Tworzy lub aktualizuje klaster zarządzany.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}?api-version=2025-10-01
Parametry URI
| Nazwa |
W |
Wymagane |
Typ |
Opis |
|
resourceGroupName
|
path |
True
|
string
minLength: 1
maxLength: 90
|
Nazwa grupy zasobów. Nazwa jest niewrażliwa na wielkość liter.
|
|
resourceName
|
path |
True
|
string
minLength: 1
maxLength: 63
pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$
|
Nazwa zasobu klastra zarządzanego.
|
|
subscriptionId
|
path |
True
|
string
(uuid)
|
Identyfikator subskrypcji docelowej. Wartość musi być identyfikatorem UUID.
|
|
api-version
|
query |
True
|
string
minLength: 1
|
Wersja interfejsu API do użycia dla tej operacji.
|
| Nazwa |
Wymagane |
Typ |
Opis |
|
If-Match
|
|
string
|
Żądanie powinno być kontynuowane tylko wtedy, gdy jednostka pasuje do tego ciągu.
|
|
If-None-Match
|
|
string
|
Żądanie powinno być kontynuowane tylko wtedy, gdy żadna jednostka nie pasuje do tego ciągu.
|
Ciało żądania
| Nazwa |
Wymagane |
Typ |
Opis |
|
location
|
True
|
string
|
Lokalizacja geograficzna, w której znajduje się zasób
|
|
extendedLocation
|
|
ExtendedLocation
|
Rozszerzona lokalizacja maszyny wirtualnej.
|
|
identity
|
|
ManagedClusterIdentity
|
Tożsamość klastra zarządzanego, jeśli jest skonfigurowana.
|
|
kind
|
|
string
|
Jest to używane głównie do uwidaczniania różnych środowisk interfejsu użytkownika w portalu dla różnych rodzajów
|
|
properties.aadProfile
|
|
ManagedClusterAADProfile
|
Konfiguracja usługi Azure Active Directory.
|
|
properties.addonProfiles
|
|
<string,
ManagedClusterAddonProfile>
|
Profil dodatku klastra zarządzanego.
|
|
properties.agentPoolProfiles
|
|
ManagedClusterAgentPoolProfile[]
|
Właściwości puli agentów.
|
|
properties.aiToolchainOperatorProfile
|
|
ManagedClusterAIToolchainOperatorProfile
|
Ustawienia operatora łańcucha narzędzi sztucznej inteligencji, które mają zastosowanie do całego klastra.
|
|
properties.apiServerAccessProfile
|
|
ManagedClusterAPIServerAccessProfile
|
Profil dostępu dla serwera interfejsu API klastra zarządzanego.
|
|
properties.autoScalerProfile
|
|
AutoScalerProfile
|
Parametry, które mają być stosowane do skalowania automatycznego klastra po włączeniu
|
|
properties.autoUpgradeProfile
|
|
ManagedClusterAutoUpgradeProfile
|
Konfiguracja automatycznego uaktualniania.
|
|
properties.azureMonitorProfile
|
|
ManagedClusterAzureMonitorProfile
|
Profile dodatków usługi Azure Monitor do monitorowania klastra zarządzanego.
|
|
properties.bootstrapProfile
|
|
ManagedClusterBootstrapProfile
|
Profil konfiguracji uruchamiania klastra.
|
|
properties.disableLocalAccounts
|
|
boolean
|
Jeśli konta lokalne powinny być wyłączone w klastrze zarządzanym. Jeśli ustawiono wartość true, pobieranie poświadczeń statycznych zostanie wyłączone dla tego klastra. Należy go używać tylko w klastrach zarządzanych z włączoną usługą AAD. Aby uzyskać więcej informacji, zobacz wyłączanie kont lokalnych.
|
|
properties.diskEncryptionSetID
|
|
string
(arm-id)
|
Identyfikator zasobu szyfrowania dysku ustawiony na potrzeby włączania szyfrowania magazynowanych. Jest to forma: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}"
|
|
properties.dnsPrefix
|
|
string
|
Prefiks DNS klastra zarządzanego. Nie można go zaktualizować po utworzeniu klastra zarządzanego.
|
|
properties.enableRBAC
|
|
boolean
|
Czy włączyć platformę Kubernetes Role-Based kontrola dostępu.
|
|
properties.fqdnSubdomain
|
|
string
|
Poddomena nazwy FQDN klastra prywatnego z niestandardową prywatną strefą DNS. Nie można go zaktualizować po utworzeniu klastra zarządzanego.
|
|
properties.httpProxyConfig
|
|
ManagedClusterHTTPProxyConfig
|
Konfiguracje aprowizowania klastra za pomocą serwerów proxy HTTP.
|
|
properties.identityProfile
|
|
<string,
UserAssignedIdentity>
|
Tożsamość użytkownika skojarzona z klastrem zarządzanym. Ta tożsamość będzie używana przez narzędzie kubelet. Dozwolona jest tylko jedna tożsamość przypisana przez użytkownika. Jedynym akceptowanym kluczem jest "kubeletidentity", z wartością "resourceId": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}".
|
|
properties.ingressProfile
|
|
ManagedClusterIngressProfile
|
Profil ruchu przychodzącego dla klastra zarządzanego.
|
|
properties.kubernetesVersion
|
|
string
|
Wersja platformy Kubernetes określona przez użytkownika. Obsługiwane są obie wersje poprawek <major.minor.patch> (np. 1.20.13) i <major.minor> (np. 1.20). Po określeniu <główna.pomocnicza> jest wybierana automatycznie najnowsza obsługiwana wersja poprawki ogólnie dostępnej. Aktualizowanie klastra przy użyciu tego samego <major.minor> po jego utworzeniu (np. 1.14.x —> 1.14) nie wyzwoli uaktualnienia, nawet jeśli jest dostępna nowsza wersja poprawki. Podczas uaktualniania obsługiwanego klastra usługi AKS nie można pominąć wersji pomocniczych platformy Kubernetes. Wszystkie uaktualnienia muszą być wykonywane sekwencyjnie według numeru wersji głównej. Na przykład uaktualnienia z zakresu 1.14.x —> 1.15.x lub 1.15.x —> 1.16.x są dozwolone, jednak wersja 1.14.x —> 1.16.x jest niedozwolona. Aby uzyskać więcej informacji, zobacz uaktualniania klastra usługi AKS.
|
|
properties.linuxProfile
|
|
ContainerServiceLinuxProfile
|
Profil maszyn wirtualnych z systemem Linux w klastrze zarządzanym.
|
|
properties.metricsProfile
|
|
ManagedClusterMetricsProfile
|
Opcjonalna konfiguracja metryk klastra.
|
|
properties.networkProfile
|
|
ContainerServiceNetworkProfile
|
Profil konfiguracji sieci.
|
|
properties.nodeProvisioningProfile
|
|
ManagedClusterNodeProvisioningProfile
|
Ustawienia aprowizacji węzła, które mają zastosowanie do całego klastra.
|
|
properties.nodeResourceGroup
|
|
string
|
Nazwa grupy zasobów zawierającej węzły puli agentów.
|
|
properties.nodeResourceGroupProfile
|
|
ManagedClusterNodeResourceGroupProfile
|
Profil konfiguracji grupy zasobów węzła.
|
|
properties.oidcIssuerProfile
|
|
ManagedClusterOIDCIssuerProfile
|
Profil wystawcy OIDC klastra zarządzanego.
|
|
properties.podIdentityProfile
|
|
ManagedClusterPodIdentityProfile
|
Profil tożsamości zasobnika klastra zarządzanego. Aby uzyskać więcej informacji na temat integracji tożsamości zasobnika usługi AAD, zobacz korzystanie z tożsamości zasobnika usługi AAD.
|
|
properties.privateLinkResources
|
|
PrivateLinkResource[]
|
Zasoby łącza prywatnego skojarzone z klastrem.
|
|
properties.publicNetworkAccess
|
|
PublicNetworkAccess
|
PublicNetworkAccess klastra zarządzanego. Zezwalanie na dostęp do sieci publicznej dla usługi AKS lub odmawianie dostępu do sieci publicznej
|
|
properties.securityProfile
|
|
ManagedClusterSecurityProfile
|
Profil zabezpieczeń klastra zarządzanego.
|
|
properties.serviceMeshProfile
|
|
ServiceMeshProfile
|
Profil usługi Service Mesh dla klastra zarządzanego.
|
|
properties.servicePrincipalProfile
|
|
ManagedClusterServicePrincipalProfile
|
Informacje o tożsamości jednostki usługi dla klastra do użycia do manipulowania interfejsami API platformy Azure.
|
|
properties.status
|
|
ManagedClusterStatus
|
Zawiera informacje tylko do odczytu dotyczące klastra zarządzanego.
|
|
properties.storageProfile
|
|
ManagedClusterStorageProfile
|
Profil magazynu dla klastra zarządzanego.
|
|
properties.supportPlan
|
|
KubernetesSupportPlan
|
Plan pomocy technicznej dla klastra zarządzanego. Jeśli nie określono, wartość domyślna to "KubernetesOfficial".
|
|
properties.upgradeSettings
|
|
ClusterUpgradeSettings
|
Ustawienia uaktualniania klastra.
|
|
properties.windowsProfile
|
|
ManagedClusterWindowsProfile
|
Profil maszyn wirtualnych z systemem Windows w klastrze zarządzanym.
|
|
properties.workloadAutoScalerProfile
|
|
ManagedClusterWorkloadAutoScalerProfile
|
Profil automatycznego skalowania obciążenia dla klastra zarządzanego.
|
|
sku
|
|
ManagedClusterSKU
|
Jednostka SKU klastra zarządzanego.
|
|
tags
|
|
object
|
Tagi zasobów.
|
Odpowiedzi
| Nazwa |
Typ |
Opis |
|
200 OK
|
ManagedCluster
|
Istniejący klaster zarządzany został pomyślnie zaktualizowany.
|
|
201 Created
|
ManagedCluster
|
Nowy klaster zarządzany został pomyślnie utworzony.
|
|
Other Status Codes
|
ErrorResponse
|
Odpowiedź na błąd opisująca, dlaczego operacja nie powiodła się.
|
Zabezpieczenia
azure_auth
Przepływ protokołu OAuth2 usługi Azure Active Directory
Typ:
oauth2
Flow:
implicit
URL autoryzacji:
https://login.microsoftonline.com/common/oauth2/authorize
Zakresów
| Nazwa |
Opis |
|
user_impersonation
|
Podszywać się pod Twoje konto użytkownika
|
Przykłady
Create Managed Cluster using an agent pool snapshot
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableFIPS": true,
"creationData": {
"sourceResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"
}
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.CreationData;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_Snapshot.json
*/
/**
* Sample code: Create Managed Cluster using an agent pool snapshot.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterUsingAnAgentPoolSnapshot(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableFips(true)
.withCreationData(new CreationData().withSourceResourceId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"))
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_snapshot.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"creationData": {
"sourceResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"
},
"enableFIPS": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Snapshot.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Snapshot.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterUsingAnAgentPoolSnapshot() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
CreationData: &armcontainerservice.CreationData{
SourceResourceID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"),
},
EnableFIPS: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CreationData: &armcontainerservice.CreationData{
// SourceResourceID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"),
// },
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableFIPS: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Snapshot.json
*/
async function createManagedClusterUsingAnAgentPoolSnapshot() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
creationData: {
sourceResourceId:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1",
},
enableFips: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Snapshot.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableFips = true,
CreationDataSourceResourceId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"),
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"enableFIPS": true,
"creationData": {
"sourceResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"
}
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableFIPS": true,
"creationData": {
"sourceResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"
}
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Cluster with AKS-managed NAT gateway as outbound type
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": false,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "managedNATGateway",
"natGatewayProfile": {
"managedOutboundIPProfile": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterManagedOutboundIpProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterNatGatewayProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_ManagedNATGateway.json
*/
/**
* Sample code: Create Managed Cluster with AKS-managed NAT gateway as outbound type.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithAKSManagedNATGatewayAsOutboundType(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(false).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile()
.withOutboundType(OutboundType.MANAGED_NATGATEWAY).withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withNatGatewayProfile(new ManagedClusterNatGatewayProfile()
.withManagedOutboundIpProfile(new ManagedClusterManagedOutboundIpProfile().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_managed_nat_gateway.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": False,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerSku": "standard",
"natGatewayProfile": {"managedOutboundIPProfile": {"count": 2}},
"outboundType": "managedNATGateway",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_ManagedNATGateway.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_ManagedNATGateway.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithAksManagedNatGatewayAsOutboundType() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(false),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
NatGatewayProfile: &armcontainerservice.ManagedClusterNATGatewayProfile{
ManagedOutboundIPProfile: &armcontainerservice.ManagedClusterManagedOutboundIPProfile{
Count: to.Ptr[int32](2),
},
},
OutboundType: to.Ptr(armcontainerservice.OutboundTypeManagedNATGateway),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(false),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NatGatewayProfile: &armcontainerservice.ManagedClusterNATGatewayProfile{
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](4),
// ManagedOutboundIPProfile: &armcontainerservice.ManagedClusterManagedOutboundIPProfile{
// Count: to.Ptr[int32](2),
// },
// },
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeManagedNATGateway),
// PodCidr: to.Ptr("10.244.0.0/16"),
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_ManagedNATGateway.json
*/
async function createManagedClusterWithAksManagedNatGatewayAsOutboundType() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: false,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerSku: "standard",
natGatewayProfile: { managedOutboundIPProfile: { count: 2 } },
outboundType: "managedNATGateway",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_ManagedNATGateway.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = false,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.ManagedNatGateway,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
NatGatewayProfile = new ManagedClusterNatGatewayProfile
{
ManagedOutboundIPCount = 2,
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": false,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "managedNATGateway",
"natGatewayProfile": {
"idleTimeoutInMinutes": 4,
"managedOutboundIPProfile": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": false,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "managedNATGateway",
"natGatewayProfile": {
"idleTimeoutInMinutes": 4,
"managedOutboundIPProfile": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Cluster with Azure KeyVault Secrets Provider Addon
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"enabled": true,
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
}
}
},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAddonProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_AzureKeyvaultSecretsProvider.json
*/
/**
* Sample code: Create Managed Cluster with Azure KeyVault Secrets Provider Addon.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithAzureKeyVaultSecretsProviderAddon(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile().withClientId("clientid")
.withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf("azureKeyvaultSecretsProvider",
new ManagedClusterAddonProfile().withEnabled(true).withConfig(
mapOf("enableSecretRotation", "fakeTokenPlaceholder", "rotationPollInterval", "2m"))))
.withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_azure_keyvault_secrets_provider.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"config": {"enableSecretRotation": "true", "rotationPollInterval": "2m"},
"enabled": True,
}
},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureKeyvaultSecretsProvider.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureKeyvaultSecretsProvider.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithAzureKeyVaultSecretsProviderAddon() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{
"azureKeyvaultSecretsProvider": {
Config: map[string]*string{
"enableSecretRotation": to.Ptr("true"),
"rotationPollInterval": to.Ptr("2m"),
},
Enabled: to.Ptr(true),
},
},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{
// "azureKeyvaultSecretsProvider": &armcontainerservice.ManagedClusterAddonProfile{
// Config: map[string]*string{
// "enableSecretRotation": to.Ptr("true"),
// "rotationPollInterval": to.Ptr("2m"),
// },
// Enabled: to.Ptr(true),
// },
// },
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureKeyvaultSecretsProvider.json
*/
async function createManagedClusterWithAzureKeyVaultSecretsProviderAddon() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {
azureKeyvaultSecretsProvider: {
config: { enableSecretRotation: "true", rotationPollInterval: "2m" },
enabled: true,
},
},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureKeyvaultSecretsProvider.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles =
{
["azureKeyvaultSecretsProvider"] = new ManagedClusterAddonProfile(true)
{
Config =
{
["enableSecretRotation"] = "true",
["rotationPollInterval"] = "2m"
},
}
},
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"enabled": true,
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
}
}
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"enabled": true,
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
}
}
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Cluster with Capacity Reservation Group
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"capacityReservationGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_CRG.json
*/
/**
* Sample code: Create Managed Cluster with Capacity Reservation Group.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithCapacityReservationGroup(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true)
.withCapacityReservationGroupId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1")
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_crg.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"capacityReservationGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1",
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CRG.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CRG.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithCapacityReservationGroup() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
CapacityReservationGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1"),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// CapacityReservationGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1"),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CRG.json
*/
async function createManagedClusterWithCapacityReservationGroup() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
capacityReservationGroupID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CRG.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
CapacityReservationGroupId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1"),
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"capacityReservationGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"capacityReservationGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Cluster with Custom CA Trust Certificates
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"securityProfile": {
"customCATrustCertificates": [
"ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ="
]
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_CustomCATrustCertificates.json
*/
/**
* Sample code: Create Managed Cluster with Custom CA Trust Certificates.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithCustomCATrustCertificates(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
.withSecurityProfile(new ManagedClusterSecurityProfile().withCustomCATrustCertificates(
Arrays.asList("ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ=".getBytes()))),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_custom_ca_trust_certificates.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"securityProfile": {
"customCATrustCertificates": ["ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ="]
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CustomCATrustCertificates.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CustomCATrustCertificates.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithCustomCaTrustCertificates() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
SecurityProfile: &armcontainerservice.ManagedClusterSecurityProfile{
CustomCATrustCertificates: [][]byte{
[]byte("ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ=")},
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// SecurityProfile: &armcontainerservice.ManagedClusterSecurityProfile{
// CustomCATrustCertificates: [][]byte{
// []byte("ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ=")},
// },
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CustomCATrustCertificates.json
*/
async function createManagedClusterWithCustomCaTrustCertificates() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
securityProfile: {
customCATrustCertificates: [
Buffer.from("ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ="),
],
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CustomCATrustCertificates.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
SecurityProfile = new ManagedClusterSecurityProfile
{
CustomCATrustCertificates = { Encoding.UTF8.GetBytes("ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ=") },
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"securityProfile": {
"customCATrustCertificates": [
"ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ="
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"securityProfile": {
"customCATrustCertificates": [
"ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ="
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Cluster with Dedicated Host Group
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"hostGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_DedicatedHostGroup.json
*/
/**
* Sample code: Create Managed Cluster with Dedicated Host Group.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithDedicatedHostGroup(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withEnableNodePublicIp(true)
.withHostGroupId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1")
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_dedicated_host_group.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"hostGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DedicatedHostGroup.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DedicatedHostGroup.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithDedicatedHostGroup() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
HostGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1"),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// EnableNodePublicIP: to.Ptr(true),
// HostGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1"),
// MaxPods: to.Ptr[int32](110),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DedicatedHostGroup.json
*/
async function createManagedClusterWithDedicatedHostGroup() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
hostGroupID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DedicatedHostGroup.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
EnableNodePublicIP = true,
HostGroupId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1"),
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"hostGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"hostGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Cluster with EncryptionAtHost enabled
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_EnableEncryptionAtHost.json
*/
/**
* Sample code: Create Managed Cluster with EncryptionAtHost enabled.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithEncryptionAtHostEnabled(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableEncryptionAtHost(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_enable_encryption_at_host.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableEncryptionAtHost": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableEncryptionAtHost.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableEncryptionAtHost.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithEncryptionAtHostEnabled() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableEncryptionAtHost: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableEncryptionAtHost.json
*/
async function createManagedClusterWithEncryptionAtHostEnabled() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableEncryptionAtHost: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableEncryptionAtHost.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableEncryptionAtHost = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Cluster with FIPS enabled OS
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableFIPS": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_EnabledFIPS.json
*/
/**
* Sample code: Create Managed Cluster with FIPS enabled OS.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithFIPSEnabledOS(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableFips(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_enabled_fips.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableFIPS": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnabledFIPS.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnabledFIPS.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithFipsEnabledOs() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableFIPS: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableFIPS: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnabledFIPS.json
*/
async function createManagedClusterWithFipsEnabledOS() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableFips: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnabledFIPS.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableFips = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"enableFIPS": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableFIPS": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Cluster with GPUMIG
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_ND96asr_v4",
"osType": "Linux",
"gpuInstanceProfile": "MIG3g",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
}
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.GpuInstanceProfile;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterHttpProxyConfig;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_GPUMIG.json
*/
/**
* Sample code: Create Managed Cluster with GPUMIG.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithGPUMIG(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_ND96asr_v4")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true)
.withGpuInstanceProfile(GpuInstanceProfile.MIG3G).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
.withHttpProxyConfig(new ManagedClusterHttpProxyConfig().withHttpProxy("http://myproxy.server.com:8080")
.withHttpsProxy("https://myproxy.server.com:8080")
.withNoProxy(Arrays.asList("localhost", "127.0.0.1"))
.withTrustedCa("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=")),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_gpumig.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"gpuInstanceProfile": "MIG3g",
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_ND96asr_v4",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": ["localhost", "127.0.0.1"],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_GPUMIG.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_GPUMIG.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithGpumig() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
GpuInstanceProfile: to.Ptr(armcontainerservice.GPUInstanceProfileMIG3G),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_ND96asr_v4"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
NoProxy: []*string{
to.Ptr("localhost"),
to.Ptr("127.0.0.1")},
TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
},
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// GpuInstanceProfile: to.Ptr(armcontainerservice.GPUInstanceProfileMIG3G),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_ND96asr_v4"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
// HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
// HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
// NoProxy: []*string{
// to.Ptr("localhost"),
// to.Ptr("127.0.0.1")},
// TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
// },
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_GPUMIG.json
*/
async function createManagedClusterWithGpumig() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
gpuInstanceProfile: "MIG3g",
mode: "System",
osType: "Linux",
vmSize: "Standard_ND96asr_v4",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
