Azure Container Kubernetes Cluster

Microsoft.ContainerService/managedClusters (Azure Resource Manager)

The managedClusters in Microsoft.ContainerService can be configured in Azure Resource Manager with the resource name Microsoft.ContainerService/managedClusters. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

ConsenSys/quorum-kubernetes

        "type":  "Microsoft.ContainerService/managedClusters",
        "apiVersion": "[variables('apiVersionManangedClusters')]",
        "name": "[variables('clusterName')]",
        "location": "[parameters('location')]",
        "dependsOn": [
          "[resourceId('Microsoft.Network/virtualNetworks', variables('vnetName'))]",

mspnp/aks-baseline-multi-region

            "type": "Microsoft.ContainerService/managedClusters",
            "apiVersion": "2021-02-01",
            "name": "[variables('clusterName')]",
            "location": "[parameters('location')]",
            "tags": {
                "Application identifier": "[variables('appId')]"

dsanchor/aks-generic

            "type": "Microsoft.ContainerService/managedClusters",
            "apiVersion": "2020-11-01",
            "name": "[variables('clusterName')]",
            "location": "[parameters('location')]",
            "dependsOn": [
                "[resourceId('Microsoft.OperationsManagement/solutions', variables('containerInsightsSolutionName'))]"

cse-labs/aks-secure-baseline-hack

            "type": "Microsoft.ContainerService/managedClusters",
            "apiVersion": "2021-02-01",
            "name": "[variables('clusterName')]",
            "location": "[parameters('location')]",
            "dependsOn": [
                "[resourceId('Microsoft.OperationsManagement/solutions', variables('containerInsightsSolutionName'))]",

mspnp/aks-fabrikam-dronedelivery

            "type": "Microsoft.ContainerService/managedClusters",
            "apiVersion": "2020-11-01",
            "name": "[variables('clusterName')]",
            "location": "[parameters('location')]",
            "dependsOn": [
                "[resourceId('Microsoft.OperationsManagement/solutions', variables('containerInsightsSolutionName'))]"

srini-achanta/aks-secure-baseline

            "type": "Microsoft.ContainerService/managedClusters",
            "apiVersion": "2021-02-01",
            "name": "[variables('clusterName')]",
            "location": "[parameters('location')]",
            "tags": {
                "Business unit": "BU0001",

MarkWme/akssb120

            "type": "Microsoft.ContainerService/managedClusters",
            "apiVersion": "2021-02-01",
            "name": "[variables('clusterName')]",
            "location": "[parameters('location')]",
            "dependsOn": [
                "[resourceId('Microsoft.OperationsManagement/solutions', variables('containerInsightsSolutionName'))]",

mctouch/aks-secure-baseline

            "type": "Microsoft.ContainerService/managedClusters",
            "apiVersion": "2021-02-01",
            "name": "[variables('clusterName')]",
            "location": "[parameters('location')]",
            "dependsOn": [
                "[resourceId('Microsoft.OperationsManagement/solutions', variables('containerInsightsSolutionName'))]",

NHK-Technologies-PVT-LTD/AKS-BaseLine-Deploy

            "type": "Microsoft.ContainerService/managedClusters",
            "apiVersion": "2021-02-01",
            "name": "[variables('clusterName')]",
            "location": "[parameters('location')]",
            "dependsOn": [
                "[resourceId('Microsoft.OperationsManagement/solutions', variables('containerInsightsSolutionName'))]",

gareththegeek/aks-secure-baseline

            "type": "Microsoft.ContainerService/managedClusters",
            "apiVersion": "2021-02-01",
            "name": "[variables('clusterName')]",
            "location": "[parameters('location')]",
            "tags": {
                "Business unit": "BU0001",

Parameters

• apiVersion required - string
• extendedLocation optional
  • name optional - string

    The name of the extended location.

  • type optional - string

    The type of the extended location.

• identity optional
  • type optional - string

    For more information see use managed identities in AKS.

  • userAssignedIdentities optional - undefined

    The keys must be ARM resource IDs in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

• location required - string

  Resource location

• name required - string

  The name of the managed cluster resource.

