
Object
Details over een door de gebruiker toegewezen identiteit.
| Name |
Type |
Description |
|
clientId
|
string
|
De client-id van de door de gebruiker toegewezen identiteit.
|
|
objectId
|
string
|
De object-id van de door de gebruiker toegewezen identiteit.
|
|
resourceId
|
string
(arm-id)
|
De resource-id van de door de gebruiker toegewezen identiteit.
|
VirtualMachineNodes
Object
Huidige status van een groep knooppunten met dezelfde VM-grootte.
| Name |
Type |
Description |
|
count
|
integer
(int32)
|
Aantal knooppunten.
|
|
size
|
string
|
De VM-grootte van de agents die worden gebruikt om deze groep knooppunten te hosten.
|
VirtualMachinesProfile
Object
Specificaties voor VirtualMachines-agentpool.
| Name |
Type |
Description |
|
scale
|
ScaleProfile
|
Specificaties voor het schalen van een VirtualMachines-agentpool.
|
WindowsGmsaProfile
Object
Windows gMSA-profiel in het beheerde cluster.
| Name |
Type |
Description |
|
dnsServer
|
string
|
Hiermee geeft u de DNS-server voor Windows gMSA.
Stel deze in op leeg als u de DNS-server hebt geconfigureerd in het vnet dat wordt gebruikt om het beheerde cluster te maken.
|
|
enabled
|
boolean
|
Of u Windows gMSA wilt inschakelen. Hiermee geeft u op of Windows gMSA moet worden ingeschakeld in het beheerde cluster.
|
|
rootDomainName
|
string
|
Hiermee geeft u de hoofddomeinnaam voor Windows gMSA.
Stel deze in op leeg als u de DNS-server hebt geconfigureerd in het vnet dat wordt gebruikt om het beheerde cluster te maken.
|
WorkloadRuntime
Opsomming
Bepaalt het type workload dat een knooppunt kan uitvoeren.
| Waarde |
Description |
|
OCIContainer
|
Knooppunten gebruiken Kubelet om standaard-OCI-containerworkloads uit te voeren.
|
|
WasmWasi
|
Knooppunten gebruiken Krustlet om WASM-workloads uit te voeren met behulp van de WASI-provider (preview).
|
|
KataVmIsolation
|
Knooppunten kunnen worden gebruikt (Kata + Cloud Hypervisor + Hyper-V) om geneste VM-gebaseerde pods in te schakelen. Vanwege het gebruik van Hyper-V is het AKS-knooppuntbesturingssysteem zelf een geneste VM (het hoofdbesturingssysteem) van Hyper-V. Het kan dus alleen worden gebruikt met VM-serie die ondersteuning biedt voor geneste virtualisatie, zoals Dv3-serie.
|