httpProxyConfig: {
httpProxy: "http://myproxy.server.com:8080",
httpsProxy: "https://myproxy.server.com:8080",
noProxy: ["localhost", "127.0.0.1"],
trustedCa: "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_GPUMIG.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_ND96asr_v4",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
GpuInstanceProfile = GpuInstanceProfile.Mig3G,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
HttpProxyConfig = new ManagedClusterHttpProxyConfig
{
HttpProxy = "http://myproxy.server.com:8080",
HttpsProxy = "https://myproxy.server.com:8080",
NoProxy = { "localhost", "127.0.0.1" },
TrustedCA = "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_ND96asr_v4",
"maxPods": 110,
"osType": "Linux",
"gpuInstanceProfile": "MIG3g",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_ND96asr_v4",
"maxPods": 110,
"osType": "Linux",
"gpuInstanceProfile": "MIG3g",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
}
}
}
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
}
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterHttpProxyConfig;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_HTTPProxy.json
*/
/**
* Sample code: Create Managed Cluster with HTTP proxy configured.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithHTTPProxyConfigured(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
.withHttpProxyConfig(new ManagedClusterHttpProxyConfig().withHttpProxy("http://myproxy.server.com:8080")
.withHttpsProxy("https://myproxy.server.com:8080")
.withNoProxy(Arrays.asList("localhost", "127.0.0.1"))
.withTrustedCa("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=")),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_httpproxy.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": ["localhost", "127.0.0.1"],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_HTTPProxy.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_HTTPProxy.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithHttpProxyConfigured() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
NoProxy: []*string{
to.Ptr("localhost"),
to.Ptr("127.0.0.1")},
TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
},
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
// HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
// HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
// NoProxy: []*string{
// to.Ptr("localhost"),
// to.Ptr("127.0.0.1")},
// TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
// },
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_HTTPProxy.json
*/
async function createManagedClusterWithHttpProxyConfigured() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
httpProxyConfig: {
httpProxy: "http://myproxy.server.com:8080",
httpsProxy: "https://myproxy.server.com:8080",
noProxy: ["localhost", "127.0.0.1"],
trustedCa: "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_HTTPProxy.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
HttpProxyConfig = new ManagedClusterHttpProxyConfig
{
HttpProxy = "http://myproxy.server.com:8080",
HttpsProxy = "https://myproxy.server.com:8080",
NoProxy = { "localhost", "127.0.0.1" },
TrustedCA = "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
}
}
}
Create Managed Cluster with LongTermSupport
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Base",
"tier": "Premium"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"apiServerAccessProfile": {
"disableRunCommand": true
},
"addonProfiles": {},
"enableRBAC": true,
"supportPlan": "AKSLongTermSupport"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.KubernetesSupportPlan;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterApiServerAccessProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_Premium.json
*/
/**
* Sample code: Create Managed Cluster with LongTermSupport.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithLongTermSupport(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.BASE).withTier(ManagedClusterSkuTier.PREMIUM))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableEncryptionAtHost(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile().withClientId("clientid")
.withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withSupportPlan(KubernetesSupportPlan.AKSLONG_TERM_SUPPORT)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withApiServerAccessProfile(new ManagedClusterApiServerAccessProfile().withDisableRunCommand(true)),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_premium.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableEncryptionAtHost": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"apiServerAccessProfile": {"disableRunCommand": True},
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"supportPlan": "AKSLongTermSupport",
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Base", "tier": "Premium"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Premium.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Premium.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithLongTermSupport() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableEncryptionAtHost: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
DisableRunCommand: to.Ptr(true),
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
SupportPlan: to.Ptr(armcontainerservice.KubernetesSupportPlanAKSLongTermSupport),
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUNameBase),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierPremium),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
// DisableRunCommand: to.Ptr(true),
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-ee788a1f.hcp.location1.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// PrivateFQDN: to.Ptr("dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// SupportPlan: to.Ptr(armcontainerservice.KubernetesSupportPlanAKSLongTermSupport),
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// SKU: &armcontainerservice.ManagedClusterSKU{
// Name: to.Ptr(armcontainerservice.ManagedClusterSKUNameBase),
// Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierPremium),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Premium.json
*/
async function createManagedClusterWithLongTermSupport() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableEncryptionAtHost: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
apiServerAccessProfile: { disableRunCommand: true },
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Base", tier: "Premium" },
supportPlan: "AKSLongTermSupport",
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Premium.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = ManagedClusterSkuName.Base,
Tier = ManagedClusterSkuTier.Premium,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableEncryptionAtHost = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
SupportPlan = KubernetesSupportPlan.AKSLongTermSupport,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
ApiServerAccessProfile = new ManagedClusterApiServerAccessProfile
{
DisableRunCommand = true,
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"sku": {
"name": "Base",
"tier": "Premium"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"apiServerAccessProfile": {
"disableRunCommand": true
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"supportPlan": "AKSLongTermSupport"
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"sku": {
"name": "Base",
"tier": "Premium"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"apiServerAccessProfile": {
"disableRunCommand": true
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"supportPlan": "AKSLongTermSupport"
}
}
Create Managed Cluster with Node Public IP Prefix
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodePublicIPPrefixID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_NodePublicIPPrefix.json
*/
/**
* Sample code: Create Managed Cluster with Node Public IP Prefix.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithNodePublicIPPrefix(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true)
.withNodePublicIpPrefixId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix")
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_node_public_ip_prefix.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"nodePublicIPPrefixID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_NodePublicIPPrefix.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_NodePublicIPPrefix.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithNodePublicIpPrefix() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
NodePublicIPPrefixID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// NodePublicIPPrefixID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_NodePublicIPPrefix.json
*/
async function createManagedClusterWithNodePublicIPPrefix() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
nodePublicIPPrefixID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_NodePublicIPPrefix.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
NodePublicIPPrefixId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"),
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"nodePublicIPPrefixID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodePublicIPPrefixID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Cluster with OSSKU
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"osSKU": "AzureLinux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
}
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterHttpProxyConfig;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSSku;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_OSSKU.json
*/
/**
* Sample code: Create Managed Cluster with OSSKU.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithOSSKU(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX).withOsSku(OSSku.AZURE_LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
.withHttpProxyConfig(new ManagedClusterHttpProxyConfig().withHttpProxy("http://myproxy.server.com:8080")
.withHttpsProxy("https://myproxy.server.com:8080")
.withNoProxy(Arrays.asList("localhost", "127.0.0.1"))
.withTrustedCa("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=")),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_ossku.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osSKU": "AzureLinux",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": ["localhost", "127.0.0.1"],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_OSSKU.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_OSSKU.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithOssku() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSSKU: to.Ptr(armcontainerservice.OSSKUAzureLinux),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
NoProxy: []*string{
to.Ptr("localhost"),
to.Ptr("127.0.0.1")},
TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
},
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSSKU: to.Ptr(armcontainerservice.OSSKUAzureLinux),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
// HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
// HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
// NoProxy: []*string{
// to.Ptr("localhost"),
// to.Ptr("127.0.0.1")},
// TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
// },
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_OSSKU.json
*/
async function createManagedClusterWithOssku() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osSKU: "AzureLinux",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
httpProxyConfig: {
httpProxy: "http://myproxy.server.com:8080",
httpsProxy: "https://myproxy.server.com:8080",
noProxy: ["localhost", "127.0.0.1"],
trustedCa: "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_OSSKU.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
OSSku = ContainerServiceOSSku.AzureLinux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
HttpProxyConfig = new ManagedClusterHttpProxyConfig
{
HttpProxy = "http://myproxy.server.com:8080",
HttpsProxy = "https://myproxy.server.com:8080",
NoProxy = { "localhost", "127.0.0.1" },
TrustedCA = "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"osSKU": "AzureLinux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"osSKU": "AzureLinux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
}
}
}
Create Managed Cluster with PodIdentity enabled
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"podIdentityProfile": {
"enabled": true,
"allowNetworkPluginKubenet": true
}
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPodIdentityProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_PodIdentity.json
*/
/**
* Sample code: Create Managed Cluster with PodIdentity enabled.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithPodIdentityEnabled(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile().withClientId("clientid")
.withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf())
.withPodIdentityProfile(
new ManagedClusterPodIdentityProfile().withEnabled(true).withAllowNetworkPluginKubenet(true))
.withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_pod_identity.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"podIdentityProfile": {"allowNetworkPluginKubenet": True, "enabled": True},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PodIdentity.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PodIdentity.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithPodIdentityEnabled() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
PodIdentityProfile: &armcontainerservice.ManagedClusterPodIdentityProfile{
AllowNetworkPluginKubenet: to.Ptr(true),
Enabled: to.Ptr(true),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// PodIdentityProfile: &armcontainerservice.ManagedClusterPodIdentityProfile{
// AllowNetworkPluginKubenet: to.Ptr(true),
// Enabled: to.Ptr(true),
// },
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PodIdentity.json
*/
async function createManagedClusterWithPodIdentityEnabled() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
podIdentityProfile: { allowNetworkPluginKubenet: true, enabled: true },
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PodIdentity.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
PodIdentityProfile = new ManagedClusterPodIdentityProfile
{
IsEnabled = true,
AllowNetworkPluginKubenet = true,
},
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"podIdentityProfile": {
"enabled": true,
"allowNetworkPluginKubenet": true
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"podIdentityProfile": {
"enabled": true,
"allowNetworkPluginKubenet": true
}
}
}
Create Managed Cluster with PPG
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"proximityPlacementGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_PPG.json
*/
/**
* Sample code: Create Managed Cluster with PPG.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithPPG(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true)
.withProximityPlacementGroupId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1")
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_ppg.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"proximityPlacementGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PPG.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PPG.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithPpg() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
ProximityPlacementGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1"),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// ProximityPlacementGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PPG.json
*/
async function createManagedClusterWithPpg() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
proximityPlacementGroupID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PPG.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
ProximityPlacementGroupId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1"),
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"proximityPlacementGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"proximityPlacementGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Cluster with RunCommand disabled
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"apiServerAccessProfile": {
"disableRunCommand": true
},
"addonProfiles": {},
"enableRBAC": true
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterApiServerAccessProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_DisableRunCommand.json
*/
/**
* Sample code: Create Managed Cluster with RunCommand disabled.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithRunCommandDisabled(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableEncryptionAtHost(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withApiServerAccessProfile(new ManagedClusterApiServerAccessProfile().withDisableRunCommand(true)),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_disable_run_command.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableEncryptionAtHost": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"apiServerAccessProfile": {"disableRunCommand": True},
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DisableRunCommand.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DisableRunCommand.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithRunCommandDisabled() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableEncryptionAtHost: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
DisableRunCommand: to.Ptr(true),
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
// DisableRunCommand: to.Ptr(true),
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-ee788a1f.hcp.location1.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// PrivateFQDN: to.Ptr("dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// SupportPlan: to.Ptr(armcontainerservice.KubernetesSupportPlanKubernetesOfficial),
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DisableRunCommand.json
*/
async function createManagedClusterWithRunCommandDisabled() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableEncryptionAtHost: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
apiServerAccessProfile: { disableRunCommand: true },
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DisableRunCommand.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableEncryptionAtHost = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
ApiServerAccessProfile = new ManagedClusterApiServerAccessProfile
{
DisableRunCommand = true,
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"apiServerAccessProfile": {
"disableRunCommand": true
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"supportPlan": "KubernetesOfficial"
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"apiServerAccessProfile": {
"disableRunCommand": true
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"supportPlan": "KubernetesOfficial"
}
}
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"securityProfile": {
"defender": {
"logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
"securityMonitoring": {
"enabled": true
}
},
"workloadIdentity": {
"enabled": true
}
}
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfileDefender;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfileDefenderSecurityMonitoring;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfileWorkloadIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_SecurityProfile.json
*/
/**
* Sample code: Create Managed Cluster with Security Profile configured.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithSecurityProfileConfigured(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withSecurityProfile(new ManagedClusterSecurityProfile()
.withDefender(new ManagedClusterSecurityProfileDefender().withLogAnalyticsWorkspaceResourceId(
"/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME")
.withSecurityMonitoring(
new ManagedClusterSecurityProfileDefenderSecurityMonitoring().withEnabled(true)))
.withWorkloadIdentity(new ManagedClusterSecurityProfileWorkloadIdentity().withEnabled(true))),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_security_profile.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"dnsPrefix": "dnsprefix1",
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"securityProfile": {
"defender": {
"logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
"securityMonitoring": {"enabled": True},
},
"workloadIdentity": {"enabled": True},
},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_SecurityProfile.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_SecurityProfile.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithSecurityProfileConfigured() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
DNSPrefix: to.Ptr("dnsprefix1"),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
SecurityProfile: &armcontainerservice.ManagedClusterSecurityProfile{
Defender: &armcontainerservice.ManagedClusterSecurityProfileDefender{
LogAnalyticsWorkspaceResourceID: to.Ptr("/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME"),
SecurityMonitoring: &armcontainerservice.ManagedClusterSecurityProfileDefenderSecurityMonitoring{
Enabled: to.Ptr(true),
},
},
WorkloadIdentity: &armcontainerservice.ManagedClusterSecurityProfileWorkloadIdentity{
Enabled: to.Ptr(true),
},
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// SecurityProfile: &armcontainerservice.ManagedClusterSecurityProfile{
// Defender: &armcontainerservice.ManagedClusterSecurityProfileDefender{
// LogAnalyticsWorkspaceResourceID: to.Ptr("/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME"),
// SecurityMonitoring: &armcontainerservice.ManagedClusterSecurityProfileDefenderSecurityMonitoring{
// Enabled: to.Ptr(true),
// },
// },
// WorkloadIdentity: &armcontainerservice.ManagedClusterSecurityProfileWorkloadIdentity{
// Enabled: to.Ptr(true),
// },
// },
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_SecurityProfile.json
*/
async function createManagedClusterWithSecurityProfileConfigured() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
dnsPrefix: "dnsprefix1",
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
securityProfile: {
defender: {
logAnalyticsWorkspaceResourceId:
"/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
securityMonitoring: { enabled: true },
},
workloadIdentity: { enabled: true },
},
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_SecurityProfile.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
SecurityProfile = new ManagedClusterSecurityProfile
{
Defender = new ManagedClusterSecurityProfileDefender
{
LogAnalyticsWorkspaceResourceId = new ResourceIdentifier("/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME"),
IsSecurityMonitoringEnabled = true,
},
IsWorkloadIdentityEnabled = true,
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"securityProfile": {
"defender": {
"logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
"securityMonitoring": {
"enabled": true
}
},
"workloadIdentity": {
"enabled": true
}
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"securityProfile": {
"defender": {
"logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
"securityMonitoring": {
"enabled": true
}
},
"workloadIdentity": {
"enabled": true
}
}
}
}
Create Managed Cluster with UltraSSD enabled
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableUltraSSD": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_EnableUltraSSD.json
*/
/**
* Sample code: Create Managed Cluster with UltraSSD enabled.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithUltraSSDEnabled(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableUltraSsd(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_enable_ultra_ssd.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"enableUltraSSD": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableUltraSSD.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableUltraSSD.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithUltraSsdEnabled() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
EnableUltraSSD: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// EnableUltraSSD: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableUltraSSD.json
*/
async function createManagedClusterWithUltraSsdEnabled() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
enableUltraSSD: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableUltraSSD.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableUltraSsd = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"enableUltraSSD": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableUltraSSD": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Cluster with user-assigned NAT gateway as outbound type
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": false,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "userAssignedNATGateway"
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_UserAssignedNATGateway.json
*/
/**
* Sample code: Create Managed Cluster with user-assigned NAT gateway as outbound type.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithUserAssignedNATGatewayAsOutboundType(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(false).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(
new ContainerServiceNetworkProfile().withOutboundType(OutboundType.USER_ASSIGNED_NATGATEWAY)
.withLoadBalancerSku(LoadBalancerSku.STANDARD))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_user_assigned_nat_gateway.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": False,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {"loadBalancerSku": "standard", "outboundType": "userAssignedNATGateway"},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UserAssignedNATGateway.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UserAssignedNATGateway.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithUserAssignedNatGatewayAsOutboundType() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(false),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeUserAssignedNATGateway),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(false),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeUserAssignedNATGateway),
// PodCidr: to.Ptr("10.244.0.0/16"),
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UserAssignedNATGateway.json
*/
async function createManagedClusterWithUserAssignedNatGatewayAsOutboundType() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: false,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerSku: "standard",
outboundType: "userAssignedNATGateway",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UserAssignedNATGateway.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = false,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.UserAssignedNatGateway,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": false,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "userAssignedNATGateway"
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": false,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "userAssignedNATGateway"
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"ingressProfile": {
"webAppRouting": {
"enabled": true,
"dnsZoneResourceIds": [
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME"
]
}
}
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIngressProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIngressProfileWebAppRouting;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_IngressProfile_WebAppRouting.json
*/
/**
* Sample code: Create Managed Cluster with Web App Routing Ingress Profile configured.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithWebAppRoutingIngressProfileConfigured(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withIngressProfile(new ManagedClusterIngressProfile()
.withWebAppRouting(new ManagedClusterIngressProfileWebAppRouting().withEnabled(true)
.withDnsZoneResourceIds(Arrays.asList(
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME")))),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_ingress_profile_web_app_routing.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"dnsPrefix": "dnsprefix1",
"ingressProfile": {
"webAppRouting": {
"dnsZoneResourceIds": [
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME"
],
"enabled": True,
}
},
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_IngressProfile_WebAppRouting.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_IngressProfile_WebAppRouting.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithWebAppRoutingIngressProfileConfigured() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
DNSPrefix: to.Ptr("dnsprefix1"),
IngressProfile: &armcontainerservice.ManagedClusterIngressProfile{
WebAppRouting: &armcontainerservice.ManagedClusterIngressProfileWebAppRouting{
DNSZoneResourceIDs: []*string{
to.Ptr("/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME")},