• properties required
  • aadProfile optional
    • adminGroupObjectIDs optional - array

      The list of AAD group object IDs that will have admin role of the cluster.

    • clientAppID optional - string

      The client AAD application ID.

    • enableAzureRBAC optional - boolean

      Whether to enable Azure RBAC for Kubernetes authorization.

    • managed optional - boolean

      Whether to enable managed AAD.

    • serverAppID optional - string

      The server AAD application ID.

    • serverAppSecret optional - string

      The server AAD application secret.

    • tenantID optional - string

      The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment subscription.

  • addonProfiles optional - undefined

    The profile of managed cluster add-on.

  • agentPoolProfiles optional array
    • availabilityZones optional - array

      The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is 'VirtualMachineScaleSets'.

    • count optional - integer

      Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1.

    • creationData optional
      • sourceResourceId optional - string

        This is the ARM ID of the source object to be used to create the target object.

    • enableAutoScaling optional - boolean

      Whether to enable auto-scaler

    • enableEncryptionAtHost optional - boolean

      This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption

    • enableFIPS optional - boolean

      See Add a FIPS-enabled node pool for more details.

    • enableNodePublicIP optional - boolean

      Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false.

    • enableUltraSSD optional - boolean

      Whether to enable UltraSSD

    • gpuInstanceProfile optional - string

      GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.

    • kubeletConfig optional
      • allowedUnsafeSysctls optional - array

        Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in *).

      • containerLogMaxFiles optional - integer

        The maximum number of container log files that can be present for a container. The number must be ≥ 2.

      • containerLogMaxSizeMB optional - integer

        The maximum size (e.g. 10Mi) of container log file before it is rotated.

      • cpuCfsQuota optional - boolean

        The default is true.

      • cpuCfsQuotaPeriod optional - string

        The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'.

      • cpuManagerPolicy optional - string

        The default is 'none'. See Kubernetes CPU management policies for more information. Allowed values are 'none' and 'static'.

      • failSwapOn optional - boolean

        If set to true it will make the Kubelet fail to start if swap is enabled on the node.

      • imageGcHighThreshold optional - integer

        To disable image garbage collection, set to 100. The default is 85%

      • imageGcLowThreshold optional - integer

        This cannot be set higher than imageGcHighThreshold. The default is 80%

      • podMaxPids optional - integer

        The maximum number of processes per pod.

      • topologyManagerPolicy optional - string

        For more information see Kubernetes Topology Manager. The default is 'none'. Allowed values are 'none', 'best-effort', 'restricted', and 'single-numa-node'.

    • kubeletDiskType optional - string
    • linuxOSConfig optional
      • swapFileSizeMB optional - integer

        The size in MB of a swap file that will be created on each node.

      • sysctls optional
        • fsAioMaxNr optional - integer

          Sysctl setting fs.aio-max-nr.

        • fsFileMax optional - integer

          Sysctl setting fs.file-max.

        • fsInotifyMaxUserWatches optional - integer

          Sysctl setting fs.inotify.max_user_watches.

        • fsNrOpen optional - integer

          Sysctl setting fs.nr_open.

        • kernelThreadsMax optional - integer

          Sysctl setting kernel.threads-max.

        • netCoreNetdevMaxBacklog optional - integer

          Sysctl setting net.core.netdev_max_backlog.

        • netCoreOptmemMax optional - integer

          Sysctl setting net.core.optmem_max.

        • netCoreRmemDefault optional - integer

          Sysctl setting net.core.rmem_default.

        • netCoreRmemMax optional - integer

          Sysctl setting net.core.rmem_max.

        • netCoreSomaxconn optional - integer

          Sysctl setting net.core.somaxconn.

        • netCoreWmemDefault optional - integer

          Sysctl setting net.core.wmem_default.

        • netCoreWmemMax optional - integer

          Sysctl setting net.core.wmem_max.

        • netIpv4IpLocalPortRange optional - string

          Sysctl setting net.ipv4.ip_local_port_range.