Enabled: to.Ptr(true),
},
},
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// IngressProfile: &armcontainerservice.ManagedClusterIngressProfile{
// WebAppRouting: &armcontainerservice.ManagedClusterIngressProfileWebAppRouting{
// DNSZoneResourceIDs: []*string{
// to.Ptr("/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME")},
// Enabled: to.Ptr(true),
// },
// },
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_IngressProfile_WebAppRouting.json
*/
async function createManagedClusterWithWebAppRoutingIngressProfileConfigured() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
dnsPrefix: "dnsprefix1",
ingressProfile: {
webAppRouting: {
dnsZoneResourceIds: [
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME",
],
enabled: true,
},
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_IngressProfile_WebAppRouting.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
IngressWebAppRouting = new ManagedClusterIngressProfileWebAppRouting
{
IsEnabled = true,
DnsZoneResourceIds = { new ResourceIdentifier("/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME") },
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"ingressProfile": {
"webAppRouting": {
"enabled": true,
"dnsZoneResourceIds": [
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME"
]
}
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"ingressProfile": {
"webAppRouting": {
"enabled": true,
"dnsZoneResourceIds": [
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME"
]
}
}
}
}
Create Managed Private Cluster with fqdn subdomain specified
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"fqdnSubdomain": "domain1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"privateDNSZone": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"
},
"addonProfiles": {},
"enableRBAC": true
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterApiServerAccessProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_PrivateClusterFQDNSubdomain.json
*/
/**
* Sample code: Create Managed Private Cluster with fqdn subdomain specified.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedPrivateClusterWithFqdnSubdomainSpecified(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withFqdnSubdomain("domain1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableEncryptionAtHost(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withApiServerAccessProfile(
new ManagedClusterApiServerAccessProfile().withEnablePrivateCluster(true).withPrivateDnsZone(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io")),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_private_cluster_fqdn_subdomain.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableEncryptionAtHost": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"apiServerAccessProfile": {
"enablePrivateCluster": True,
"privateDNSZone": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io",
},
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"enableRBAC": True,
"fqdnSubdomain": "domain1",
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterFQDNSubdomain.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterFQDNSubdomain.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedPrivateClusterWithFqdnSubdomainSpecified() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableEncryptionAtHost: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
EnablePrivateCluster: to.Ptr(true),
PrivateDNSZone: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"),
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
EnableRBAC: to.Ptr(true),
FqdnSubdomain: to.Ptr("domain1"),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
// EnablePrivateCluster: to.Ptr(true),
// PrivateDNSZone: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"),
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// EnableRBAC: to.Ptr(true),
// FqdnSubdomain: to.Ptr("domain1"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// PrivateFQDN: to.Ptr("domain1.privatelink.location1.azmk8s.io"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterFQDNSubdomain.json
*/
async function createManagedPrivateClusterWithFqdnSubdomainSpecified() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableEncryptionAtHost: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
apiServerAccessProfile: {
enablePrivateCluster: true,
privateDNSZone:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io",
},
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
enableRbac: true,
fqdnSubdomain: "domain1",
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterFQDNSubdomain.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
FqdnSubdomain = "domain1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableEncryptionAtHost = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
ApiServerAccessProfile = new ManagedClusterApiServerAccessProfile
{
EnablePrivateCluster = true,
PrivateDnsZone = "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io",
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"fqdnSubdomain": "domain1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"privateDNSZone": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"privateFQDN": "domain1.privatelink.location1.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"fqdnSubdomain": "domain1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"privateDNSZone": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"privateFQDN": "domain1.privatelink.location1.azmk8s.io",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Private Cluster with Public FQDN specified
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"enablePrivateClusterPublicFQDN": true
},
"addonProfiles": {},
"enableRBAC": true
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterApiServerAccessProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_PrivateClusterPublicFQDN.json
*/
/**
* Sample code: Create Managed Private Cluster with Public FQDN specified.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedPrivateClusterWithPublicFQDNSpecified(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableEncryptionAtHost(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withApiServerAccessProfile(new ManagedClusterApiServerAccessProfile().withEnablePrivateCluster(true)
.withEnablePrivateClusterPublicFqdn(true)),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_private_cluster_public_fqdn.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableEncryptionAtHost": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"apiServerAccessProfile": {"enablePrivateCluster": True, "enablePrivateClusterPublicFQDN": True},
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterPublicFQDN.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterPublicFQDN.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedPrivateClusterWithPublicFqdnSpecified() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableEncryptionAtHost: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
EnablePrivateCluster: to.Ptr(true),
EnablePrivateClusterPublicFQDN: to.Ptr(true),
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
// EnablePrivateCluster: to.Ptr(true),
// EnablePrivateClusterPublicFQDN: to.Ptr(true),
// PrivateDNSZone: to.Ptr("system"),
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-ee788a1f.hcp.location1.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// PrivateFQDN: to.Ptr("dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterPublicFQDN.json
*/
async function createManagedPrivateClusterWithPublicFqdnSpecified() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableEncryptionAtHost: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
apiServerAccessProfile: {
enablePrivateCluster: true,
enablePrivateClusterPublicFqdn: true,
},
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterPublicFQDN.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableEncryptionAtHost = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
ApiServerAccessProfile = new ManagedClusterApiServerAccessProfile
{
EnablePrivateCluster = true,
EnablePrivateClusterPublicFqdn = true,
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"enablePrivateClusterPublicFQDN": true,
"privateDNSZone": "system"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"enablePrivateClusterPublicFQDN": true,
"privateDNSZone": "system"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create/Update AAD Managed Cluster with EnableAzureRBAC
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"aadProfile": {
"managed": true,
"enableAzureRBAC": true
},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAadProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_UpdateWithEnableAzureRBAC.json
*/
/**
* Sample code: Create/Update AAD Managed Cluster with EnableAzureRBAC.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createUpdateAADManagedClusterWithEnableAzureRBAC(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS1_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withAvailabilityZones(Arrays.asList("1", "2", "3"))
.withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAadProfile(new ManagedClusterAadProfile().withManaged(true).withEnableAzureRbac(true))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_update_with_enable_azure_rbac.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"aadProfile": {"enableAzureRBAC": True, "managed": True},
"addonProfiles": {},
"agentPoolProfiles": [
{
"availabilityZones": ["1", "2", "3"],
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS1_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithEnableAzureRBAC.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithEnableAzureRBAC.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateAadManagedClusterWithEnableAzureRbac() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AADProfile: &armcontainerservice.ManagedClusterAADProfile{
EnableAzureRBAC: to.Ptr(true),
Managed: to.Ptr(true),
},
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
AvailabilityZones: []*string{
to.Ptr("1"),
to.Ptr("2"),
to.Ptr("3")},
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS1_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AADProfile: &armcontainerservice.ManagedClusterAADProfile{
// EnableAzureRBAC: to.Ptr(true),
// Managed: to.Ptr(true),
// TenantID: to.Ptr("tenantID"),
// },
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// AvailabilityZones: []*string{
// to.Ptr("1"),
// to.Ptr("2"),
// to.Ptr("3")},
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS1_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithEnableAzureRBAC.json
*/
async function createOrUpdateAadManagedClusterWithEnableAzureRbac() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
aadProfile: { enableAzureRbac: true, managed: true },
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
availabilityZones: ["1", "2", "3"],
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS1_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithEnableAzureRBAC.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS1_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
AvailabilityZones = {"1", "2", "3"},
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AadProfile = new ManagedClusterAadProfile
{
IsManagedAadEnabled = true,
IsAzureRbacEnabled = true,
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"aadProfile": {
"managed": true,
"adminGroupObjectIDs": null,
"enableAzureRBAC": true,
"tenantID": "tenantID"
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"aadProfile": {
"managed": true,
"adminGroupObjectIDs": null,
"enableAzureRBAC": true,
"tenantID": "tenantID"
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create/Update Managed Cluster
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"scaleDownMode": "Deallocate",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"upgradeSettings": {
"overrideSettings": {
"forceUpgrade": false,
"until": "2022-11-01T13:00:00Z"
}
},
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
}
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ClusterUpgradeSettings;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.Expander;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.ManagedServiceIdentityUserAssignedIdentitiesValue;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ResourceIdentityType;
import com.azure.resourcemanager.containerservice.models.ScaleDownMode;
import com.azure.resourcemanager.containerservice.models.UpgradeOverrideSettings;
import java.time.OffsetDateTime;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_Update.json
*/
/**
* Sample code: Create/Update Managed Cluster.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createUpdateManagedCluster(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku().withName(ManagedClusterSkuName.fromString("Basic"))
.withTier(ManagedClusterSkuTier.FREE))
.withIdentity(new ManagedClusterIdentity().withType(ResourceIdentityType.USER_ASSIGNED)
.withUserAssignedIdentities(mapOf(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1",
new ManagedServiceIdentityUserAssignedIdentitiesValue())))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS1_v2").withOsType(OSType.LINUX).withScaleDownMode(ScaleDownMode.DEALLOCATE)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withAvailabilityZones(Arrays.asList("1", "2", "3")).withEnableNodePublicIp(true)
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withUpgradeSettings(new ClusterUpgradeSettings().withOverrideSettings(new UpgradeOverrideSettings()
.withForceUpgrade(false).withUntil(OffsetDateTime.parse("2022-11-01T13:00:00Z"))))
.withAutoScalerProfile(
new ManagedClusterPropertiesAutoScalerProfile().withBalanceSimilarNodeGroups("true")
.withExpander(Expander.PRIORITY).withMaxNodeProvisionTime("15m").withNewPodScaleUpDelay("1m")
.withScanInterval("20s").withScaleDownDelayAfterAdd("15m").withSkipNodesWithSystemPods("false"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_update.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
},
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"availabilityZones": ["1", "2", "3"],
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"scaleDownMode": "Deallocate",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS1_v2",
}
],
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false",
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"upgradeSettings": {"overrideSettings": {"forceUpgrade": False, "until": "2022-11-01T13:00:00Z"}},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Update.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"time"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Update.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedCluster() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Identity: &armcontainerservice.ManagedClusterIdentity{
Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {},
},
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
AvailabilityZones: []*string{
to.Ptr("1"),
to.Ptr("2"),
to.Ptr("3")},
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
ScaleDownMode: to.Ptr(armcontainerservice.ScaleDownModeDeallocate),
VMSize: to.Ptr("Standard_DS1_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
BalanceSimilarNodeGroups: to.Ptr("true"),
Expander: to.Ptr(armcontainerservice.ExpanderPriority),
MaxNodeProvisionTime: to.Ptr("15m"),
NewPodScaleUpDelay: to.Ptr("1m"),
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
SkipNodesWithSystemPods: to.Ptr("false"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
UpgradeSettings: &armcontainerservice.ClusterUpgradeSettings{
OverrideSettings: &armcontainerservice.UpgradeOverrideSettings{
ForceUpgrade: to.Ptr(false),
Until: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-01T13:00:00.000Z"); return t }()),
},
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Identity: &armcontainerservice.ManagedClusterIdentity{
// Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": &armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// ClientID: to.Ptr("clientId1"),
// PrincipalID: to.Ptr("principalId1"),
// },
// },
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// AvailabilityZones: []*string{
// to.Ptr("1"),
// to.Ptr("2"),
// to.Ptr("3")},
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// ScaleDownMode: to.Ptr(armcontainerservice.ScaleDownModeDeallocate),
// VMSize: to.Ptr("Standard_DS1_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// BalanceSimilarNodeGroups: to.Ptr("true"),
// Expander: to.Ptr(armcontainerservice.ExpanderPriority),
// MaxNodeProvisionTime: to.Ptr("15m"),
// NewPodScaleUpDelay: to.Ptr("1m"),
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// SkipNodesWithSystemPods: to.Ptr("false"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// UpgradeSettings: &armcontainerservice.ClusterUpgradeSettings{
// OverrideSettings: &armcontainerservice.UpgradeOverrideSettings{
// ForceUpgrade: to.Ptr(false),
// Until: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-01T13:00:00.000Z"); return t}()),
// },
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Update.json
*/
async function createOrUpdateManagedCluster() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
availabilityZones: ["1", "2", "3"],
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
scaleDownMode: "Deallocate",
vmSize: "Standard_DS1_v2",
},
],
autoScalerProfile: {
balanceSimilarNodeGroups: "true",
expander: "priority",
maxNodeProvisionTime: "15m",
newPodScaleUpDelay: "1m",
scaleDownDelayAfterAdd: "15m",
scanInterval: "20s",
skipNodesWithSystemPods: "false",
},
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/00000000000000000000000000000000/resourcegroups/rgName1/providers/MicrosoftManagedIdentity/userAssignedIdentities/identity1":
{},
},
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
upgradeSettings: {
overrideSettings: {
forceUpgrade: false,
until: new Date("2022-11-01T13:00:00Z"),
},
},
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Update.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
ClusterIdentity = new ManagedClusterIdentity
{
ResourceIdentityType = "UserAssigned",
UserAssignedIdentities =
{
[new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1")] = new UserAssignedIdentity()
},
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS1_v2",
OSType = ContainerServiceOSType.Linux,
ScaleDownMode = ScaleDownMode.Deallocate,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
AvailabilityZones = {"1", "2", "3"},
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
UpgradeOverrideSettings = new UpgradeOverrideSettings
{
ForceUpgrade = false,
Until = DateTimeOffset.Parse("2022-11-01T13:00:00Z"),
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
BalanceSimilarNodeGroups = "true",
Expander = AutoScaleExpander.Priority,
MaxNodeProvisionTime = "15m",
NewPodScaleUpDelay = "1m",
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
SkipNodesWithSystemPods = "false",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"scaleDownMode": "Deallocate",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"upgradeSettings": {
"overrideSettings": {
"forceUpgrade": false,
"until": "2022-11-01T13:00:00Z"
}
},
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false"
}
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"principalId": "principalId1",
"clientId": "clientId1"
}
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"scaleDownMode": "Deallocate",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"principalId": "principalId1",
"clientId": "clientId1"
}
}
}
}
Create/Update Managed Cluster with Azure Service Mesh
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"serviceMeshProfile": {
"mode": "Istio",
"istio": {
"components": {
"ingressGateways": [
{
"enabled": true,
"mode": "Internal"
}
],
"egressGateways": [
{
"enabled": true,
"name": "test-istio-egress",
"gatewayConfigurationName": "test-gateway-configuration"
}
]
},
"certificateAuthority": {
"plugin": {
"keyVaultId": "/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
"certObjectName": "ca-cert",
"keyObjectName": "ca-key",
"rootCertObjectName": "root-cert",
"certChainObjectName": "cert-chain"
}
}
}
},
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"enabled": true,
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
}
}
},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.IstioCertificateAuthority;
import com.azure.resourcemanager.containerservice.models.IstioComponents;
import com.azure.resourcemanager.containerservice.models.IstioEgressGateway;
import com.azure.resourcemanager.containerservice.models.IstioIngressGateway;
import com.azure.resourcemanager.containerservice.models.IstioIngressGatewayMode;
import com.azure.resourcemanager.containerservice.models.IstioPluginCertificateAuthority;
import com.azure.resourcemanager.containerservice.models.IstioServiceMesh;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAddonProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ServiceMeshMode;
import com.azure.resourcemanager.containerservice.models.ServiceMeshProfile;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_AzureServiceMesh.json
*/
/**
* Sample code: Create/Update Managed Cluster with Azure Service Mesh.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createUpdateManagedClusterWithAzureServiceMesh(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile().withClientId("clientid")
.withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf("azureKeyvaultSecretsProvider",
new ManagedClusterAddonProfile().withEnabled(true).withConfig(
mapOf("enableSecretRotation", "fakeTokenPlaceholder", "rotationPollInterval", "2m"))))
.withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
.withServiceMeshProfile(
new ServiceMeshProfile().withMode(ServiceMeshMode.ISTIO)
.withIstio(new IstioServiceMesh()
.withComponents(new IstioComponents()
.withIngressGateways(Arrays.asList(new IstioIngressGateway()
.withMode(IstioIngressGatewayMode.INTERNAL).withEnabled(true)))
.withEgressGateways(Arrays
.asList(new IstioEgressGateway().withEnabled(true).withName("test-istio-egress")
.withGatewayConfigurationName("test-gateway-configuration"))))
.withCertificateAuthority(new IstioCertificateAuthority()
.withPlugin(new IstioPluginCertificateAuthority().withKeyVaultId("fakeTokenPlaceholder")
.withCertObjectName("ca-cert").withKeyObjectName("fakeTokenPlaceholder")
.withRootCertObjectName("root-cert").withCertChainObjectName("cert-chain"))))),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_azure_service_mesh.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"config": {"enableSecretRotation": "true", "rotationPollInterval": "2m"},
"enabled": True,
}
},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"serviceMeshProfile": {
"istio": {
"certificateAuthority": {
"plugin": {
"certChainObjectName": "cert-chain",
"certObjectName": "ca-cert",
"keyObjectName": "ca-key",
"keyVaultId": "/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
"rootCertObjectName": "root-cert",
}
},
"components": {
"egressGateways": [
{
"enabled": True,
"gatewayConfigurationName": "test-gateway-configuration",
"name": "test-istio-egress",
}
],
"ingressGateways": [{"enabled": True, "mode": "Internal"}],
},
},
"mode": "Istio",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureServiceMesh.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureServiceMesh.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedClusterWithAzureServiceMesh() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{
"azureKeyvaultSecretsProvider": {
Config: map[string]*string{
"enableSecretRotation": to.Ptr("true"),
"rotationPollInterval": to.Ptr("2m"),
},
Enabled: to.Ptr(true),
},
},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServiceMeshProfile: &armcontainerservice.ServiceMeshProfile{
Istio: &armcontainerservice.IstioServiceMesh{
CertificateAuthority: &armcontainerservice.IstioCertificateAuthority{
Plugin: &armcontainerservice.IstioPluginCertificateAuthority{
CertChainObjectName: to.Ptr("cert-chain"),
CertObjectName: to.Ptr("ca-cert"),
KeyObjectName: to.Ptr("ca-key"),
KeyVaultID: to.Ptr("/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv"),
RootCertObjectName: to.Ptr("root-cert"),
},
},
Components: &armcontainerservice.IstioComponents{
EgressGateways: []*armcontainerservice.IstioEgressGateway{
{
Name: to.Ptr("test-istio-egress"),
Enabled: to.Ptr(true),
GatewayConfigurationName: to.Ptr("test-gateway-configuration"),
}},
IngressGateways: []*armcontainerservice.IstioIngressGateway{
{
Enabled: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.IstioIngressGatewayModeInternal),
}},
},
},
Mode: to.Ptr(armcontainerservice.ServiceMeshModeIstio),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{
// "azureKeyvaultSecretsProvider": &armcontainerservice.ManagedClusterAddonProfile{
// Config: map[string]*string{
// "enableSecretRotation": to.Ptr("true"),
// "rotationPollInterval": to.Ptr("2m"),
// },
// Enabled: to.Ptr(true),
// },
// },
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServiceMeshProfile: &armcontainerservice.ServiceMeshProfile{
// Istio: &armcontainerservice.IstioServiceMesh{
// CertificateAuthority: &armcontainerservice.IstioCertificateAuthority{
// Plugin: &armcontainerservice.IstioPluginCertificateAuthority{
// CertChainObjectName: to.Ptr("cert-chain"),
// CertObjectName: to.Ptr("ca-cert"),
// KeyObjectName: to.Ptr("ca-key"),
// KeyVaultID: to.Ptr("/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv"),
// RootCertObjectName: to.Ptr("root-cert"),
// },
// },
// Components: &armcontainerservice.IstioComponents{
// EgressGateways: []*armcontainerservice.IstioEgressGateway{
// {
// Name: to.Ptr("test-istio-egress"),
// Enabled: to.Ptr(true),
// GatewayConfigurationName: to.Ptr("test-gateway-configuration"),
// }},
// IngressGateways: []*armcontainerservice.IstioIngressGateway{
// {
// Enabled: to.Ptr(true),
// Mode: to.Ptr(armcontainerservice.IstioIngressGatewayModeInternal),
// }},
// },
// Revisions: []*string{
// to.Ptr("asm-1-17")},
// },
// Mode: to.Ptr(armcontainerservice.ServiceMeshModeIstio),
// },
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureServiceMesh.json
*/
async function createOrUpdateManagedClusterWithAzureServiceMesh() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {
azureKeyvaultSecretsProvider: {
config: { enableSecretRotation: "true", rotationPollInterval: "2m" },
enabled: true,
},
},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
serviceMeshProfile: {
istio: {
certificateAuthority: {
plugin: {
certChainObjectName: "cert-chain",
certObjectName: "ca-cert",
keyObjectName: "ca-key",
keyVaultId:
"/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
rootCertObjectName: "root-cert",
},
},
components: {
egressGateways: [
{
name: "test-istio-egress",
enabled: true,
gatewayConfigurationName: "test-gateway-configuration",
},
],
ingressGateways: [{ enabled: true, mode: "Internal" }],
},
},
mode: "Istio",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureServiceMesh.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles =
{
["azureKeyvaultSecretsProvider"] = new ManagedClusterAddonProfile(true)
{
Config =
{
["enableSecretRotation"] = "true",
["rotationPollInterval"] = "2m"
},
}
},
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
ServiceMeshProfile = new ServiceMeshProfile(ServiceMeshMode.Istio)
{
Istio = new IstioServiceMesh
{
Components = new IstioComponents
{
IngressGateways = { new IstioIngressGateway(IstioIngressGatewayMode.Internal, true) },
EgressGateways = {new IstioEgressGateway(true, "test-istio-egress")
{
GatewayConfigurationName = "test-gateway-configuration",
}},
},
CertificateAuthorityPlugin = new IstioPluginCertificateAuthority
{
KeyVaultId = new ResourceIdentifier("/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv"),
CertObjectName = "ca-cert",
KeyObjectName = "ca-key",
RootCertObjectName = "root-cert",
CertChainObjectName = "cert-chain",
},
},
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"enabled": true,
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
}
}
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"serviceMeshProfile": {
"mode": "Istio",
"istio": {
"components": {
"ingressGateways": [
{
"enabled": true,
"mode": "Internal"
}
],
"egressGateways": [
{
"enabled": true,
"name": "test-istio-egress",
"gatewayConfigurationName": "test-gateway-configuration"
}
]
},
"certificateAuthority": {
"plugin": {
"keyVaultId": "/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
"certObjectName": "ca-cert",
"keyObjectName": "ca-key",
"rootCertObjectName": "root-cert",
"certChainObjectName": "cert-chain"
}
},
"revisions": [
"asm-1-17"
]
}
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"enabled": true,
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
}
}
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"serviceMeshProfile": {
"mode": "Istio",
"istio": {
"components": {
"ingressGateways": [
{
"enabled": true,
"mode": "Internal"
}
],
"egressGateways": [
{
"enabled": true,
"name": "test-istio-egress",
"gatewayConfigurationName": "test-gateway-configuration"
}
]
},
"certificateAuthority": {
"plugin": {
"keyVaultId": "/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
"certObjectName": "ca-cert",
"keyObjectName": "ca-key",
"rootCertObjectName": "root-cert",
"certChainObjectName": "cert-chain"
}
},
"revisions": [
"asm-1-17"
]
}
}
}
}
Create/Update Managed Cluster with dual-stack networking
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"scaleDownMode": "Deallocate",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"ipFamilies": [
"IPv4",
"IPv6"
]
},
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
}
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.Expander;
import com.azure.resourcemanager.containerservice.models.IpFamily;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.ManagedServiceIdentityUserAssignedIdentitiesValue;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ResourceIdentityType;
import com.azure.resourcemanager.containerservice.models.ScaleDownMode;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_DualStackNetworking.json
*/
/**
* Sample code: Create/Update Managed Cluster with dual-stack networking.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createUpdateManagedClusterWithDualStackNetworking(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku().withName(ManagedClusterSkuName.fromString("Basic"))
.withTier(ManagedClusterSkuTier.FREE))
.withIdentity(new ManagedClusterIdentity().withType(ResourceIdentityType.USER_ASSIGNED)
.withUserAssignedIdentities(mapOf(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1",
new ManagedServiceIdentityUserAssignedIdentitiesValue())))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS1_v2").withOsType(OSType.LINUX).withScaleDownMode(ScaleDownMode.DEALLOCATE)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withAvailabilityZones(Arrays.asList("1", "2", "3")).withEnableNodePublicIp(true)
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2)))
.withIpFamilies(Arrays.asList(IpFamily.IPV4, IpFamily.IPV6)))
.withAutoScalerProfile(
new ManagedClusterPropertiesAutoScalerProfile().withBalanceSimilarNodeGroups("true")
.withExpander(Expander.PRIORITY).withMaxNodeProvisionTime("15m").withNewPodScaleUpDelay("1m")
.withScanInterval("20s").withScaleDownDelayAfterAdd("15m").withSkipNodesWithSystemPods("false"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_dual_stack_networking.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
},
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"availabilityZones": ["1", "2", "3"],
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"scaleDownMode": "Deallocate",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS1_v2",
}
],
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false",
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"ipFamilies": ["IPv4", "IPv6"],
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DualStackNetworking.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DualStackNetworking.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedClusterWithDualStackNetworking() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Identity: &armcontainerservice.ManagedClusterIdentity{
Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {},
},
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
AvailabilityZones: []*string{
to.Ptr("1"),
to.Ptr("2"),
to.Ptr("3")},
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
ScaleDownMode: to.Ptr(armcontainerservice.ScaleDownModeDeallocate),
VMSize: to.Ptr("Standard_DS1_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
BalanceSimilarNodeGroups: to.Ptr("true"),
Expander: to.Ptr(armcontainerservice.ExpanderPriority),
MaxNodeProvisionTime: to.Ptr("15m"),
NewPodScaleUpDelay: to.Ptr("1m"),
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
SkipNodesWithSystemPods: to.Ptr("false"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
IPFamilies: []*armcontainerservice.IPFamily{
to.Ptr(armcontainerservice.IPFamilyIPv4),
to.Ptr(armcontainerservice.IPFamilyIPv6)},
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Identity: &armcontainerservice.ManagedClusterIdentity{
// Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": &armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// ClientID: to.Ptr("clientId1"),
// PrincipalID: to.Ptr("principalId1"),
// },
// },
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// AvailabilityZones: []*string{
// to.Ptr("1"),
// to.Ptr("2"),
// to.Ptr("3")},
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.22.1"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.22.1"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// ScaleDownMode: to.Ptr(armcontainerservice.ScaleDownModeDeallocate),
// VMSize: to.Ptr("Standard_DS1_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// BalanceSimilarNodeGroups: to.Ptr("true"),
// Expander: to.Ptr(armcontainerservice.ExpanderPriority),
// MaxNodeProvisionTime: to.Ptr("15m"),
// NewPodScaleUpDelay: to.Ptr("1m"),
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// SkipNodesWithSystemPods: to.Ptr("false"),
// },
// CurrentKubernetesVersion: to.Ptr("1.22.1"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.22.1"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// to.Ptr(armcontainerservice.IPFamilyIPv6)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip3-ipv6"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// CountIPv6: to.Ptr[int32](1),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// to.Ptr("fd11:1234::/64")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// to.Ptr("fd00:1234::/108")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DualStackNetworking.json
*/
async function createOrUpdateManagedClusterWithDualStackNetworking() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
availabilityZones: ["1", "2", "3"],
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
scaleDownMode: "Deallocate",
vmSize: "Standard_DS1_v2",
},
],
autoScalerProfile: {
balanceSimilarNodeGroups: "true",
expander: "priority",
maxNodeProvisionTime: "15m",
newPodScaleUpDelay: "1m",
scaleDownDelayAfterAdd: "15m",
scanInterval: "20s",
skipNodesWithSystemPods: "false",
},
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/00000000000000000000000000000000/resourcegroups/rgName1/providers/MicrosoftManagedIdentity/userAssignedIdentities/identity1":
{},
},
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
ipFamilies: ["IPv4", "IPv6"],
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DualStackNetworking.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
ClusterIdentity = new ManagedClusterIdentity
{
ResourceIdentityType = "UserAssigned",
UserAssignedIdentities =
{
[new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1")] = new UserAssignedIdentity()
},
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS1_v2",
OSType = ContainerServiceOSType.Linux,
ScaleDownMode = ScaleDownMode.Deallocate,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
AvailabilityZones = {"1", "2", "3"},
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
NetworkIPFamilies = { ContainerServiceIPFamily.IPv4, ContainerServiceIPFamily.IPv6 },
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
BalanceSimilarNodeGroups = "true",
Expander = AutoScaleExpander.Priority,
MaxNodeProvisionTime = "15m",
NewPodScaleUpDelay = "1m",
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
SkipNodesWithSystemPods = "false",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.22.1",
"currentKubernetesVersion": "1.22.1",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.22.1",
"currentOrchestratorVersion": "1.22.1",
"type": "VirtualMachineScaleSets",
"scaleDownMode": "Deallocate",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16",
"fd11:1234::/64"
],
"serviceCidrs": [
"10.0.0.0/16",
"fd00:1234::/108"
],
"ipFamilies": [
"IPv4",
"IPv6"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2,
"countIPv6": 1
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip3-ipv6"
}
]
}
},
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false"
}
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"principalId": "principalId1",
"clientId": "clientId1"
}
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.22.1",
"currentKubernetesVersion": "1.22.1",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.22.1",
"currentOrchestratorVersion": "1.22.1",
"type": "VirtualMachineScaleSets",
"scaleDownMode": "Deallocate",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16",
"fd11:1234::/64"
],
"serviceCidrs": [
"10.0.0.0/16",
"fd00:1234::/108"
],
"ipFamilies": [
"IPv4",
"IPv6"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2,
"countIPv6": 1
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip3-ipv6"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"principalId": "principalId1",
"clientId": "clientId1"
}
}
}
}
Create/Update Managed Cluster with EnableAHUB
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$",
"licenseType": "Windows_Server"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
}
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LicenseType;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.ManagedServiceIdentityUserAssignedIdentitiesValue;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ResourceIdentityType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_UpdateWithAHUB.json
*/
/**
* Sample code: Create/Update Managed Cluster with EnableAHUB.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createUpdateManagedClusterWithEnableAHUB(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku().withName(ManagedClusterSkuName.fromString("Basic"))
.withTier(ManagedClusterSkuTier.FREE))
.withIdentity(new ManagedClusterIdentity().withType(ResourceIdentityType.USER_ASSIGNED)
.withUserAssignedIdentities(mapOf(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1",
new ManagedServiceIdentityUserAssignedIdentitiesValue())))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS1_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withAvailabilityZones(Arrays.asList("1", "2", "3"))
.withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder").withLicenseType(LicenseType.WINDOWS_SERVER))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_update_with_ahub.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
},
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"availabilityZones": ["1", "2", "3"],
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS1_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser",
"licenseType": "Windows_Server",
},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithAHUB.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithAHUB.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedClusterWithEnableAhub() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Identity: &armcontainerservice.ManagedClusterIdentity{
Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {},
},
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
AvailabilityZones: []*string{
to.Ptr("1"),
to.Ptr("2"),
to.Ptr("3")},
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS1_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
LicenseType: to.Ptr(armcontainerservice.LicenseTypeWindowsServer),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Identity: &armcontainerservice.ManagedClusterIdentity{
// Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": &armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// ClientID: to.Ptr("clientId1"),
// PrincipalID: to.Ptr("principalId1"),
// },
// },
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// AvailabilityZones: []*string{
// to.Ptr("1"),
// to.Ptr("2"),
// to.Ptr("3")},
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS1_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// LicenseType: to.Ptr(armcontainerservice.LicenseTypeWindowsServer),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithAHUB.json
*/
async function createOrUpdateManagedClusterWithEnableAhub() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
availabilityZones: ["1", "2", "3"],
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS1_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/00000000000000000000000000000000/resourcegroups/rgName1/providers/MicrosoftManagedIdentity/userAssignedIdentities/identity1":
{},
},
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
licenseType: "Windows_Server",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithAHUB.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
ClusterIdentity = new ManagedClusterIdentity
{
ResourceIdentityType = "UserAssigned",
UserAssignedIdentities =
{
[new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1")] = new UserAssignedIdentity()
},
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS1_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
AvailabilityZones = {"1", "2", "3"},
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
LicenseType = WindowsVmLicenseType.WindowsServer,
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser",
"licenseType": "Windows_Server"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"principalId": "principalId1",
"clientId": "clientId1"
}
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser",
"licenseType": "Windows_Server"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"principalId": "principalId1",
"clientId": "clientId1"
}
}
}
}
Create/Update Managed Cluster with Windows gMSA enabled
Przykładowa prośba
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$",
"gmsaProfile": {
"enabled": true
}
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
}
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.ManagedServiceIdentityUserAssignedIdentitiesValue;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ResourceIdentityType;
import com.azure.resourcemanager.containerservice.models.WindowsGmsaProfile;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_UpdateWindowsGmsa.json
*/
/**
* Sample code: Create/Update Managed Cluster with Windows gMSA enabled.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createUpdateManagedClusterWithWindowsGMSAEnabled(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku().withName(ManagedClusterSkuName.fromString("Basic"))
.withTier(ManagedClusterSkuTier.FREE))
.withIdentity(new ManagedClusterIdentity().withType(ResourceIdentityType.USER_ASSIGNED)
.withUserAssignedIdentities(mapOf(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1",
new ManagedServiceIdentityUserAssignedIdentitiesValue())))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS1_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withAvailabilityZones(Arrays.asList("1", "2", "3"))
.withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder")
.withGmsaProfile(new WindowsGmsaProfile().withEnabled(true)))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_update_windows_gmsa.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
},
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"availabilityZones": ["1", "2", "3"],
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS1_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser",
"gmsaProfile": {"enabled": True},
},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWindowsGmsa.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWindowsGmsa.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedClusterWithWindowsGMsaEnabled() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Identity: &armcontainerservice.ManagedClusterIdentity{
Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {},
},
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
AvailabilityZones: []*string{
to.Ptr("1"),
to.Ptr("2"),
to.Ptr("3")},
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS1_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
GmsaProfile: &armcontainerservice.WindowsGmsaProfile{
Enabled: to.Ptr(true),
},
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Identity: &armcontainerservice.ManagedClusterIdentity{
// Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": &armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// ClientID: to.Ptr("clientId1"),
// PrincipalID: to.Ptr("principalId1"),
// },
// },
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// AvailabilityZones: []*string{
// to.Ptr("1"),
// to.Ptr("2"),
// to.Ptr("3")},
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS1_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// GmsaProfile: &armcontainerservice.WindowsGmsaProfile{
// Enabled: to.Ptr(true),
// },
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWindowsGmsa.json
*/
async function createOrUpdateManagedClusterWithWindowsGMsaEnabled() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
availabilityZones: ["1", "2", "3"],
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS1_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/00000000000000000000000000000000/resourcegroups/rgName1/providers/MicrosoftManagedIdentity/userAssignedIdentities/identity1":
{},
},
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
gmsaProfile: { enabled: true },
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWindowsGmsa.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
ClusterIdentity = new ManagedClusterIdentity
{
ResourceIdentityType = "UserAssigned",
UserAssignedIdentities =
{
[new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1")] = new UserAssignedIdentity()
},
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS1_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
AvailabilityZones = {"1", "2", "3"},
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
GmsaProfile = new WindowsGmsaProfile
{
IsEnabled = true,
},
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Przykładowa odpowiedź
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser",
"gmsaProfile": {
"enabled": true
}
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"principalId": "principalId1",
"clientId": "clientId1"
}
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser",
"gmsaProfile": {
"enabled": true
}
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"principalId": "principalId1",
"clientId": "clientId1"
}
}
}
}
Definicje
| Nazwa |
Opis |
|
AdvancedNetworking
|
Zaawansowany profil sieci umożliwiający obserwowanie i pakiet funkcji zabezpieczeń w klastrze. Aby uzyskać więcej informacji, zobacz aka.ms/aksadvancednetworking.
|
|
AdvancedNetworkingObservability
|
Profil obserwacji umożliwiający włączenie zaawansowanych metryk sieci i dzienników przepływu z kontekstami historycznymi.
|
|
AdvancedNetworkingSecurity
|
Profil zabezpieczeń umożliwiający włączenie funkcji zabezpieczeń w klastrze opartym na cilium.
|
|
advancedNetworkPolicies
|
Włącz zaawansowane zasady sieciowe. Dzięki temu użytkownicy mogą konfigurować zasady sieciowe warstwy 7 (FQDN, HTTP, Kafka). Zasady muszą być konfigurowane za pośrednictwem zasobów zasad sieciowych cilium, zobacz https://docs.cilium.io/en/latest/security/policy/index.html. Można to włączyć tylko w klastrach opartych na cilium. Jeśli nie zostanie określony, wartość domyślna to FQDN, jeśli wartość security.enabled jest ustawiona na true.
|
|
AgentPoolGatewayProfile
|
Profil puli agentów bramy klastra zarządzanego.
|
|
AgentPoolMode
|
Tryb puli agentów. Klaster musi mieć co najmniej jedną pulę agentów "System" przez cały czas. Aby uzyskać dodatkowe informacje na temat ograniczeń puli agentów i najlepszych rozwiązań, zobacz: https://docs.microsoft.com/azure/aks/use-system-pools
|
|
AgentPoolNetworkProfile
|
Ustawienia sieciowe puli agentów.
|
|
AgentPoolSecurityProfile
|
Ustawienia zabezpieczeń puli agentów.
|
|
AgentPoolSSHAccess
|
Metoda dostępu SSH puli agentów.
|
|
AgentPoolStatus
|
Zawiera informacje tylko do odczytu dotyczące puli agentów.
|
|
AgentPoolType
|
Typ puli agentów.
|
|
AgentPoolUpgradeSettings
|
Ustawienia uaktualniania puli agentów
|
|
AgentPoolWindowsProfile
|
Określony profil puli agentów systemu Windows.
|
|
ArtifactSource
|
Źródło artefaktu. Źródło, z którego są pobierane artefakty.
|
|
AutoScalerProfile
|
Parametry, które mają być stosowane do skalowania automatycznego klastra po włączeniu
|
|
AzureKeyVaultKms
|
Ustawienia usługi zarządzania kluczami usługi Azure Key Vault dla profilu zabezpieczeń.
|
|
BackendPoolType
|
Typ zarządzanej puli zaplecza modułu równoważenia obciążenia dla ruchu przychodzącego.
|
|
ClusterUpgradeSettings
|
Ustawienia uaktualniania klastra.
|
|
code
|
Informuje, czy klaster jest uruchomiony, czy zatrzymany
|
|
ContainerServiceLinuxProfile
|
Profil maszyn wirtualnych z systemem Linux w klastrze usługi kontenera.
|
|
ContainerServiceNetworkProfile
|
Profil konfiguracji sieci.
|
|
ContainerServiceSshConfiguration
|
Konfiguracja protokołu SSH dla maszyn wirtualnych z systemem Linux uruchomionych na platformie Azure.
|
|
ContainerServiceSshPublicKey
|
Zawiera informacje o danych klucza publicznego certyfikatu SSH.
|
|
createdByType
|
Typ tożsamości, która utworzyła zasób.
|
|
CreationData
|
Dane używane podczas tworzenia zasobu docelowego na podstawie zasobu źródłowego.
|
|
DelegatedResource
|
Właściwości delegowanego zasobu — tylko do użytku wewnętrznego.
|
|
ErrorAdditionalInfo
|
Dodatkowe informacje o błędzie zarządzania zasobami.
|
|
ErrorDetail
|
Szczegóły błędu.
|
|
ErrorResponse
|
Odpowiedź na błąd
|
|
expander
|
Ekspander do użycia podczas skalowania w górę. Jeśli nie zostanie określony, wartość domyślna to "losowe". Aby uzyskać więcej informacji, zobacz ekspandery .
|
|
ExtendedLocation
|
Typ złożony lokalizacji rozszerzonej.
|
|
ExtendedLocationTypes
|
Typ lokalizacji rozszerzonej.
|
|
GPUDriver
|
Czy zainstalować sterowniki procesora GPU. Jeśli nie zostanie określony, wartość domyślna to Install (Zainstaluj).
|
|
GPUInstanceProfile
|
GpuInstanceProfile do użycia w celu określenia profilu wystąpienia migracji procesora GPU dla obsługiwanej jednostki SKU maszyny wirtualnej procesora GPU.
|
|
GPUProfile
|
Ustawienia procesora GPU dla puli agentów.
|
|
Identity
|
Tożsamość zasobu.
|
|
ipFamily
|
Rodziny adresów IP używane do określania wersji adresów IP dostępnych dla klastra. Rodziny adresów IP służą do określania klastrów z jednym stosem lub dwoma stosami. W przypadku pojedynczego stosu oczekiwana wartość to IPv4. W przypadku dwóch stosów oczekiwane wartości to IPv4 i IPv6.
|
|
IPTag
|
Zawiera element IPTag skojarzony z obiektem .
|
|
IstioCertificateAuthority
|
Konfiguracja urzędu certyfikacji usługi Istio Service Mesh. Na razie obsługujemy tylko certyfikaty wtyczek zgodnie z opisem w tym https://aka.ms/asm-plugin-ca
|
|
IstioComponents
|
Konfiguracja składników istio.
|
|
IstioEgressGateway
|
Konfiguracja bramy ruchu wychodzącego Istio.
|
|
IstioIngressGateway
|
Konfiguracja bramy ruchu przychodzącego istio. Na razie obsługujemy maksymalnie jedną zewnętrzną bramę ruchu przychodzącego o nazwie aks-istio-ingressgateway-external i jedną wewnętrzną bramę ruchu przychodzącego o nazwie aks-istio-ingressgateway-internal.
|
|
IstioIngressGatewayMode
|
Tryb bramy ruchu przychodzącego.
|
|
IstioPluginCertificateAuthority
|
Informacje o certyfikatach wtyczki dla usługi Service Mesh.
|
|
IstioServiceMesh
|
Konfiguracja siatki usługi Istio.
|
|
KeyVaultNetworkAccessTypes
|
Dostęp do sieci magazynu kluczy. Dostęp sieciowy do magazynu kluczy. Możliwe wartości to Public i Private.
Public oznacza, że magazyn kluczy umożliwia dostęp publiczny ze wszystkich sieci.
Private oznacza, że magazyn kluczy wyłącza dostęp publiczny i włącza łącze prywatne. Domyślna wartość to Public.
|
|
KubeletConfig
|
Konfiguracje usługi Kubelet węzłów agenta. Aby uzyskać więcej informacji, zobacz konfiguracji niestandardowego węzła usługi AKS.
|
|
KubeletDiskType
|
Określa umieszczanie woluminów emptyDir, katalogu głównego danych środowiska uruchomieniowego kontenera i magazynu efemerycznego Kubelet.
|
|
KubernetesSupportPlan
|
Różne warstwy pomocy technicznej dla klastrów zarządzanych przez usługę AKS
|
|
licenseType
|
Typ licencji do użycia dla maszyn wirtualnych z systemem Windows. Aby uzyskać więcej informacji, zobacz Korzyści użytkownika hybrydowego platformy Azure .
|
|
LinuxOSConfig
|
Konfiguracje systemu operacyjnego węzłów agenta systemu Linux. Aby uzyskać więcej informacji, zobacz konfiguracji niestandardowego węzła usługi AKS.
|
|
loadBalancerSku
|
Jednostka SKU modułu równoważenia obciążenia dla klastra zarządzanego. Wartość domyślna to "Standardowa". Aby uzyskać więcej informacji na temat różnic między jednostkami SKU modułu równoważenia obciążenia, zobacz Jednostki SKU usługi Azure Load Balancer .
|
|
LocalDNSForwardDestination
|
Serwer docelowy dla zapytań DNS, które mają być przekazywane z lokalnego DNS.
|
|
LocalDNSForwardPolicy
|
Zasady przekazywania służące do wybierania nadrzędnego serwera DNS. Zobacz wtyczkę do przekazywania , aby uzyskać więcej informacji.
|
|
LocalDNSMode
|
Tryb włączania dla localDNS.
|
|
LocalDNSOverride
|
Przesłonięcia dla profilu localDNS.
|
|
LocalDNSProfile
|
Konfiguruje lokalny system DNS dla poszczególnych węzłów z przesłonięciami VnetDNS i KubeDNS. LocalDNS pomaga zwiększyć wydajność i niezawodność rozpoznawania nazw DNS w klastrze usługi AKS. Aby uzyskać więcej informacji, zobacz aka.ms/aks/localdns.
|
|
LocalDNSProtocol
|
Wymuszaj protokół TCP lub preferuj protokół UDP dla połączeń z lokalnego serwera DNS do nadrzędnego serwera DNS.
|
|
LocalDNSQueryLogging
|
Poziom dziennika dla zapytań DNS w localDNS.
|
|
LocalDNSServeStale
|
Zasady obsługi starych danych. Zobacz wtyczkę pamięci podręcznej , aby uzyskać więcej informacji.
|
|
LocalDNSState
|
Wygenerowany przez system stan localDNS.
|
|
ManagedCluster
|
Klaster zarządzany.
|
|
ManagedClusterAADProfile
|
AADProfile określa atrybuty integracji usługi Azure Active Directory. Aby uzyskać więcej informacji, zobacz managed AAD on AKS.
|
|
ManagedClusterAddonProfile
|
Profil dodatku Kubernetes dla klastra zarządzanego.
|
|
ManagedClusterAgentPoolProfile
|
Profil puli agentów usługi kontenera.
|
|
ManagedClusterAIToolchainOperatorProfile
|
Po włączeniu operatora w klastrze zostanie zainstalowany zestaw zarządzanych identyfikatorów CRD i kontrolerów usługi AKS. Operator automatyzuje wdrażanie modeli systemu operacyjnego na potrzeby wnioskowania i/lub trenowania. Zapewnia zestaw wstępnie ustawionych modeli i umożliwia rozproszone wnioskowanie względem nich.
|
|
ManagedClusterAPIServerAccessProfile
|
Profil dostępu dla serwera interfejsu API klastra zarządzanego.
|
|
ManagedClusterAutoUpgradeProfile
|
Profil automatycznego uaktualniania dla klastra zarządzanego.
|
|
ManagedClusterAzureMonitorProfile
|
Profile dodatków usługi Azure Monitor do monitorowania klastra zarządzanego.
|
|
ManagedClusterAzureMonitorProfileKubeStateMetrics
|
Profil metryk stanu platformy Kube dla dodatku Prometheus zarządzanego przez platformę Azure. Te opcjonalne ustawienia dotyczą zasobnika kube-state-metrics wdrożonego za pomocą dodatku. Aby uzyskać szczegółowe informacje, zobacz aka.ms/AzureManagedPrometheus-optional-parameters.
|
|
ManagedClusterAzureMonitorProfileMetrics
|
Profil metryk dla usługi zarządzanej Azure Monitor dla dodatku Prometheus. Zbierz gotowe metryki infrastruktury kubernetes, aby wysyłać je do obszaru roboczego usługi Azure Monitor i konfigurować dodatkowe złomowanie dla niestandardowych obiektów docelowych. Aby zapoznać się z omówieniem, zobacz aka.ms/AzureManagedPrometheus.
|
|
ManagedClusterBootstrapProfile
|
Profil bootstrap.
|
|
ManagedClusterCostAnalysis
|
Konfiguracja analizy kosztów klastra
|
|
ManagedClusterHTTPProxyConfig
|
Konfiguracja serwera proxy HTTP klastra.
|
|
ManagedClusterIdentity
|
Tożsamość klastra zarządzanego.
|
|
ManagedClusterIngressProfile
|
Profil ruchu przychodzącego dla klastra usługi kontenera.
|
|
ManagedClusterIngressProfileNginx
|
|
|
ManagedClusterIngressProfileWebAppRouting
|
Ustawienia dodatku routingu aplikacji dla profilu ruchu przychodzącego.
|
|
ManagedClusterLoadBalancerProfile
|
Profil modułu równoważenia obciążenia klastra zarządzanego.
|
|
ManagedClusterManagedOutboundIPProfile
|
Profil zarządzanych zasobów wychodzących IP klastra zarządzanego.
|
|
ManagedClusterMetricsProfile
|
Profil metryk zarządzanychcluster.
|
|
ManagedClusterNATGatewayProfile
|
Profil bramy translatora adresów sieciowych klastra zarządzanego.
|
|
ManagedClusterNodeProvisioningProfile
|
|
|
ManagedClusterNodeResourceGroupProfile
|
Profil blokady grupy zasobów węzła dla klastra zarządzanego.