        • netIpv4NeighDefaultGcThresh1 optional - integer

          Sysctl setting net.ipv4.neigh.default.gc_thresh1.

        • netIpv4NeighDefaultGcThresh2 optional - integer

          Sysctl setting net.ipv4.neigh.default.gc_thresh2.

        • netIpv4NeighDefaultGcThresh3 optional - integer

          Sysctl setting net.ipv4.neigh.default.gc_thresh3.

        • netIpv4TcpFinTimeout optional - integer

          Sysctl setting net.ipv4.tcp_fin_timeout.

        • netIpv4TcpkeepaliveIntvl optional - integer

          Sysctl setting net.ipv4.tcp_keepalive_intvl.

        • netIpv4TcpKeepaliveProbes optional - integer

          Sysctl setting net.ipv4.tcp_keepalive_probes.

        • netIpv4TcpKeepaliveTime optional - integer

          Sysctl setting net.ipv4.tcp_keepalive_time.

        • netIpv4TcpMaxSynBacklog optional - integer

          Sysctl setting net.ipv4.tcp_max_syn_backlog.

        • netIpv4TcpMaxTwBuckets optional - integer

          Sysctl setting net.ipv4.tcp_max_tw_buckets.

        • netIpv4TcpTwReuse optional - boolean

          Sysctl setting net.ipv4.tcp_tw_reuse.

        • netNetfilterNfConntrackBuckets optional - integer

          Sysctl setting net.netfilter.nf_conntrack_buckets.

        • netNetfilterNfConntrackMax optional - integer

          Sysctl setting net.netfilter.nf_conntrack_max.

        • vmMaxMapCount optional - integer

          Sysctl setting vm.max_map_count.

        • vmSwappiness optional - integer

          Sysctl setting vm.swappiness.

        • vmVfsCachePressure optional - integer

          Sysctl setting vm.vfs_cache_pressure.

      • transparentHugePageDefrag optional - string

        Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is 'madvise'. For more information see Transparent Hugepages.

      • transparentHugePageEnabled optional - string

        Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more information see Transparent Hugepages.

    • maxCount optional - integer

      The maximum number of nodes for auto-scaling

    • maxPods optional - integer

      The maximum number of pods that can run on a node.

    • minCount optional - integer

      The minimum number of nodes for auto-scaling

    • mode optional - string
    • name required - string

      Windows agent pool names must be 6 characters or less.

    • nodeLabels optional - string

      The node labels to be persisted across all nodes in agent pool.

    • nodePublicIPPrefixID optional - string

      This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}

    • nodeTaints optional - array

      The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.

    • orchestratorVersion optional - string

      As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool.

    • osDiskSizeGB optional - integer

      OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified.

    • osDiskType optional - string
    • osSKU optional - string
    • osType optional - string
    • podSubnetID optional - string

      If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}

    • powerState optional
      • code optional - string

        Tells whether the cluster is Running or Stopped.

    • proximityPlacementGroupID optional - string

      The ID for Proximity Placement Group.

    • scaleDownMode optional - string

      This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.

    • scaleSetEvictionPolicy optional - string

      This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is 'Delete'.

    • scaleSetPriority optional - string

      The Virtual Machine Scale Set priority. If not specified, the default is 'Regular'.

    • spotMaxPrice optional - number

      Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing

    • tags optional - string

      The tags to be persisted on the agent pool virtual machine scale set.

    • type optional - string
    • upgradeSettings optional
      • maxSurge optional - string

        This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 1. For more information, including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade

    • vmSize optional - string

      VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions

    • vnetSubnetID optional - string

      If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}

    • workloadRuntime optional - string
  • apiServerAccessProfile optional
    • authorizedIPRanges optional - array

      IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see API server authorized IP ranges.

    • disableRunCommand optional - boolean

      Whether to disable run command for the cluster or not.

    • enablePrivateCluster optional - boolean

      For more details, see Creating a private AKS cluster.

    • enablePrivateClusterPublicFQDN optional - boolean

      Whether to create additional public FQDN for private cluster or not.