|
|
ManagedClusterOIDCIssuerProfile
|
Profil wystawcy OIDC klastra zarządzanego.
|
|
ManagedClusterPodIdentity
|
Szczegółowe informacje o tożsamości zasobnika przypisanej do klastra zarządzanego.
|
|
ManagedClusterPodIdentityException
|
Wyjątek tożsamości zasobnika, który umożliwia zasobnikom z określonymi etykietami dostęp do punktu końcowego usługi Azure Instance Metadata Service (IMDS) bez przechwytywania przez serwer tożsamości zarządzanej węzła (NMI). Aby uzyskać więcej informacji, zobacz disable AAD Pod Identity for a specific Pod/Application (Wyłączanie tożsamości zasobnika usługi AAD).
|
|
ManagedClusterPodIdentityProfile
|
Profil tożsamości zasobnika klastra zarządzanego. Zobacz używanie tożsamości zasobnika usługi AAD, aby uzyskać więcej informacji na temat integracji tożsamości zasobnika.
|
|
ManagedClusterPodIdentityProvisioningError
|
Odpowiedź na błąd z aprowizacji tożsamości zasobnika.
|
|
ManagedClusterPodIdentityProvisioningErrorBody
|
Odpowiedź na błąd z aprowizacji tożsamości zasobnika.
|
|
ManagedClusterPodIdentityProvisioningState
|
Bieżący stan aprowizacji tożsamości zasobnika.
|
|
ManagedClusterSecurityProfile
|
Profil zabezpieczeń klastra usługi kontenera.
|
|
ManagedClusterSecurityProfileDefender
|
Ustawienia usługi Microsoft Defender dla profilu zabezpieczeń.
|
|
ManagedClusterSecurityProfileDefenderSecurityMonitoring
|
Ustawienia usługi Microsoft Defender dla wykrywania zagrożeń profilu zabezpieczeń.
|
|
ManagedClusterSecurityProfileImageCleaner
|
Narzędzie Image Cleaner usuwa nieużywane obrazy z węzłów, zwalniając miejsce na dysku i pomagając zmniejszyć obszar powierzchni podatnej na ataki. Poniżej przedstawiono ustawienia profilu zabezpieczeń.
|
|
ManagedClusterSecurityProfileWorkloadIdentity
|
Ustawienia tożsamości obciążenia dla profilu zabezpieczeń.
|
|
ManagedClusterServicePrincipalProfile
|
Informacje o tożsamości jednostki usługi dla klastra do użycia do manipulowania interfejsami API platformy Azure.
|
|
ManagedClusterSKU
|
Jednostka SKU klastra zarządzanego.
|
|
ManagedClusterSKUName
|
Nazwa jednostki SKU klastra zarządzanego.
|
|
ManagedClusterSKUTier
|
Warstwa jednostki SKU klastra zarządzanego. Jeśli nie zostanie określony, wartość domyślna to "Bezpłatna". Aby uzyskać więcej informacji, zobacz Warstwa cenowa usługi AKS .
|
|
ManagedClusterStaticEgressGatewayProfile
|
Konfiguracja dodatku static Egress Gateway dla klastra.
|
|
ManagedClusterStatus
|
Zawiera informacje tylko do odczytu dotyczące klastra zarządzanego.
|
|
ManagedClusterStorageProfile
|
Profil magazynu dla klastra usługi kontenera.
|
|
ManagedClusterStorageProfileBlobCSIDriver
|
Ustawienia sterownika CSI usługi AzureBlob dla profilu magazynu.
|
|
ManagedClusterStorageProfileDiskCSIDriver
|
Ustawienia sterownika AZUREDisk CSI dla profilu magazynu.
|
|
ManagedClusterStorageProfileFileCSIDriver
|
Ustawienia sterownika AZUREFile CSI dla profilu magazynu.
|
|
ManagedClusterStorageProfileSnapshotController
|
Ustawienia kontrolera migawek dla profilu magazynu.
|
|
ManagedClusterWindowsProfile
|
Profil maszyn wirtualnych z systemem Windows w klastrze zarządzanym.
|
|
ManagedClusterWorkloadAutoScalerProfile
|
Profil automatycznego skalowania obciążenia dla klastra zarządzanego.
|
|
ManagedClusterWorkloadAutoScalerProfileKeda
|
Ustawienia skalowania automatycznego opartego na zdarzeniach platformy KEDA (Kubernetes Event-driven Autoscaling) dla profilu automatycznego skalowania obciążenia.
|
|
ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler
|
Ustawienia narzędzia VPA (vertical Pod Autoscaler) dla profilu automatycznego skalowania obciążenia.
|
|
ManagedOutboundIPs
|
Żądane zarządzane adresy IP ruchu wychodzącego dla modułu równoważenia obciążenia klastra.
|
|
ManualScaleProfile
|
Specyfikacje dotyczące liczby maszyn.
|
|
networkDataplane
|
Plan danych sieci używany w klastrze Kubernetes.
|
|
networkMode
|
Tryb sieciowy platformy Azure CNI jest skonfigurowany za pomocą polecenia . Nie można tego określić, jeśli parametr networkPlugin jest inny niż "azure".
|
|
NetworkPlugin
|
Wtyczka sieci używana do tworzenia sieci Kubernetes.
|
|
NetworkPluginMode
|
Tryb, który ma być używany przez wtyczkę sieci.
|
|
NetworkPolicy
|
Zasady sieci używane do tworzenia sieci Kubernetes.
|
|
NginxIngressControllerType
|
Typ ruchu przychodzącego domyślnego zasobu niestandardowego NginxIngressController
|
|
nodeOSUpgradeChannel
|
Kanał uaktualniania systemu operacyjnego węzła. Sposób aktualizowania systemu operacyjnego w węzłach. Wartość domyślna to NodeImage.
|
|
NodeProvisioningDefaultNodePools
|
Zestaw domyślnych pul węzłów Karpenter (CRD) skonfigurowanych do aprowizacji węzłów. To pole nie działa, chyba że tryb ma wartość "Auto". Ostrzeżenie: Zmiana tej opcji z Automatycznie na Brak w istniejącym klastrze spowoduje usunięcie domyślnych pul węzłów Karpenter, co spowoduje opróżnienie i usunięcie węzłów skojarzonych z tymi pulami. Zdecydowanie zaleca się, aby tego nie robić, chyba że istnieją bezczynne węzły gotowe do podjęcia zasobników eksmitowanych przez tę akcję. Jeśli nie zostanie określony, wartość domyślna to Auto. Aby uzyskać więcej informacji, zobacz aka.ms/aks/nap#node-pools.
|
|
NodeProvisioningMode
|
Tryb aprowizacji węzła. Jeśli nie zostanie określony, wartość domyślna to Ręczne.
|
|
OSDiskType
|
Typ dysku systemu operacyjnego, który ma być używany dla maszyn w puli agentów. Wartość domyślna to "Efemeryczna", jeśli maszyna wirtualna ją obsługuje i ma dysk pamięci podręcznej większy niż żądany dysk OSDiskSizeGB. W przeciwnym razie wartość domyślna to "Zarządzane". Nie można zmienić po utworzeniu. Aby uzyskać więcej informacji, zobacz efemeryczny system operacyjny.
|
|
OSSKU
|
Określa jednostkę SKU systemu operacyjnego używaną przez pulę agentów. Wartość domyślna to Ubuntu, jeśli typ systemu operacyjnego to Linux. Wartość domyślna to Windows2019, gdy platforma Kubernetes <= 1.24 lub Windows2022, gdy platforma Kubernetes >= 1,25, jeśli typ systemu operacyjnego to Windows.
|
|
OSType
|
Typ systemu operacyjnego. Wartość domyślna to Linux.
|
|
OutboundIPPrefixes
|
Żądane zasoby prefiksu adresów IP dla modułu równoważenia obciążenia klastra.
|
|
OutboundIPs
|
Żądane zasoby adresów IP ruchu wychodzącego dla modułu równoważenia obciążenia klastra.
|
|
outboundType
|
Metoda routingu ruchu wychodzącego (wychodzącego). Można to ustawić tylko w czasie tworzenia klastra i nie można go zmienić później. Aby uzyskać więcej informacji, zobacz typ ruchu wychodzącego wychodzącego.
|
|
PodIPAllocationMode
|
Tryb alokacji adresów IP zasobnika. Tryb alokacji adresów IP dla zasobników w puli agentów. Musi być używany z podSubnetId. Wartość domyślna to "DynamicIndividual".
|
|
PortRange
|
Zakres portów.
|
|
PowerState
|
Opisuje stan zasilania klastra
|
|
PrivateLinkResource
|
Zasób łącza prywatnego
|
|
Protocol
|
Protokół sieciowy portu.
|
|
ProvisioningInfo
|
|
|
PublicNetworkAccess
|
PublicNetworkAccess klastra zarządzanego. Zezwalanie na dostęp do sieci publicznej dla usługi AKS lub odmawianie dostępu do sieci publicznej
|
|
ResourceIdentityType
|
Typ tożsamości używany dla klastra zarządzanego. Aby uzyskać więcej informacji, zobacz Używanie tożsamości zarządzanych w usłudze AKS.
|
|
ResourceReference
|
Odwołanie do zasobu platformy Azure.
|
|
RestrictionLevel
|
Poziom ograniczeń zastosowany do grupy zasobów węzła klastra. Jeśli nie zostanie określony, wartość domyślna to "Bez ograniczeń"
|
|
ScaleDownMode
|
W tym artykule opisano, jak maszyny wirtualne są dodawane do pul agentów lub usuwane z nich. Zobacz stany rozliczeń.
|
|
ScaleProfile
|
Specyfikacje dotyczące skalowania puli agentów VirtualMachines.
|
|
ScaleSetEvictionPolicy
|
Zasady eksmisji zestawu skalowania maszyn wirtualnych. Zasady eksmisji określają, co należy zrobić z maszyną wirtualną po jej eksmisji. Wartość domyślna to Usuń. Aby uzyskać więcej informacji na temat eksmisji, zobacz Maszyny wirtualne typu spot
|
|
ScaleSetPriority
|
Priorytet zestawu skalowania maszyn wirtualnych.
|
|
ServiceMeshMode
|
Tryb siatki usług.
|
|
ServiceMeshProfile
|
Profil usługi Service Mesh dla klastra zarządzanego.
|
|
SysctlConfig
|
Ustawienia sysctl dla węzłów agenta systemu Linux.
|
|
systemData
|
Metadane dotyczące tworzenia i ostatniej modyfikacji zasobu.
|
|
UndrainableNodeBehavior
|
Definiuje zachowanie węzłów niewykonalnych podczas uaktualniania. Najczęstszą przyczyną niedostępnych węzłów jest budżety zakłóceń zasobników (PDB), ale inne problemy, takie jak okres prolongaty zakończenia zasobnika przekracza pozostały limit czasu opróżniania węzła lub zasobnik jest nadal w stanie uruchomienia, może również spowodować niezrównowadzone węzły.
|
|
upgradeChannel
|
Kanał uaktualniania na potrzeby automatycznego uaktualniania. Wartość domyślna to "none". Aby uzyskać więcej informacji, zobacz ustawianie kanału automatycznego uaktualniania klastra usługi AKS.
|
|
UpgradeOverrideSettings
|
Ustawienia przesłonięć podczas uaktualniania klastra.
|
|
UserAssignedIdentities
|
Tożsamość użytkownika skojarzona z klastrem zarządzanym. Ta tożsamość będzie używana w płaszczyźnie sterowania. Dozwolona jest tylko jedna tożsamość przypisana przez użytkownika. Klucze muszą być identyfikatorami zasobów usługi ARM w postaci: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}".
|
|
UserAssignedIdentity
|
Szczegółowe informacje o tożsamości przypisanej przez użytkownika.
|
|
VirtualMachineNodes
|
Bieżący stan w grupie węzłów o tym samym rozmiarze maszyny wirtualnej.
|
|
VirtualMachinesProfile
|
Specyfikacje w puli agentów VirtualMachines.
|
|
WindowsGmsaProfile
|
Profil gMSA systemu Windows w klastrze zarządzanym.
|
|
WorkloadRuntime
|
Określa typ obciążenia, który może uruchomić węzeł.
|
AdvancedNetworking
Sprzeciwiać się
Zaawansowany profil sieci umożliwiający obserwowanie i pakiet funkcji zabezpieczeń w klastrze. Aby uzyskać więcej informacji, zobacz aka.ms/aksadvancednetworking.
| Nazwa |
Typ |
Opis |
|
enabled
|
boolean
|
Wskazuje włączenie zaawansowanych funkcji sieciowych dotyczących możliwości obserwowania i zabezpieczeń w klastrach usługi AKS. Po ustawieniu wartości true wszystkie funkcje obserwowania i zabezpieczeń zostaną ustawione na włączone, chyba że jawnie wyłączone. Jeśli nie zostanie określony, wartość domyślna to false.
|
|
observability
|
AdvancedNetworkingObservability
|
Profil obserwacji umożliwiający włączenie zaawansowanych metryk sieci i dzienników przepływu z kontekstami historycznymi.
|
|
security
|
AdvancedNetworkingSecurity
|
Profil zabezpieczeń umożliwiający włączenie funkcji zabezpieczeń w klastrze opartym na cilium.
|
AdvancedNetworkingObservability
Sprzeciwiać się
Profil obserwacji umożliwiający włączenie zaawansowanych metryk sieci i dzienników przepływu z kontekstami historycznymi.
| Nazwa |
Typ |
Opis |
|
enabled
|
boolean
|
Wskazuje włączenie funkcji obserwacji zaawansowanej sieci w klastrach.
|
AdvancedNetworkingSecurity
Sprzeciwiać się
Profil zabezpieczeń umożliwiający włączenie funkcji zabezpieczeń w klastrze opartym na cilium.
| Nazwa |
Typ |
Opis |
|
advancedNetworkPolicies
|
advancedNetworkPolicies
|
Włącz zaawansowane zasady sieciowe. Dzięki temu użytkownicy mogą konfigurować zasady sieciowe warstwy 7 (FQDN, HTTP, Kafka). Zasady muszą być konfigurowane za pośrednictwem zasobów zasad sieciowych cilium, zobacz https://docs.cilium.io/en/latest/security/policy/index.html. Można to włączyć tylko w klastrach opartych na cilium. Jeśli nie zostanie określony, wartość domyślna to FQDN, jeśli wartość security.enabled jest ustawiona na true.
|
|
enabled
|
boolean
|
Ta funkcja umożliwia użytkownikowi konfigurowanie zasad sieciowych na podstawie nazw DNS (FQDN). Można ją włączyć tylko w klastrach opartych na cilium. Jeśli nie zostanie określony, wartość domyślna to false.
|
advancedNetworkPolicies
Wyliczenie
Włącz zaawansowane zasady sieciowe. Dzięki temu użytkownicy mogą konfigurować zasady sieciowe warstwy 7 (FQDN, HTTP, Kafka). Zasady muszą być konfigurowane za pośrednictwem zasobów zasad sieciowych cilium, zobacz https://docs.cilium.io/en/latest/security/policy/index.html. Można to włączyć tylko w klastrach opartych na cilium. Jeśli nie zostanie określony, wartość domyślna to FQDN, jeśli wartość security.enabled jest ustawiona na true.
| Wartość |
Opis |
|
L7
|
Włącz zasady sieciowe warstwy 7 (FQDN, HTTP/S, Kafka). Ta opcja jest nadzbiorem opcji FQDN.
|
|
FQDN
|
Włączanie zasad sieciowych opartych na nazwach FQDN
|
|
None
|
Wyłączanie zasad sieciowych warstwy 7 (FQDN, HTTP/S, Kafka)
|
AgentPoolGatewayProfile
Sprzeciwiać się
Profil puli agentów bramy klastra zarządzanego.
| Nazwa |
Typ |
Wartość domyślna |
Opis |
|
publicIPPrefixSize
|
integer
(int32)
minimum: 28
maximum: 31
|
31
|
Pula agentów bramy kojarzy jeden publiczny adres IPPrefiks dla każdej statycznej bramy ruchu wychodzącego w celu zapewnienia publicznego ruchu wychodzącego. Rozmiar publicznego prefiksu IP należy wybrać przez użytkownika. Każdy węzeł w puli agentów jest przypisywany z jednego adresu IP z prefiksu IP. Rozmiar ipPrefix służy zatem jako limit rozmiaru puli agentów bramy. Ze względu na ograniczenie rozmiaru publicznego adresu IP platformy Azure prawidłowy zakres wartości to [28, 31] (/31 = 2 węzły/adresy IP, /30 = 4 węzły/adresy IP, /29 = 8 węzłów/adresów IP, /28 = 16 węzłów/adresów IP). Wartość domyślna to 31.
|
AgentPoolMode
Wyliczenie
Tryb puli agentów. Klaster musi mieć co najmniej jedną pulę agentów "System" przez cały czas. Aby uzyskać dodatkowe informacje na temat ograniczeń puli agentów i najlepszych rozwiązań, zobacz: https://docs.microsoft.com/azure/aks/use-system-pools
| Wartość |
Opis |
|
System
|
Pule agentów systemowych służą głównie do hostowania krytycznych zasobników systemowych, takich jak CoreDNS i serwer metryk. Systemowe pule agentów osType muszą mieć wartość Linux. Jednostka SKU maszyny wirtualnej pul agentów systemowych musi mieć co najmniej 2 procesory wirtualne i 4 GB pamięci.
|
|
User
|
Pule agentów użytkowników służą głównie do hostowania zasobników aplikacji.
|
|
Gateway
|
Pule agentów bramy są przeznaczone do dostarczania statycznych adresów IP ruchu wychodzącego do zasobników. Aby uzyskać więcej informacji, zobacz https://aka.ms/aks/static-egress-gateway.
|
AgentPoolNetworkProfile
Sprzeciwiać się
Ustawienia sieciowe puli agentów.
| Nazwa |
Typ |
Opis |
|
allowedHostPorts
|
PortRange[]
|
Zakresy portów, do których można uzyskać dostęp. Określone zakresy mogą się nakładać.
|
|
applicationSecurityGroups
|
string[]
(arm-id)
|
Identyfikatory grup zabezpieczeń aplikacji, które pula agentów zostanie skojarzona podczas tworzenia.
|
|
nodePublicIPTags
|
IPTag[]
|
IpTags publicznych adresów IP na poziomie wystąpienia.
|
AgentPoolSecurityProfile
Sprzeciwiać się
Ustawienia zabezpieczeń puli agentów.
| Nazwa |
Typ |
Opis |
|
enableSecureBoot
|
boolean
|
Bezpieczny rozruch to funkcja zaufanego uruchamiania, która zapewnia możliwość rozruchu tylko podpisanych systemów operacyjnych i sterowników. Aby uzyskać więcej informacji, zobacz aka.ms/aks/trustedlaunch. Jeśli nie zostanie określony, wartość domyślna to false.
|
|
enableVTPM
|
boolean
|
VTPM to funkcja zaufanego uruchamiania do konfigurowania dedykowanego bezpiecznego magazynu dla kluczy i pomiarów przechowywanych lokalnie w węźle. Aby uzyskać więcej informacji, zobacz aka.ms/aks/trustedlaunch. Jeśli nie zostanie określony, wartość domyślna to false.
|
|
sshAccess
|
AgentPoolSSHAccess
|
Metoda dostępu SSH puli agentów.
|
AgentPoolSSHAccess
Wyliczenie
Metoda dostępu SSH puli agentów.
| Wartość |
Opis |
|
LocalUser
|
Protokół SSH może znajdować się w węźle jako użytkownik lokalny przy użyciu klucza prywatnego.
|
|
Disabled
|
Usługa SSH zostanie wyłączona w węźle.
|
AgentPoolStatus
Sprzeciwiać się
Zawiera informacje tylko do odczytu dotyczące puli agentów.
| Nazwa |
Typ |
Opis |
|
provisioningError
|
ErrorDetail
|
Szczegółowe informacje o błędzie puli agentów. Zachowuje szczegółowe informacje o niepowodzeniu. Jeśli nie wystąpił błąd, to pole jest pomijane.
|
AgentPoolType
Wyliczenie
Typ puli agentów.
| Wartość |
Opis |
|
VirtualMachineScaleSets
|
Utwórz pulę agentów wspieraną przez zestaw skalowania maszyn wirtualnych.
|
|
AvailabilitySet
|
Korzystanie z tego jest zdecydowanie odradzane.
|
|
VirtualMachines
|
Utwórz pulę agentów wspieraną przez tryb aranżacji maszyny wirtualnej o pojedynczym wystąpieniu.
|
AgentPoolUpgradeSettings
Sprzeciwiać się
Ustawienia uaktualniania puli agentów
| Nazwa |
Typ |
Opis |
|
drainTimeoutInMinutes
|
integer
(int32)
minimum: 1
maximum: 1440
|
Limit czasu opróżniania węzła. Czas oczekiwania (w minutach) na eksmisję zasobników i łagodne zakończenie na węzeł. Ten czas oczekiwania eksmisji honoruje oczekiwanie na budżety zakłóceń zasobników. Jeśli ten czas zostanie przekroczony, uaktualnienie zakończy się niepowodzeniem. Jeśli nie zostanie określony, wartość domyślna to 30 minut.
|
|
maxSurge
|
string
|
Maksymalna liczba lub procent węzłów, które są przesiąknięci podczas uaktualniania. Można to ustawić na liczbę całkowitą (np. "5") lub wartość procentową (np. "50%"). Jeśli określono wartość procentową, jest to procent całkowitego rozmiaru puli agentów w momencie uaktualnienia. W przypadku wartości procentowych węzły ułamkowe są zaokrąglane w górę. Jeśli nie zostanie określony, wartość domyślna to 10%. Aby uzyskać więcej informacji, w tym najlepsze rozwiązania, zobacz: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster
|
|
maxUnavailable
|
string
|
Maksymalna liczba lub procent węzłów, które mogą być jednocześnie niedostępne podczas uaktualniania. Można to ustawić na liczbę całkowitą (np. "1") lub wartość procentową (np. "5%"). Jeśli określono wartość procentową, jest to procent całkowitego rozmiaru puli agentów w momencie uaktualnienia. W przypadku wartości procentowych węzły ułamkowe są zaokrąglane w górę. Jeśli nie zostanie określony, wartość domyślna to 0. Aby uzyskać więcej informacji, w tym najlepsze rozwiązania, zobacz: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster
|
|
nodeSoakDurationInMinutes
|
integer
(int32)
minimum: 0
maximum: 30
|
Czas trwania zanurzania dla węzła. Czas oczekiwania (w minutach) po opróżnieniu węzła i przed ponownym utworzeniem i przejściem do następnego węzła. Jeśli nie zostanie określony, wartość domyślna to 0 minut.
|
|
undrainableNodeBehavior
|
UndrainableNodeBehavior
|
Definiuje zachowanie węzłów niewykonalnych podczas uaktualniania. Najczęstszą przyczyną niedostępnych węzłów jest budżety zakłóceń zasobników (PDB), ale inne problemy, takie jak okres prolongaty zakończenia zasobnika przekracza pozostały limit czasu opróżniania węzła lub zasobnik jest nadal w stanie uruchomienia, może również spowodować niezrównowadzone węzły.
|
AgentPoolWindowsProfile
Sprzeciwiać się
Określony profil puli agentów systemu Windows.
| Nazwa |
Typ |
Opis |
|
disableOutboundNat
|
boolean
|
Określa, czy wyłączyć funkcję OutboundNAT w węzłach systemu Windows. Wartość domyślna to fałsz. Translator adresów sieciowych dla ruchu wychodzącego można wyłączyć tylko wtedy, gdy klaster outboundType jest bramą translatora adresów sieciowych, a pula agentów systemu Windows nie ma włączonego publicznego adresu IP węzła.
|
ArtifactSource
Wyliczenie
Źródło artefaktu. Źródło, z którego są pobierane artefakty.
| Wartość |
Opis |
|
Direct
|
pobieranie obrazów z rejestru artefaktów firmy Microsoft
|
|
Cache
|
pobieranie obrazów z Azure Container Registry za pomocą pamięci podręcznej
|
AutoScalerProfile
Sprzeciwiać się
Parametry, które mają być stosowane do skalowania automatycznego klastra po włączeniu
| Nazwa |
Typ |
Opis |
|
balance-similar-node-groups
|
string
|
Wykrywa podobne pule węzłów i równoważy liczbę węzłów między nimi. Prawidłowe wartości to "true" i "false"
|
|
daemonset-eviction-for-empty-nodes
|
boolean
|
Zasobniki DaemonSet zostaną bezpiecznie zakończone z pustych węzłów. Jeśli ustawiono wartość true, wszystkie zasobniki demonaset w pustych węzłach zostaną wykluczone przed usunięciem węzła. Jeśli zasobnik demona nie może zostać wykluczony z innego węzła, zostanie wybrany do skalowania. Jeśli zostanie ustawiona wartość false, węzeł zostanie usunięty bez upewnienia się, że zasobniki demona są usuwane lub eksmitowane.
|
|
daemonset-eviction-for-occupied-nodes
|
boolean
|
Zasobniki DaemonSet zostaną bezpiecznie zakończone z węzłów, które nie są puste. Jeśli ustawiono wartość true, wszystkie zasobniki demonaset na zajętych węzłach zostaną wykluczone przed usunięciem węzła. Jeśli zasobnik demona nie może zostać wykluczony z innego węzła, zostanie wybrany do skalowania. Jeśli zostanie ustawiona wartość false, węzeł zostanie usunięty bez upewnienia się, że zasobniki demona są usuwane lub eksmitowane.
|
|
expander
|
expander
|
Ekspander do użycia podczas skalowania w górę. Jeśli nie zostanie określony, wartość domyślna to "losowe". Aby uzyskać więcej informacji, zobacz ekspandery .
|
|
ignore-daemonsets-utilization
|
boolean
|
Czy urząd certyfikacji powinien ignorować zasobniki DaemonSet podczas obliczania wykorzystania zasobów na potrzeby skalowania w dół. W przypadku ustawienia wartości true zasoby używane przez demona zostaną uwzględnione podczas podejmowania decyzji dotyczących skalowania w dół.
|
|
max-empty-bulk-delete
|
string
|
Maksymalna liczba pustych węzłów, które można usunąć w tym samym czasie. Musi to być dodatnia liczba całkowita. Wartość domyślna to 10.
|
|
max-graceful-termination-sec
|
string
|
Maksymalna liczba sekund, przez które narzędzie do automatycznego skalowania klastra oczekuje na zakończenie działania zasobnika podczas próby skalowania węzła w dół. Wartość domyślna to 600.
|
|
max-node-provision-time
|
string
|
Maksymalny czas oczekiwania autoskalatora na aprowizowanie węzła. Wartość domyślna to "15m". Wartości muszą być liczbą całkowitą, po której następuje 'm'. Nie jest obsługiwana żadna jednostka czasu innego niż minuty (m).
|
|
max-total-unready-percentage
|
string
|
Maksymalny procent nieprzeczytanych węzłów w klastrze. Po przekroczeniu tej wartości procentowej funkcja automatycznego skalowania klastra zatrzymuje operacje. Wartość domyślna to 45. Wartość maksymalna to 100, a wartość minimalna to 0.
|
|
new-pod-scale-up-delay
|
string
|
Ignoruj niezaplanowane zasobniki, zanim będą w pewnym wieku. W przypadku scenariuszy, takich jak skalowanie wsadowe/ wsadowe, w których nie chcesz, aby urząd certyfikacji działał przed zaplanowaniem harmonogramu kubernetes, można poinformować urząd certyfikacji, aby ignorował nieplanowane zasobniki przed upływem określonego wieku. Wartość domyślna to "0s". Wartości muszą być liczbą całkowitą, po której następuje jednostka (w sekundach, "m" przez minuty, "h" przez godziny itp.).
|
|
ok-total-unready-count
|
string
|
Liczba dozwolonych nieprzeczytanych węzłów niezależnie od maksymalnej liczby nieprzeczytanych wartości procentowych. Musi to być liczba całkowita. Wartość domyślna to 3.
|
|
scale-down-delay-after-add
|
string
|
Jak długo po skalowaniu w górę wznawia się ocena skalowania w dół. Wartość domyślna to "10m". Wartości muszą być liczbą całkowitą, po której następuje 'm'. Nie jest obsługiwana żadna jednostka czasu innego niż minuty (m).
|
|
scale-down-delay-after-delete
|
string
|
Jak długo po usunięciu węzła wznawiana jest ocena redukcji liczby węzłów. Wartość domyślna to interwał skanowania. Wartości muszą być liczbą całkowitą, po której następuje 'm'. Nie jest obsługiwana żadna jednostka czasu innego niż minuty (m).
|
|
scale-down-delay-after-failure
|
string
|
Jak długo po awarii skalowania w dół wznawiana jest ocena skalowania w dół. Wartość domyślna to "3m". Wartości muszą być liczbą całkowitą, po której następuje 'm'. Nie jest obsługiwana żadna jednostka czasu innego niż minuty (m).
|
|
scale-down-unneeded-time
|
string
|
Jak długo węzeł powinien być niepotrzebny, zanim kwalifikuje się do skalowania w dół. Wartość domyślna to "10m". Wartości muszą być liczbą całkowitą, po której następuje 'm'. Nie jest obsługiwana żadna jednostka czasu innego niż minuty (m).
|
|
scale-down-unready-time
|
string
|
Jak długo niegotowy węzeł powinien być niepotrzebny, zanim będzie kwalifikował się do skalowania w dół. Wartość domyślna to "20m". Wartości muszą być liczbą całkowitą, po której następuje 'm'. Nie jest obsługiwana żadna jednostka czasu innego niż minuty (m).
|
|
scale-down-utilization-threshold
|
string
|
Poziom wykorzystania węzła zdefiniowany jako suma żądanych zasobów podzielonych przez pojemność, poniżej którego węzeł można rozważyć pod kątem skalowania w dół. Wartość domyślna to "0,5".
|
|
scan-interval
|
string
|
Częstotliwość ponownego oceny klastra w celu skalowania w górę lub w dół. Wartość domyślna to "10". Wartości muszą być liczbą całkowitą sekund.
|
|
skip-nodes-with-local-storage
|
string
|
Jeśli narzędzie do automatycznego skalowania klastra pominie usuwanie węzłów z zasobnikami z magazynem lokalnym, na przykład EmptyDir lub HostPath. Wartość domyślna to true.
|
|
skip-nodes-with-system-pods
|
string
|
Jeśli automatyczne skalowanie klastra pominie usuwanie węzłów z zasobnikami z kube-system (z wyjątkiem DaemonSet lub dublowanych zasobników). Wartość domyślna to true.
|
AzureKeyVaultKms
Sprzeciwiać się
Ustawienia usługi zarządzania kluczami usługi Azure Key Vault dla profilu zabezpieczeń.
| Nazwa |
Typ |
Wartość domyślna |
Opis |
|
enabled
|
boolean
|
|
Czy włączyć usługę zarządzania kluczami usługi Azure Key Vault. Wartość domyślna to false.
|
|
keyId
|
string
|
|
Identyfikator klucza usługi Azure Key Vault. Aby uzyskać więcej informacji, zobacz format identyfikatora klucza . Po włączeniu usługi zarządzania kluczami usługi Azure Key Vault to pole jest wymagane i musi być prawidłowym identyfikatorem klucza. Gdy usługa zarządzania kluczami usługi Azure Key Vault jest wyłączona, pozostaw pole puste.
|
|
keyVaultNetworkAccess
|
KeyVaultNetworkAccessTypes
|
Public
|
Dostęp do sieci magazynu kluczy. Dostęp sieciowy do magazynu kluczy. Możliwe wartości to Public i Private.
Public oznacza, że magazyn kluczy umożliwia dostęp publiczny ze wszystkich sieci.
Private oznacza, że magazyn kluczy wyłącza dostęp publiczny i włącza łącze prywatne. Domyślna wartość to Public.
|
|
keyVaultResourceId
|
string
(arm-id)
|
|
Identyfikator zasobu magazynu kluczy. Jeśli parametr keyVaultNetworkAccess to Private, to pole jest wymagane i musi być prawidłowym identyfikatorem zasobu. Gdy parametr keyVaultNetworkAccess to Public, pozostaw pole puste.
|
BackendPoolType
Wyliczenie
Typ zarządzanej puli zaplecza modułu równoważenia obciążenia dla ruchu przychodzącego.
ClusterUpgradeSettings
Sprzeciwiać się
Ustawienia uaktualniania klastra.
code
Wyliczenie
Informuje, czy klaster jest uruchomiony, czy zatrzymany
| Wartość |
Opis |
|
Running
|
Klaster jest uruchomiony.
|
|
Stopped
|
Klaster zostanie zatrzymany.
|
ContainerServiceLinuxProfile
Sprzeciwiać się
Profil maszyn wirtualnych z systemem Linux w klastrze usługi kontenera.
| Nazwa |
Typ |
Opis |
|
adminUsername
|
string
pattern: ^[A-Za-z][-A-Za-z0-9_]*$
|
Nazwa użytkownika administratora używana dla maszyn wirtualnych z systemem Linux.
|
|
ssh
|
ContainerServiceSshConfiguration
|
Konfiguracja SSH dla maszyn wirtualnych z systemem Linux uruchomionych na platformie Azure.
|
ContainerServiceNetworkProfile
Sprzeciwiać się
Profil konfiguracji sieci.
| Nazwa |
Typ |
Wartość domyślna |
Opis |
|
advancedNetworking
|
AdvancedNetworking
|
|
Zaawansowany profil sieci umożliwiający obserwowanie i pakiet funkcji zabezpieczeń w klastrze. Aby uzyskać więcej informacji, zobacz aka.ms/aksadvancednetworking.
|
|
dnsServiceIP
|
string
pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
|
10.0.0.10
|
Adres IP przypisany do usługi DNS Kubernetes. Musi znajdować się w zakresie adresów usługi Kubernetes określonym w usłudze ServiceCidr.
|
|
ipFamilies
|
ipFamily[]
|
|
Rodziny adresów IP używane do określania wersji adresów IP dostępnych dla klastra. Rodziny adresów IP służą do określania klastrów z jednym stosem lub dwoma stosami. W przypadku pojedynczego stosu oczekiwana wartość to IPv4. W przypadku dwóch stosów oczekiwane wartości to IPv4 i IPv6.
|
|
loadBalancerProfile
|
ManagedClusterLoadBalancerProfile
|
|
Profil modułu równoważenia obciążenia klastra.
|
|
loadBalancerSku
|
loadBalancerSku
|
|
Jednostka SKU modułu równoważenia obciążenia dla klastra zarządzanego. Wartość domyślna to "Standardowa". Aby uzyskać więcej informacji na temat różnic między jednostkami SKU modułu równoważenia obciążenia, zobacz Jednostki SKU usługi Azure Load Balancer .
|
|
natGatewayProfile
|
ManagedClusterNATGatewayProfile
|
|
Profil bramy translatora adresów sieciowych klastra.
|
|
networkDataplane
|
networkDataplane
|
|
Plan danych sieci używany w klastrze Kubernetes.
|
|
networkMode
|
networkMode
|
|
Tryb sieciowy platformy Azure CNI jest skonfigurowany za pomocą polecenia . Nie można tego określić, jeśli parametr networkPlugin jest inny niż "azure".
|
|
networkPlugin
|
NetworkPlugin
|
|
Wtyczka sieci używana do tworzenia sieci Kubernetes.
|
|
networkPluginMode
|
NetworkPluginMode
|
|
Tryb, który ma być używany przez wtyczkę sieci.
|
|
networkPolicy
|
NetworkPolicy
|
|
Zasady sieci używane do tworzenia sieci Kubernetes.
|
|
outboundType
|
outboundType
|
loadBalancer
|
Metoda routingu ruchu wychodzącego (wychodzącego). Można to ustawić tylko w czasie tworzenia klastra i nie można go zmienić później. Aby uzyskać więcej informacji, zobacz typ ruchu wychodzącego wychodzącego.
|
|
podCidr
|
string
pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
|
10.244.0.0/16
|
Zakres adresów IP notacji CIDR, z którego można przypisać adresy IP zasobników podczas użycia rozwiązania kubenet.
|
|
podCidrs
|
string[]
|
|
Adres IP notacji CIDR zawiera zakresy adresów IP, z których mają zostać przypisane adresy IP zasobników. Oczekiwano jednej trasy CIDR protokołu IPv4 dla sieci z jednym stosem. Dla każdej rodziny adresów IP (IPv4/IPv6) są oczekiwane dwa elementy CIDRs, po jednej dla sieci z podwójnym stosem.
|
|
serviceCidr
|
string
pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
|
10.0.0.0/16
|
Zakres adresów IP notacji CIDR, z którego chcesz przypisać adresy IP klastra usług. Nie może pokrywać się z żadnymi zakresami adresów IP podsieci.
|
|
serviceCidrs
|
string[]
|
|
Adres IP notacji CIDR zawiera zakresy adresów IP, z których należy przypisać adresy IP klastra usług. Oczekiwano jednej trasy CIDR protokołu IPv4 dla sieci z jednym stosem. Dla każdej rodziny adresów IP (IPv4/IPv6) są oczekiwane dwa elementy CIDRs, po jednej dla sieci z podwójnym stosem. Nie mogą nakładać się na żadne zakresy adresów IP podsieci.
|
|
staticEgressGatewayProfile
|
ManagedClusterStaticEgressGatewayProfile
|
|
Profil dodatku usługi Static Egress Gateway. Aby uzyskać więcej informacji na temat statycznej bramy ruchu wychodzącego, zobacz https://aka.ms/aks/static-egress-gateway.
|
ContainerServiceSshConfiguration
Sprzeciwiać się
Konfiguracja protokołu SSH dla maszyn wirtualnych z systemem Linux uruchomionych na platformie Azure.
| Nazwa |
Typ |
Opis |
|
publicKeys
|
ContainerServiceSshPublicKey[]
|
Lista kluczy publicznych SSH używanych do uwierzytelniania za pomocą maszyn wirtualnych opartych na systemie Linux. Można określić maksymalnie 1 klucz.
|
ContainerServiceSshPublicKey
Sprzeciwiać się
Zawiera informacje o danych klucza publicznego certyfikatu SSH.
| Nazwa |
Typ |
Opis |
|
keyData
|
string
|
Klucz publiczny certyfikatu używany do uwierzytelniania za pomocą maszyn wirtualnych za pośrednictwem protokołu SSH. Certyfikat musi być w formacie PEM z nagłówkami lub bez.
|
createdByType
Wyliczenie
Typ tożsamości, która utworzyła zasób.
| Wartość |
Opis |
|
User
|
|
|
Application
|
|
|
ManagedIdentity
|
|
|
Key
|
|
CreationData
Sprzeciwiać się
Dane używane podczas tworzenia zasobu docelowego na podstawie zasobu źródłowego.
| Nazwa |
Typ |
Opis |
|
sourceResourceId
|
string
(arm-id)
|
Jest to identyfikator ARM obiektu źródłowego, który ma zostać użyty do utworzenia obiektu docelowego.
|
DelegatedResource
Sprzeciwiać się
Właściwości delegowanego zasobu — tylko do użytku wewnętrznego.
| Nazwa |
Typ |
Opis |
|
location
|
string
|
Lokalizacja zasobu źródłowego — tylko do użytku wewnętrznego.
|
|
referralResource
|
string
|
Identyfikator delegowania delegowania odwołania (opcjonalnie) — tylko użycie wewnętrzne.
|
|
resourceId
|
string
|
Identyfikator zasobu usługi ARM delegowanego zasobu — tylko do użytku wewnętrznego.
|
|
tenantId
|
string
(uuid)
|
Identyfikator dzierżawy delegowanego zasobu — tylko do użytku wewnętrznego.
|
ErrorAdditionalInfo
Sprzeciwiać się
Dodatkowe informacje o błędzie zarządzania zasobami.
| Nazwa |
Typ |
Opis |
|
info
|
object
|
Dodatkowe informacje.
|
|
type
|
string
|
Dodatkowy typ informacji.
|
ErrorDetail
Sprzeciwiać się
Szczegóły błędu.
| Nazwa |
Typ |
Opis |
|
additionalInfo
|
ErrorAdditionalInfo[]
|
Dodatkowe informacje o błędzie.
|
|
code
|
string
|
Kod błędu.
|
|
details
|
ErrorDetail[]
|
Szczegóły błędu.
|
|
message
|
string
|
Komunikat o błędzie.
|
|
target
|
string
|
Element docelowy błędu.
|
ErrorResponse
Sprzeciwiać się
Odpowiedź na błąd
expander
Wyliczenie
Ekspander do użycia podczas skalowania w górę. Jeśli nie zostanie określony, wartość domyślna to "losowe". Aby uzyskać więcej informacji, zobacz ekspandery .
| Wartość |
Opis |
|
least-waste
|
Wybiera grupę węzłów, która będzie miała najmniej bezczynnego procesora CPU (jeśli jest związana, nieużywana pamięć) po skalowaniu w górę. Jest to przydatne, gdy masz różne klasy węzłów, na przykład wysokie użycie procesora CPU lub wysokie węzły pamięci i chcesz rozszerzyć je tylko wtedy, gdy są oczekujące zasobniki, które wymagają dużej ilości tych zasobów.
|
|
most-pods
|
Wybiera grupę węzłów, która będzie w stanie zaplanować najwięcej zasobników podczas skalowania w górę. Jest to przydatne, gdy używasz narzędzia nodeSelector, aby upewnić się, że niektóre zasobniki znajdują się w niektórych węzłach. Należy pamiętać, że nie spowoduje to wybrania większego węzła w porównaniu z mniejszymi węzłami, ponieważ może jednocześnie dodać wiele mniejszych węzłów.
|
|
priority
|
Wybiera grupę węzłów o najwyższym priorytecie przypisanym przez użytkownika. Konfiguracja została opisana w więcej szczegółów tutaj.
|
|
random
|
Używane, gdy nie masz szczególnej potrzeby skalowania grup węzłów w inny sposób.
|
ExtendedLocation
Sprzeciwiać się
Typ złożony lokalizacji rozszerzonej.
| Nazwa |
Typ |
Opis |
|
name
|
string
|
Nazwa lokalizacji rozszerzonej.
|
|
type
|
ExtendedLocationTypes
|
Typ lokalizacji rozszerzonej.
|
ExtendedLocationTypes
Wyliczenie
Typ lokalizacji rozszerzonej.
GPUDriver
Wyliczenie
Czy zainstalować sterowniki procesora GPU. Jeśli nie zostanie określony, wartość domyślna to Install (Zainstaluj).
| Wartość |
Opis |
|
Install
|
Zainstaluj sterownik.
|
|
None
|
Pomiń instalację sterownika.
|
GPUInstanceProfile
Wyliczenie
GpuInstanceProfile do użycia w celu określenia profilu wystąpienia migracji procesora GPU dla obsługiwanej jednostki SKU maszyny wirtualnej procesora GPU.
| Wartość |
Opis |
|
MIG1g
|
|
|
MIG2g
|
|
|
MIG3g
|
|
|
MIG4g
|
|
|
MIG7g
|
|
GPUProfile
Sprzeciwiać się
Ustawienia procesora GPU dla puli agentów.
| Nazwa |
Typ |
Opis |
|
driver
|
GPUDriver
|
Czy zainstalować sterowniki procesora GPU. Jeśli nie zostanie określony, wartość domyślna to Install (Zainstaluj).
|
Identity
Sprzeciwiać się
Tożsamość zasobu.
| Nazwa |
Typ |
Opis |
|
principalId
|
string
(uuid)
|
Identyfikator podmiotu zabezpieczeń tożsamości zasobu. Wartość musi być identyfikatorem UUID.
|
|
tenantId
|
string
(uuid)
|
Identyfikator dzierżawy zasobu. Wartość musi być identyfikatorem UUID.
|
|
type
|
ResourceIdentityType
|
Typ tożsamości.
|
ipFamily
Wyliczenie
Rodziny adresów IP używane do określania wersji adresów IP dostępnych dla klastra. Rodziny adresów IP służą do określania klastrów z jednym stosem lub dwoma stosami. W przypadku pojedynczego stosu oczekiwana wartość to IPv4. W przypadku dwóch stosów oczekiwane wartości to IPv4 i IPv6.