    • privateDNSZone optional - string

      The default is System. For more details see configure private DNS zone. Allowed values are 'system' and 'none'.

  • autoScalerProfile optional
    • balance-similar-node-groups optional - string

      Valid values are 'true' and 'false'

    • expander optional - string

      If not specified, the default is 'random'. See expanders for more information.

    • max-empty-bulk-delete optional - string

      The default is 10.

    • max-graceful-termination-sec optional - string

      The default is 600.

    • max-node-provision-time optional - string

      The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.

    • max-total-unready-percentage optional - string

      The default is 45. The maximum is 100 and the minimum is 0.

    • new-pod-scale-up-delay optional - string

      For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc).

    • ok-total-unready-count optional - string

      This must be an integer. The default is 3.

    • scale-down-delay-after-add optional - string

      The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.

    • scale-down-delay-after-delete optional - string

      The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.

    • scale-down-delay-after-failure optional - string

      The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.

    • scale-down-unneeded-time optional - string

      The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.

    • scale-down-unready-time optional - string

      The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.

    • scale-down-utilization-threshold optional - string

      The default is '0.5'.

    • scan-interval optional - string

      The default is '10'. Values must be an integer number of seconds.

    • skip-nodes-with-local-storage optional - string

      The default is true.

    • skip-nodes-with-system-pods optional - string

      The default is true.

  • autoUpgradeProfile optional
    • upgradeChannel optional - string

      For more information see setting the AKS cluster auto-upgrade channel.

  • disableLocalAccounts optional - boolean

    If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. For more details see disable local accounts.

  • diskEncryptionSetID optional - string

    This is of the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}'

  • dnsPrefix optional - string

    This cannot be updated once the Managed Cluster has been created.

  • enablePodSecurityPolicy optional - boolean

    (DEPRECATING) Whether to enable Kubernetes pod security policy (preview). This feature is set for removal on October 15th, 2020. Learn more at aka.ms/aks/azpodpolicy.

  • enableRBAC optional - boolean

    Whether to enable Kubernetes Role-Based Access Control.

  • fqdnSubdomain optional - string

    This cannot be updated once the Managed Cluster has been created.

  • httpProxyConfig optional
    • httpProxy optional - string

      The HTTP proxy server endpoint to use.

    • httpsProxy optional - string

      The HTTPS proxy server endpoint to use.

    • noProxy optional - array

      The endpoints that should not go through proxy.

    • trustedCa optional - string

      Alternative CA cert to use for connecting to proxy servers.

  • identityProfile optional - undefined

    Identities associated with the cluster.

  • kubernetesVersion optional - string

    When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See upgrading an AKS cluster for more details.

  • linuxProfile optional
    • adminUsername required - string

      The administrator username to use for Linux VMs.

    • ssh required
      • publicKeys required array
        • keyData required - string

          Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or without headers.

  • networkProfile optional
    • dnsServiceIP optional - string

      An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr.

    • dockerBridgeCidr optional - string

      A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP ranges or the Kubernetes service address range.

    • ipFamilies optional - array

      IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value is IPv4. For dual-stack, the expected values are IPv4 and IPv6.

    • loadBalancerProfile optional
      • allocatedOutboundPorts optional - integer

        The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 (inclusive). The default value is 0 which results in Azure dynamically allocating ports.

      • effectiveOutboundIPs optional array
        • id optional - string

          The fully qualified Azure resource id.

      • enableMultipleStandardLoadBalancers optional - boolean

        Enable multiple standard load balancers per AKS cluster or not.

      • idleTimeoutInMinutes optional - integer

        Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 30 minutes.

      • managedOutboundIPs optional
        • count optional - integer

          The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 1.

        • countIPv6 optional - integer

          The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack.

      • outboundIPPrefixes optional
        • publicIPPrefixes optional array
          • id optional - string

            The fully qualified Azure resource id.

      • outboundIPs optional
        • publicIPs optional array
          • id optional - string

            The fully qualified Azure resource id.