IPTag
Sprzeciwiać się
Zawiera element IPTag skojarzony z obiektem .
| Nazwa |
Typ |
Opis |
|
ipTagType
|
string
|
Typ tagu IP. Przykład: RoutingPreference.
|
|
tag
|
string
|
Wartość tagu IP skojarzonego z publicznym adresem IP. Przykład: Internet.
|
IstioCertificateAuthority
Sprzeciwiać się
Konfiguracja urzędu certyfikacji usługi Istio Service Mesh. Na razie obsługujemy tylko certyfikaty wtyczek zgodnie z opisem w tym https://aka.ms/asm-plugin-ca
IstioComponents
Sprzeciwiać się
Konfiguracja składników istio.
IstioEgressGateway
Sprzeciwiać się
Konfiguracja bramy ruchu wychodzącego Istio.
| Nazwa |
Typ |
Opis |
|
enabled
|
boolean
|
Czy włączyć bramę ruchu wychodzącego.
|
|
gatewayConfigurationName
|
string
|
Nazwa zasobu niestandardowego konfiguracji bramy dla bramy ruchu wychodzącego dodatku Istio. Należy określić podczas włączania bramy ruchu wychodzącego Istio. Należy wdrożyć w tej samej przestrzeni nazw, w których zostanie wdrożona brama ruchu wychodzącego Istio.
|
|
name
|
string
pattern: [a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*
|
Nazwa bramy ruchu wychodzącego dodatku Istio.
|
|
namespace
|
string
|
Przestrzeń nazw, w ramach którego powinna zostać wdrożona brama ruchu wychodzącego dodatku Istio. Jeśli nie określono, wartość domyślna to aks-istio-egress.
|
IstioIngressGateway
Sprzeciwiać się
Konfiguracja bramy ruchu przychodzącego istio. Na razie obsługujemy maksymalnie jedną zewnętrzną bramę ruchu przychodzącego o nazwie aks-istio-ingressgateway-external i jedną wewnętrzną bramę ruchu przychodzącego o nazwie aks-istio-ingressgateway-internal.
| Nazwa |
Typ |
Opis |
|
enabled
|
boolean
|
Czy włączyć bramę ruchu przychodzącego.
|
|
mode
|
IstioIngressGatewayMode
|
Tryb bramy ruchu przychodzącego.
|
IstioIngressGatewayMode
Wyliczenie
Tryb bramy ruchu przychodzącego.
| Wartość |
Opis |
|
External
|
Brama ruchu przychodzącego ma przypisany publiczny adres IP i jest publicznie dostępna.
|
|
Internal
|
Brama ruchu przychodzącego ma przypisany wewnętrzny adres IP i nie można uzyskać publicznego dostępu.
|
IstioPluginCertificateAuthority
Sprzeciwiać się
Informacje o certyfikatach wtyczki dla usługi Service Mesh.
| Nazwa |
Typ |
Opis |
|
certChainObjectName
|
string
|
Nazwa obiektu łańcucha certyfikatów w usłudze Azure Key Vault.
|
|
certObjectName
|
string
|
Nazwa obiektu certyfikatu pośredniego w usłudze Azure Key Vault.
|
|
keyObjectName
|
string
|
Nazwa obiektu klucza prywatnego certyfikatu pośredniego w usłudze Azure Key Vault.
|
|
keyVaultId
|
string
(arm-id)
|
Identyfikator zasobu usługi Key Vault.
|
|
rootCertObjectName
|
string
|
Nazwa obiektu certyfikatu głównego w usłudze Azure Key Vault.
|
IstioServiceMesh
Sprzeciwiać się
Konfiguracja siatki usługi Istio.
KeyVaultNetworkAccessTypes
Wyliczenie
Dostęp do sieci magazynu kluczy. Dostęp sieciowy do magazynu kluczy. Możliwe wartości to Public i Private.
Public oznacza, że magazyn kluczy umożliwia dostęp publiczny ze wszystkich sieci.
Private oznacza, że magazyn kluczy wyłącza dostęp publiczny i włącza łącze prywatne. Domyślna wartość to Public.
| Wartość |
Opis |
|
Public
|
|
|
Private
|
|
KubeletConfig
Sprzeciwiać się
Konfiguracje usługi Kubelet węzłów agenta. Aby uzyskać więcej informacji, zobacz konfiguracji niestandardowego węzła usługi AKS.
| Nazwa |
Typ |
Opis |
|
allowedUnsafeSysctls
|
string[]
|
Dozwolona lista niebezpiecznych wzorców sysctl lub niebezpiecznych wzorców sysctl (kończących się na ).*
|
|
containerLogMaxFiles
|
integer
(int32)
minimum: 2
|
Maksymalna liczba plików dziennika kontenera, które mogą być obecne dla kontenera. Liczba musi być ≥ 2.
|
|
containerLogMaxSizeMB
|
integer
(int32)
|
Maksymalny rozmiar (np. 10Mi) pliku dziennika kontenera przed jego obróceniu.
|
|
cpuCfsQuota
|
boolean
|
Jeśli wymuszanie limitów przydziału procesora CPU CFS jest włączone dla kontenerów, które określają limity procesora CPU. Wartość domyślna to true.
|
|
cpuCfsQuotaPeriod
|
string
|
Wartość okresu limitu przydziału procesora CPU CFS. Wartość domyślna to "100 ms". Prawidłowe wartości to sekwencja liczb dziesiętnych z opcjonalnym ułamkiem i sufiksem jednostki. Na przykład: "300 ms", "2h45m". Obsługiwane jednostki to "ns", "us", "ms", "s", "m" i "h".
|
|
cpuManagerPolicy
|
string
|
Zasady menedżera procesora CPU do użycia. Wartość domyślna to "none". Aby uzyskać więcej informacji, zobacz Zasady zarządzania procesorami CPU platformy Kubernetes . Dozwolone wartości to "none" i "static".
|
|
failSwapOn
|
boolean
|
Jeśli ustawiono wartość true, uruchomienie polecenia Kubelet zakończy się niepowodzeniem, jeśli zamiana jest włączona w węźle.
|
|
imageGcHighThreshold
|
integer
(int32)
|
Procent użycia dysku, po którym odzyskiwanie pamięci obrazu jest zawsze uruchamiane. Aby wyłączyć odzyskiwanie pamięci obrazu, ustaw wartość 100. Wartość domyślna to 85%
|
|
imageGcLowThreshold
|
integer
(int32)
|
Procent użycia dysku, przed którym odzyskiwanie pamięci obrazu nigdy nie jest uruchamiane. Nie można ustawić tej wartości wyższej niż imageGcHighThreshold. Wartość domyślna to 80%
|
|
podMaxPids
|
integer
(int32)
|
Maksymalna liczba procesów na zasobnik.
|
|
topologyManagerPolicy
|
string
|
Zasady Menedżera topologii do użycia. Aby uzyskać więcej informacji, zobacz Kubernetes Topology Manager. Wartość domyślna to "none". Dozwolone wartości to "none", "best-effort", "restricted" i "single-numa-node".
|
KubeletDiskType
Wyliczenie
Określa umieszczanie woluminów emptyDir, katalogu głównego danych środowiska uruchomieniowego kontenera i magazynu efemerycznego Kubelet.
| Wartość |
Opis |
|
OS
|
Kubelet użyje dysku systemu operacyjnego dla swoich danych.
|
|
Temporary
|
Kubelet użyje dysku tymczasowego dla swoich danych.
|
KubernetesSupportPlan
Wyliczenie
Różne warstwy pomocy technicznej dla klastrów zarządzanych przez usługę AKS
| Wartość |
Opis |
|
KubernetesOfficial
|
Obsługa wersji jest taka sama jak w przypadku oferty Kubernetes typu open source. Oficjalne wersje pomocy technicznej społeczności open source platformy Kubernetes przez 1 rok po wydaniu.
|
|
AKSLongTermSupport
|
Wsparcie dla wersji przedłużyło się poza KubernetesOficjalne wsparcie przez 1 rok. Usługa AKS nadal poprawia CVEs przez kolejny 1 rok, przez łącznie 2 lata wsparcia.
|
licenseType
Wyliczenie
Typ licencji do użycia dla maszyn wirtualnych z systemem Windows. Aby uzyskać więcej informacji, zobacz Korzyści użytkownika hybrydowego platformy Azure .
| Wartość |
Opis |
|
None
|
Nie są stosowane żadne dodatkowe licencje.
|
|
Windows_Server
|
Włącza korzyści dla użytkowników hybrydowych platformy Azure dla maszyn wirtualnych z systemem Windows.
|
LinuxOSConfig
Sprzeciwiać się
Konfiguracje systemu operacyjnego węzłów agenta systemu Linux. Aby uzyskać więcej informacji, zobacz konfiguracji niestandardowego węzła usługi AKS.
| Nazwa |
Typ |
Opis |
|
swapFileSizeMB
|
integer
(int32)
|
Rozmiar w MB pliku wymiany, który zostanie utworzony w każdym węźle.
|
|
sysctls
|
SysctlConfig
|
Ustawienia sysctl dla węzłów agenta systemu Linux.
|
|
transparentHugePageDefrag
|
string
|
Czy jądro powinno zwiększyć wykorzystanie kompaktowania pamięci w celu udostępnienia większej liczby ogromnych stron. Prawidłowe wartości to "always", "defer", "defer+madvise", "madvise" i "never". Wartość domyślna to "madvise". Aby uzyskać więcej informacji, zobacz Transparent Hugepages.
|
|
transparentHugePageEnabled
|
string
|
Czy włączono przezroczyste ogromne strony. Prawidłowe wartości to "always", "madvise" i "never". Wartość domyślna to "zawsze". Aby uzyskać więcej informacji, zobacz Transparent Hugepages.
|
loadBalancerSku
Wyliczenie
Jednostka SKU modułu równoważenia obciążenia dla klastra zarządzanego. Wartość domyślna to "Standardowa". Aby uzyskać więcej informacji na temat różnic między jednostkami SKU modułu równoważenia obciążenia, zobacz Jednostki SKU usługi Azure Load Balancer .
| Wartość |
Opis |
|
standard
|
Użyj standardowego Load Balancera. Jest to zalecana jednostka SKU modułu równoważenia obciążenia. Aby uzyskać więcej informacji na temat pracy z modułem równoważenia obciążenia w klastrze zarządzanym, zobacz artykuł standardowego modułu równoważenia obciążenia.
|
|
basic
|
Użyj podstawowego Load Balancera o ograniczonej funkcjonalności.
|
LocalDNSForwardDestination
Wyliczenie
Serwer docelowy dla zapytań DNS, które mają być przekazywane z lokalnego DNS.
| Wartość |
Opis |
|
ClusterCoreDNS
|
Przekazywanie zapytań DNS z lokalnego systemu DNS do klastra CoreDNS.
|
|
VnetDNS
|
Przekazywanie zapytań DNS z lokalnego systemu DNS do serwera DNS skonfigurowanego w sieci wirtualnej. Sieć wirtualna może mieć skonfigurowanych wiele serwerów DNS.
|
LocalDNSForwardPolicy
Wyliczenie
Zasady przekazywania służące do wybierania nadrzędnego serwera DNS. Zobacz wtyczkę do przekazywania , aby uzyskać więcej informacji.
| Wartość |
Opis |
|
Sequential
|
Implementuje sekwencyjny wybór nadrzędnego serwera DNS. Zobacz wtyczkę do przekazywania , aby uzyskać więcej informacji.
|
|
RoundRobin
|
Implementuje wybór nadrzędnego serwera DNS działającego okrężnie. Zobacz wtyczkę do przekazywania , aby uzyskać więcej informacji.
|
|
Random
|
Implementuje losowy wybór nadrzędnego serwera DNS. Zobacz wtyczkę do przekazywania , aby uzyskać więcej informacji.
|
LocalDNSMode
Wyliczenie
Tryb włączania dla localDNS.
| Wartość |
Opis |
|
Preferred
|
Jeśli bieżąca wersja programu Orchestrator obsługuje tę funkcję, preferuj włączenie localDNS.
|
|
Required
|
Włącz localDNS.
|
|
Disabled
|
Wyłącz localDNS.
|
LocalDNSOverride
Sprzeciwiać się
Przesłonięcia dla profilu localDNS.
| Nazwa |
Typ |
Wartość domyślna |
Opis |
|
cacheDurationInSeconds
|
integer
(int32)
|
3600
|
Maksymalny czas wygaśnięcia pamięci podręcznej w kilka sekund. Zobacz wtyczkę pamięci podręcznej , aby uzyskać więcej informacji.
|
|
forwardDestination
|
LocalDNSForwardDestination
|
ClusterCoreDNS
|
Serwer docelowy dla zapytań DNS, które mają być przekazywane z lokalnego DNS.
|
|
forwardPolicy
|
LocalDNSForwardPolicy
|
Sequential
|
Zasady przekazywania służące do wybierania nadrzędnego serwera DNS. Zobacz wtyczkę do przekazywania , aby uzyskać więcej informacji.
|
|
maxConcurrent
|
integer
(int32)
|
1000
|
Maksymalna liczba współbieżnych zapytań. Zobacz wtyczkę do przekazywania , aby uzyskać więcej informacji.
|
|
protocol
|
LocalDNSProtocol
|
PreferUDP
|
Wymuszaj protokół TCP lub preferuj protokół UDP dla połączeń z lokalnego serwera DNS do nadrzędnego serwera DNS.
|
|
queryLogging
|
LocalDNSQueryLogging
|
Error
|
Poziom dziennika dla zapytań DNS w localDNS.
|
|
serveStale
|
LocalDNSServeStale
|
Immediate
|
Zasady obsługi starych danych. Zobacz wtyczkę pamięci podręcznej , aby uzyskać więcej informacji.
|
|
serveStaleDurationInSeconds
|
integer
(int32)
|
3600
|
Podawaj nieświeży czas trwania w kilka sekund. Zobacz wtyczkę pamięci podręcznej , aby uzyskać więcej informacji.
|
LocalDNSProfile
Sprzeciwiać się
Konfiguruje lokalny system DNS dla poszczególnych węzłów z przesłonięciami VnetDNS i KubeDNS. LocalDNS pomaga zwiększyć wydajność i niezawodność rozpoznawania nazw DNS w klastrze usługi AKS. Aby uzyskać więcej informacji, zobacz aka.ms/aks/localdns.
| Nazwa |
Typ |
Wartość domyślna |
Opis |
|
kubeDNSOverrides
|
<string,
LocalDNSOverride>
|
|
Przesłonięcia KubeDNS mają zastosowanie do ruchu DNS z zasobników z dnsPolicy:ClusterFirst (określanym jako ruch KubeDNS).
|
|
mode
|
LocalDNSMode
|
Preferred
|
Tryb włączania dla localDNS.
|
|
state
|
LocalDNSState
|
|
Wygenerowany przez system stan localDNS.
|
|
vnetDNSOverrides
|
<string,
LocalDNSOverride>
|
|
Przesłonięcia VnetDNS mają zastosowanie do ruchu DNS z zasobników z dnsPolicy:default lub kubelet (określanych jako ruch VnetDNS).
|
LocalDNSProtocol
Wyliczenie
Wymuszaj protokół TCP lub preferuj protokół UDP dla połączeń z lokalnego serwera DNS do nadrzędnego serwera DNS.
| Wartość |
Opis |
|
PreferUDP
|
Preferowany protokół UDP dla połączeń z lokalnego serwera DNS do nadrzędnego serwera DNS.
|
|
ForceTCP
|
Wymuszaj protokół TCP dla połączeń z lokalnego serwera DNS do nadrzędnego serwera DNS.
|
LocalDNSQueryLogging
Wyliczenie
Poziom dziennika dla zapytań DNS w localDNS.
| Wartość |
Opis |
|
Error
|
Włącza rejestrowanie błędów w localDNS. Zobacz wtyczkę błędów , aby uzyskać więcej informacji.
|
|
Log
|
Włącza rejestrowanie zapytań w localDNS. Aby uzyskać więcej informacji, zobacz wtyczkę dziennika .
|
LocalDNSServeStale
Wyliczenie
Zasady obsługi starych danych. Zobacz wtyczkę pamięci podręcznej , aby uzyskać więcej informacji.
| Wartość |
Opis |
|
Verify
|
Obsługuj nieaktualne dane z weryfikacją. Najpierw sprawdź, czy wpis jest nadal niedostępny w źródle przed wysłaniem wygasłego wpisu do klienta. Zobacz wtyczkę pamięci podręcznej , aby uzyskać więcej informacji.
|
|
Immediate
|
Natychmiast obsługuj przestarzałe dane. Wyślij wygasły wpis do klienta przed sprawdzeniem, czy wpis jest dostępny w źródle. Zobacz wtyczkę pamięci podręcznej , aby uzyskać więcej informacji.
|
|
Disable
|
Wyłącz obsługę starych danych.
|
LocalDNSState
Wyliczenie
Wygenerowany przez system stan localDNS.
| Wartość |
Opis |
|
Enabled
|
localDNS jest włączony.
|
|
Disabled
|
localDNS jest wyłączony.
|
ManagedCluster
Sprzeciwiać się
Klaster zarządzany.
| Nazwa |
Typ |
Opis |
|
eTag
|
string
|
Unikatowy ciąg tylko do odczytu używany do implementowania optymistycznej współbieżności. Wartość elementu eTag zmieni się po zaktualizowaniu zasobu. Określ nagłówek if-match lub if-none-match z wartością eTag dla kolejnego żądania, aby włączyć optymistyczną współbieżność zgodnie z normalną konwencją eTag.
|
|
extendedLocation
|
ExtendedLocation
|
Rozszerzona lokalizacja maszyny wirtualnej.
|
|
id
|
string
(arm-id)
|
W pełni kwalifikowany identyfikator zasobu dla zasobu. Np. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
|
|
identity
|
ManagedClusterIdentity
|
Tożsamość klastra zarządzanego, jeśli jest skonfigurowana.
|
|
kind
|
string
|
Jest to używane głównie do uwidaczniania różnych środowisk interfejsu użytkownika w portalu dla różnych rodzajów
|
|
location
|
string
|
Lokalizacja geograficzna, w której znajduje się zasób
|
|
name
|
string
|
Nazwa zasobu
|
|
properties.aadProfile
|
ManagedClusterAADProfile
|
Konfiguracja usługi Azure Active Directory.
|
|
properties.addonProfiles
|
<string,
ManagedClusterAddonProfile>
|
Profil dodatku klastra zarządzanego.
|
|
properties.agentPoolProfiles
|
ManagedClusterAgentPoolProfile[]
|
Właściwości puli agentów.
|
|
properties.aiToolchainOperatorProfile
|
ManagedClusterAIToolchainOperatorProfile
|
Ustawienia operatora łańcucha narzędzi sztucznej inteligencji, które mają zastosowanie do całego klastra.
|
|
properties.apiServerAccessProfile
|
ManagedClusterAPIServerAccessProfile
|
Profil dostępu dla serwera interfejsu API klastra zarządzanego.
|
|
properties.autoScalerProfile
|
AutoScalerProfile
|
Parametry, które mają być stosowane do skalowania automatycznego klastra po włączeniu
|
|
properties.autoUpgradeProfile
|
ManagedClusterAutoUpgradeProfile
|
Konfiguracja automatycznego uaktualniania.
|
|
properties.azureMonitorProfile
|
ManagedClusterAzureMonitorProfile
|
Profile dodatków usługi Azure Monitor do monitorowania klastra zarządzanego.
|
|
properties.azurePortalFQDN
|
string
|
Specjalna nazwa FQDN używana przez witrynę Azure Portal do uzyskiwania dostępu do klastra zarządzanego. Ta nazwa FQDN jest używana tylko przez witrynę Azure Portal i nie powinna być używana przez innych klientów. Witryna Azure Portal wymaga wysłania niektórych nagłówków współużytkowania zasobów między źródłami (CORS, Cross-Origin Resource Sharing) w niektórych odpowiedziach, które platforma Kubernetes APIServer nie obsługuje domyślnie. Ta specjalna nazwa FQDN obsługuje mechanizm CORS, co umożliwia prawidłowe działanie witryny Azure Portal.
|
|
properties.bootstrapProfile
|
ManagedClusterBootstrapProfile
|
Profil konfiguracji uruchamiania klastra.
|
|
properties.currentKubernetesVersion
|
string
|
Wersja rozwiązania Kubernetes, na którym działa klaster zarządzany. Jeśli parametr kubernetesVersion był w pełni określoną wersją <główna.pomocnicza.patch>, to pole będzie dokładnie równe. Jeśli parametr kubernetesVersion został <wersja główna.pomocnicza>, to pole będzie zawierać pełną <wersji głównej.pomocnicza.patch>.
|
|
properties.disableLocalAccounts
|
boolean
|
Jeśli konta lokalne powinny być wyłączone w klastrze zarządzanym. Jeśli ustawiono wartość true, pobieranie poświadczeń statycznych zostanie wyłączone dla tego klastra. Należy go używać tylko w klastrach zarządzanych z włączoną usługą AAD. Aby uzyskać więcej informacji, zobacz wyłączanie kont lokalnych.
|
|
properties.diskEncryptionSetID
|
string
(arm-id)
|
Identyfikator zasobu szyfrowania dysku ustawiony na potrzeby włączania szyfrowania magazynowanych. Jest to forma: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}"
|
|
properties.dnsPrefix
|
string
|
Prefiks DNS klastra zarządzanego. Nie można go zaktualizować po utworzeniu klastra zarządzanego.
|
|
properties.enableRBAC
|
boolean
|
Czy włączyć platformę Kubernetes Role-Based kontrola dostępu.
|
|
properties.fqdn
|
string
|
Nazwa FQDN puli głównej.
|
|
properties.fqdnSubdomain
|
string
|
Poddomena nazwy FQDN klastra prywatnego z niestandardową prywatną strefą DNS. Nie można go zaktualizować po utworzeniu klastra zarządzanego.