    • loadBalancerSku optional - string

      The default is 'standard'. See Azure Load Balancer SKUs for more information about the differences between load balancer SKUs.

    • natGatewayProfile optional
      • effectiveOutboundIPs optional array
        • id optional - string

          The fully qualified Azure resource id.

      • idleTimeoutInMinutes optional - integer

        Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 4 minutes.

      • managedOutboundIPProfile optional
        • count optional - integer

          The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 (inclusive). The default value is 1.

    • networkMode optional - string

      This cannot be specified if networkPlugin is anything other than 'azure'.

    • networkPlugin optional - string

      Network plugin used for building the Kubernetes network.

    • networkPolicy optional - string

      Network policy used for building the Kubernetes network.

    • outboundType optional - string

      This can only be set at cluster creation time and cannot be changed later. For more information see egress outbound type.

    • podCidr optional - string

      A CIDR notation IP range from which to assign pod IPs when kubenet is used.

    • podCidrs optional - array

      One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking.

    • serviceCidr optional - string

      A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges.

    • serviceCidrs optional - array

      One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. They must not overlap with any Subnet IP ranges.

  • nodeResourceGroup optional - string

    The name of the resource group containing agent pool nodes.

  • podIdentityProfile optional
    • allowNetworkPluginKubenet optional - boolean

      Running in Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. See using Kubenet network plugin with AAD Pod Identity for more information.

    • enabled optional - boolean

      Whether the pod identity addon is enabled.

    • userAssignedIdentities optional array
      • bindingSelector optional - string

        The binding selector to use for the AzureIdentityBinding resource.

      • identity required
        • clientId optional - string

          The client ID of the user assigned identity.

        • objectId optional - string

          The object ID of the user assigned identity.

        • resourceId optional - string

          The resource ID of the user assigned identity.

      • name required - string

        The name of the pod identity.

      • namespace required - string

        The namespace of the pod identity.

    • userAssignedIdentityExceptions optional array
      • name required - string

        The name of the pod identity exception.

      • namespace required - string

        The namespace of the pod identity exception.

      • podLabels required - string

        The pod labels to match.

  • privateLinkResources optional array
    • groupId optional - string

      The group ID of the resource.

    • id optional - string

      The ID of the private link resource.

    • name optional - string

      The name of the private link resource.

    • requiredMembers optional - array

      The RequiredMembers of the resource

    • type optional - string

      The resource type.

  • publicNetworkAccess optional - string

    Allow or deny public network access for AKS.

  • securityProfile optional
    • azureDefender optional
      • enabled optional - boolean

        Whether to enable Azure Defender

      • logAnalyticsWorkspaceResourceId optional - string

        Resource ID of the Log Analytics workspace to be associated with Azure Defender. When Azure Defender is enabled, this field is required and must be a valid workspace resource ID. When Azure Defender is disabled, leave the field empty.

  • servicePrincipalProfile optional
    • clientId required - string

      The ID for the service principal.

    • secret optional - string

      The secret password associated with the service principal in plain text.

  • windowsProfile optional
    • adminPassword optional - string

      Specifies the password of the administrator account. Minimum-length: 8 characters Max-length: 123 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!"

    • adminUsername required - string

      Specifies the name of the administrator account. Restriction: Cannot end in "." Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". Minimum-length: 1 character Max-length: 20 characters

    • enableCSIProxy optional - boolean

      For more details on CSI proxy, see the CSI proxy GitHub repo.

    • gmsaProfile optional
      • dnsServer optional - string

        Specifies the DNS server for Windows gMSA. Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster.

      • enabled optional - boolean

        Specifies whether to enable Windows gMSA in the managed cluster.

      • rootDomainName optional - string

        Specifies the root domain name for Windows gMSA. Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster.

    • licenseType optional - string

      The license type to use for Windows VMs. See Azure Hybrid User Benefits for more details.

• sku optional
  • name optional - string

    The name of a managed cluster SKU.

  • tier optional - string

    If not specified, the default is 'Free'. See uptime SLA for more details.

• tags optional - string

  Resource tags

• type required - string