|
|
properties.httpProxyConfig
|
ManagedClusterHTTPProxyConfig
|
Konfiguracje aprowizowania klastra za pomocą serwerów proxy HTTP.
|
|
properties.identityProfile
|
<string,
UserAssignedIdentity>
|
Tożsamość użytkownika skojarzona z klastrem zarządzanym. Ta tożsamość będzie używana przez narzędzie kubelet. Dozwolona jest tylko jedna tożsamość przypisana przez użytkownika. Jedynym akceptowanym kluczem jest "kubeletidentity", z wartością "resourceId": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}".
|
|
properties.ingressProfile
|
ManagedClusterIngressProfile
|
Profil ruchu przychodzącego dla klastra zarządzanego.
|
|
properties.kubernetesVersion
|
string
|
Wersja platformy Kubernetes określona przez użytkownika. Obsługiwane są obie wersje poprawek <major.minor.patch> (np. 1.20.13) i <major.minor> (np. 1.20). Po określeniu <główna.pomocnicza> jest wybierana automatycznie najnowsza obsługiwana wersja poprawki ogólnie dostępnej. Aktualizowanie klastra przy użyciu tego samego <major.minor> po jego utworzeniu (np. 1.14.x —> 1.14) nie wyzwoli uaktualnienia, nawet jeśli jest dostępna nowsza wersja poprawki. Podczas uaktualniania obsługiwanego klastra usługi AKS nie można pominąć wersji pomocniczych platformy Kubernetes. Wszystkie uaktualnienia muszą być wykonywane sekwencyjnie według numeru wersji głównej. Na przykład uaktualnienia z zakresu 1.14.x —> 1.15.x lub 1.15.x —> 1.16.x są dozwolone, jednak wersja 1.14.x —> 1.16.x jest niedozwolona. Aby uzyskać więcej informacji, zobacz uaktualniania klastra usługi AKS.
|
|
properties.linuxProfile
|
ContainerServiceLinuxProfile
|
Profil maszyn wirtualnych z systemem Linux w klastrze zarządzanym.
|
|
properties.maxAgentPools
|
integer
(int32)
|
Maksymalna liczba pul agentów dla klastra zarządzanego.
|
|
properties.metricsProfile
|
ManagedClusterMetricsProfile
|
Opcjonalna konfiguracja metryk klastra.
|
|
properties.networkProfile
|
ContainerServiceNetworkProfile
|
Profil konfiguracji sieci.
|
|
properties.nodeProvisioningProfile
|
ManagedClusterNodeProvisioningProfile
|
Ustawienia aprowizacji węzła, które mają zastosowanie do całego klastra.
|
|
properties.nodeResourceGroup
|
string
|
Nazwa grupy zasobów zawierającej węzły puli agentów.
|
|
properties.nodeResourceGroupProfile
|
ManagedClusterNodeResourceGroupProfile
|
Profil konfiguracji grupy zasobów węzła.
|
|
properties.oidcIssuerProfile
|
ManagedClusterOIDCIssuerProfile
|
Profil wystawcy OIDC klastra zarządzanego.
|
|
properties.podIdentityProfile
|
ManagedClusterPodIdentityProfile
|
Profil tożsamości zasobnika klastra zarządzanego. Aby uzyskać więcej informacji na temat integracji tożsamości zasobnika usługi AAD, zobacz korzystanie z tożsamości zasobnika usługi AAD.
|
|
properties.powerState
|
PowerState
|
Stan zasilania klastra.
|
|
properties.privateFQDN
|
string
|
Nazwa FQDN klastra prywatnego.
|
|
properties.privateLinkResources
|
PrivateLinkResource[]
|
Zasoby łącza prywatnego skojarzone z klastrem.
|
|
properties.provisioningState
|
string
|
Bieżący stan aprowizacji.
|
|
properties.publicNetworkAccess
|
PublicNetworkAccess
|
PublicNetworkAccess klastra zarządzanego. Zezwalanie na dostęp do sieci publicznej dla usługi AKS lub odmawianie dostępu do sieci publicznej
|
|
properties.resourceUID
|
string
|
Identyfikator resourceUID jednoznacznie identyfikuje klastry zarządzane, które ponownie używają identyfikatorów zasobów usługi ARM (tj. tworzenie, usuwanie, tworzenie sekwencji)
|
|
properties.securityProfile
|
ManagedClusterSecurityProfile
|
Profil zabezpieczeń klastra zarządzanego.
|
|
properties.serviceMeshProfile
|
ServiceMeshProfile
|
Profil usługi Service Mesh dla klastra zarządzanego.
|
|
properties.servicePrincipalProfile
|
ManagedClusterServicePrincipalProfile
|
Informacje o tożsamości jednostki usługi dla klastra do użycia do manipulowania interfejsami API platformy Azure.
|
|
properties.status
|
ManagedClusterStatus
|
Zawiera informacje tylko do odczytu dotyczące klastra zarządzanego.
|
|
properties.storageProfile
|
ManagedClusterStorageProfile
|
Profil magazynu dla klastra zarządzanego.
|
|
properties.supportPlan
|
KubernetesSupportPlan
|
Plan pomocy technicznej dla klastra zarządzanego. Jeśli nie określono, wartość domyślna to "KubernetesOfficial".
|
|
properties.upgradeSettings
|
ClusterUpgradeSettings
|
Ustawienia uaktualniania klastra.
|
|
properties.windowsProfile
|
ManagedClusterWindowsProfile
|
Profil maszyn wirtualnych z systemem Windows w klastrze zarządzanym.
|
|
properties.workloadAutoScalerProfile
|
ManagedClusterWorkloadAutoScalerProfile
|
Profil automatycznego skalowania obciążenia dla klastra zarządzanego.
|
|
sku
|
ManagedClusterSKU
|
Jednostka SKU klastra zarządzanego.
|
|
systemData
|
systemData
|
Metadane usługi Azure Resource Manager zawierające informacje „createdBy” i „modifiedBy”.
|
|
tags
|
object
|
Tagi zasobów.
|
|
type
|
string
|
Typ zasobu. Np. "Microsoft.Compute/virtualMachines" lub "Microsoft.Storage/storageAccounts"
|
ManagedClusterAADProfile
Sprzeciwiać się
AADProfile określa atrybuty integracji usługi Azure Active Directory. Aby uzyskać więcej informacji, zobacz managed AAD on AKS.
| Nazwa |
Typ |
Opis |
|
adminGroupObjectIDs
|
string[]
|
Lista identyfikatorów obiektów grupy usługi AAD, które będą miały rolę administratora klastra.
|
|
clientAppID
|
string
|
(PRZESTARZAŁE) Identyfikator aplikacji usługi AAD klienta. Dowiedz się więcej na stronie https://aka.ms/aks/aad-legacy.
|
|
enableAzureRBAC
|
boolean
|
Czy włączyć kontrolę dostępu opartą na rolach platformy Azure dla autoryzacji platformy Kubernetes.
|
|
managed
|
boolean
|
Czy włączyć zarządzaną usługę AAD.
|
|
serverAppID
|
string
|
(PRZESTARZAŁE) Identyfikator aplikacji usługi AAD serwera. Dowiedz się więcej na stronie https://aka.ms/aks/aad-legacy.
|
|
serverAppSecret
|
string
|
(PRZESTARZAŁE) Wpis tajny aplikacji usługi AAD serwera. Dowiedz się więcej na stronie https://aka.ms/aks/aad-legacy.
|
|
tenantID
|
string
|
Identyfikator dzierżawy usługi AAD do użycia do uwierzytelniania. Jeśli nie zostanie określony, użyje dzierżawy subskrypcji wdrożenia.
|
ManagedClusterAddonProfile
Sprzeciwiać się
Profil dodatku Kubernetes dla klastra zarządzanego.
| Nazwa |
Typ |
Opis |
|
config
|
object
|
Pary klucz-wartość do konfigurowania dodatku.
|
|
enabled
|
boolean
|
Czy dodatek jest włączony, czy nie.
|
|
identity
|
Identity
|
Informacje o tożsamości przypisanej przez użytkownika używanej przez ten dodatek.
|
ManagedClusterAgentPoolProfile
Sprzeciwiać się
Profil puli agentów usługi kontenera.
| Nazwa |
Typ |
Wartość domyślna |
Opis |
|
availabilityZones
|
string[]
|
|
Lista stref dostępności do użycia dla węzłów. Można to określić tylko wtedy, gdy właściwość AgentPoolType to "VirtualMachineScaleSets".
|
|
capacityReservationGroupID
|
string
(arm-id)
|
|
Usługa AKS skojarzy określoną pulę agentów z grupą rezerwacji pojemności.
|
|
count
|
integer
(int32)
|
|
Liczba agentów (maszyn wirtualnych) do hostowania kontenerów platformy Docker. Dozwolone wartości muszą należeć do zakresu od 0 do 1000 (włącznie) dla pul użytkowników i w zakresie od 1 do 1000 (włącznie) dla pul systemowych. Wartość domyślna to 1.
|
|
creationData
|
CreationData
|
|
CreationData do określenia źródłowego identyfikatora migawki, jeśli pula węzłów zostanie utworzona/uaktualniona przy użyciu migawki.
|
|
currentOrchestratorVersion
|
string
|
|
Wersja platformy Kubernetes, z uruchomioną pulą agentów. Jeśli orchestratorVersion jest w pełni określoną wersją <major.minor.patch>, to pole będzie dokładnie równe. Jeśli element orchestratorVersion ma wartość <major.minor>, to pole będzie zawierać pełną <wersji głównej.pomocniczej.patch> używanej.
|
|
eTag
|
string
|
|
Unikatowy ciąg tylko do odczytu używany do implementowania optymistycznej współbieżności. Wartość elementu eTag zmieni się po zaktualizowaniu zasobu. Określ nagłówek if-match lub if-none-match z wartością eTag dla kolejnego żądania, aby włączyć optymistyczną współbieżność zgodnie z normalną konwencją eTag.
|
|
enableAutoScaling
|
boolean
|
|
Czy włączyć automatyczne skalowanie
|
|
enableEncryptionAtHost
|
boolean
|
|
Czy włączyć szyfrowanie dysków danych i systemu operacyjnego opartego na hoście. Jest to obsługiwane tylko w przypadku niektórych rozmiarów maszyn wirtualnych i w niektórych regionach świadczenia usługi Azure. Aby uzyskać więcej informacji, zobacz: https://docs.microsoft.com/azure/aks/enable-host-encryption
|
|
enableFIPS
|
boolean
|
|
Czy używać systemu operacyjnego z obsługą protokołu FIPS. Aby uzyskać więcej informacji, zobacz Dodawanie puli węzłów z obsługą protokołu FIPS.
|
|
enableNodePublicIP
|
boolean
|
|
Określa, czy każdy węzeł jest przydzielany do własnego publicznego adresu IP. Niektóre scenariusze mogą wymagać, aby węzły w puli węzłów odbierały własne dedykowane publiczne adresy IP. Typowy scenariusz dotyczy obciążeń gier, w których konsola musi nawiązać bezpośrednie połączenie z maszyną wirtualną w chmurze, aby zminimalizować przeskoki. Aby uzyskać więcej informacji, zobacz przypisywanie publicznego adresu IP na węzeł. Wartość domyślna to false.
|
|
enableUltraSSD
|
boolean
|
|
Czy włączyć warstwę UltraSSD
|
|
gatewayProfile
|
AgentPoolGatewayProfile
|
|
Profil specyficzny dla zarządzanej puli agentów w trybie bramy. Nie można ustawić tego pola, jeśli tryb puli agentów nie jest bramą.
|
|
gpuInstanceProfile
|
GPUInstanceProfile
|
|
GpuInstanceProfile do użycia w celu określenia profilu wystąpienia migracji procesora GPU dla obsługiwanej jednostki SKU maszyny wirtualnej procesora GPU.
|
|
gpuProfile
|
GPUProfile
|
|
Ustawienia procesora GPU dla puli agentów.
|
|
hostGroupID
|
string
(arm-id)
|
|
W pełni kwalifikowany identyfikator zasobu dedykowanej grupy hostów do aprowizowania maszyn wirtualnych używany tylko w scenariuszu tworzenia i nie może zmienić się po ustawieniu. Jest to formularz: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. Aby uzyskać więcej informacji, zobacz dedykowanych hostów platformy Azure.
|
|
kubeletConfig
|
KubeletConfig
|
|
Konfiguracja rozwiązania Kubelet w węzłach puli agentów.
|
|
kubeletDiskType
|
KubeletDiskType
|
|
Określa umieszczanie woluminów emptyDir, katalogu głównego danych środowiska uruchomieniowego kontenera i magazynu efemerycznego Kubelet.
|
|
linuxOSConfig
|
LinuxOSConfig
|
|
Konfiguracja systemu operacyjnego węzłów agenta systemu Linux.
|
|
localDNSProfile
|
LocalDNSProfile
|
|
Konfiguruje lokalny system DNS dla poszczególnych węzłów z przesłonięciami VnetDNS i KubeDNS. LocalDNS pomaga zwiększyć wydajność i niezawodność rozpoznawania nazw DNS w klastrze usługi AKS. Aby uzyskać więcej informacji, zobacz aka.ms/aks/localdns.
|
|
maxCount
|
integer
(int32)
|
|
Maksymalna liczba węzłów do automatycznego skalowania
|
|
maxPods
|
integer
(int32)
|
|
Maksymalna liczba zasobników, które mogą być uruchamiane w węźle.
|
|
messageOfTheDay
|
string
|
|
Komunikat dnia dla węzłów systemu Linux zakodowany w formacie base64. Ciąg zakodowany w formacie base64, który zostanie zapisany w pliku /etc/motd po dekodowaniu. Umożliwia to dostosowanie komunikatu dnia dla węzłów systemu Linux. Nie można go określić dla węzłów systemu Windows. Musi to być ciąg statyczny (tj. zostanie wydrukowany jako nieprzetworzone i nie zostanie wykonany jako skrypt).
|
|
minCount
|
integer
(int32)
|
|
Minimalna liczba węzłów do automatycznego skalowania
|
|
mode
|
AgentPoolMode
|
|
Tryb puli agentów. Klaster musi mieć co najmniej jedną pulę agentów "System" przez cały czas. Aby uzyskać dodatkowe informacje na temat ograniczeń puli agentów i najlepszych rozwiązań, zobacz: https://docs.microsoft.com/azure/aks/use-system-pools
|
|
name
|
string
pattern: ^[a-z][a-z0-9]{0,11}$
|
|
Unikatowa nazwa profilu puli agentów w kontekście subskrypcji i grupy zasobów. Nazwy puli agentów systemu Windows muszą zawierać co najmniej 6 znaków.
|
|
networkProfile
|
AgentPoolNetworkProfile
|
|
Ustawienia związane z siecią puli agentów.
|
|
nodeImageVersion
|
string
|
|
Wersja obrazu węzła
|
|
nodeLabels
|
object
|
|
Etykiety węzłów, które mają być utrwalane we wszystkich węzłach w puli agentów.
|
|
nodePublicIPPrefixID
|
string
(arm-id)
|
|
Identyfikator prefiksu publicznego adresu IP, z którego węzły maszyny wirtualnej powinny używać adresów IP. Jest to forma: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}
|
|
nodeTaints
|
string[]
|
|
Defekty dodane do nowych węzłów podczas tworzenia i skalowania puli węzłów. Na przykład key=value:NoSchedule.
|
|
orchestratorVersion
|
string
|
|
Wersja platformy Kubernetes określona przez użytkownika. Obsługiwane są obie wersje poprawek <major.minor.patch> (np. 1.20.13) i <major.minor> (np. 1.20). Po określeniu <główna.pomocnicza> jest wybierana automatycznie najnowsza obsługiwana wersja poprawki ogólnie dostępnej. Aktualizowanie klastra przy użyciu tego samego <major.minor> po jego utworzeniu (np. 1.14.x —> 1.14) nie wyzwoli uaktualnienia, nawet jeśli jest dostępna nowsza wersja poprawki. Najlepszym rozwiązaniem jest uaktualnienie wszystkich pul węzłów w klastrze usługi AKS do tej samej wersji rozwiązania Kubernetes. Wersja puli węzłów musi mieć taką samą wersję główną jak płaszczyzna sterowania. Wersja pomocnicza puli węzłów musi należeć do dwóch wersji pomocniczych wersji płaszczyzny sterowania. Wersja puli węzłów nie może być większa niż wersja płaszczyzny sterowania. Aby uzyskać więcej informacji, zobacz uaktualnianie puli węzłów.
|
|
osDiskSizeGB
|
integer
(int32)
minimum: 0
maximum: 2048
|
|
Rozmiar dysku systemu operacyjnego w GB do określenia rozmiaru dysku dla każdej maszyny w puli głównej/agenta. Jeśli określisz wartość 0, zostanie zastosowana domyślna wartość osDisk size zgodnie z określoną wartością vmSize.
|
|
osDiskType
|
OSDiskType
|
|
Typ dysku systemu operacyjnego, który ma być używany dla maszyn w puli agentów. Wartość domyślna to "Efemeryczna", jeśli maszyna wirtualna ją obsługuje i ma dysk pamięci podręcznej większy niż żądany dysk OSDiskSizeGB. W przeciwnym razie wartość domyślna to "Zarządzane". Nie można zmienić po utworzeniu. Aby uzyskać więcej informacji, zobacz efemeryczny system operacyjny.
|
|
osSKU
|
OSSKU
|
|
Określa jednostkę SKU systemu operacyjnego używaną przez pulę agentów. Wartość domyślna to Ubuntu, jeśli typ systemu operacyjnego to Linux. Wartość domyślna to Windows2019, gdy platforma Kubernetes <= 1.24 lub Windows2022, gdy platforma Kubernetes >= 1,25, jeśli typ systemu operacyjnego to Windows.
|
|
osType
|
OSType
|
Linux
|
Typ systemu operacyjnego. Wartość domyślna to Linux.
|
|
podIPAllocationMode
|
PodIPAllocationMode
|
|
Tryb alokacji adresów IP zasobnika. Tryb alokacji adresów IP dla zasobników w puli agentów. Musi być używany z podSubnetId. Wartość domyślna to "DynamicIndividual".
|
|
podSubnetID
|
string
(arm-id)
|
|
Identyfikator podsieci, która zasobniki zostaną przyłączone po uruchomieniu. W przypadku pominięcia adresy IP zasobników są statycznie przypisywane w podsieci węzła (zobacz vnetSubnetID, aby uzyskać więcej informacji). Jest to forma: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}
|
|
powerState
|
PowerState
|
|
Niezależnie od tego, czy pula agentów jest uruchomiona, czy zatrzymana. Po pierwszym utworzeniu puli agentów jest ona początkowo uruchomiona. Pulę agentów można zatrzymać, ustawiając to pole na Zatrzymano. Zatrzymana pula agentów zatrzymuje wszystkie maszyny wirtualne i nie nalicza opłat za rozliczenia. Pulę agentów można zatrzymać tylko wtedy, gdy jest uruchomiona, a stan aprowizacji to Powodzenie
|
|
provisioningState
|
string
|
|
Bieżący stan wdrożenia lub aprowizacji.
|
|
proximityPlacementGroupID
|
string
(arm-id)
|
|
Identyfikator grupy umieszczania w pobliżu.
|
|
scaleDownMode
|
ScaleDownMode
|
|
Tryb skalowania w dół używany podczas skalowania puli agentów. Ma to również wpływ na zachowanie narzędzia do automatycznego skalowania klastra. Jeśli nie zostanie określony, domyślnie ma wartość Usuń.
|
|
scaleSetEvictionPolicy
|
ScaleSetEvictionPolicy
|
Delete
|
Zasady eksmisji zestawu skalowania maszyn wirtualnych do użycia. Nie można tego określić, chyba że element scaleSetPriority ma wartość "Spot". Jeśli nie zostanie określony, wartość domyślna to "Usuń".
|
|
scaleSetPriority
|
ScaleSetPriority
|
Regular
|
Priorytet zestawu skalowania maszyn wirtualnych. Jeśli nie zostanie określony, wartość domyślna to "Regular".
|
|
securityProfile
|
AgentPoolSecurityProfile
|
|
Ustawienia zabezpieczeń puli agentów.
|
|
spotMaxPrice
|
number
|
-1
|
Maksymalna cena (w dolarach amerykańskich) jest gotowa zapłacić za wystąpienia typu spot. Możliwe wartości to dowolna wartość dziesiętna większa niż zero lub -1, która wskazuje, że domyślna cena ma być up-to na żądanie. Możliwe wartości to dowolna wartość dziesiętna większa niż zero lub -1, która wskazuje gotowość do zapłaty dowolnej ceny na żądanie. Aby uzyskać więcej informacji na temat cennika typu spot, zobacz cennik maszyn wirtualnych typu spot
|
|
status
|
AgentPoolStatus
|
|
Zawiera informacje tylko do odczytu dotyczące puli agentów.
|
|
tags
|
object
|
|
Tagi, które mają być utrwalane w zestawie skalowania maszyn wirtualnych puli agentów.
|
|
type
|
AgentPoolType
|
|
Typ puli agentów.
|
|
upgradeSettings
|
AgentPoolUpgradeSettings
|
|
Ustawienia uaktualniania puli agentów
|
|
virtualMachineNodesStatus
|
VirtualMachineNodes[]
|
|
Stan węzłów w puli agentów VirtualMachines.
|
|
virtualMachinesProfile
|
VirtualMachinesProfile
|
|
Specyfikacje w puli agentów VirtualMachines.
|
|
vmSize
|
string
|
|
Rozmiar maszyn wirtualnych puli agentów. Dostępność rozmiaru maszyny wirtualnej różni się w zależności od regionu. Jeśli węzeł zawiera niewystarczające zasoby obliczeniowe (pamięć, procesor itp.), zasobniki mogą nie działać poprawnie. Aby uzyskać więcej informacji na temat ograniczonych rozmiarów maszyn wirtualnych, zobacz: https://docs.microsoft.com/azure/aks/quotas-skus-regions
|
|
vnetSubnetID
|
string
(arm-id)
|
|
Identyfikator podsieci, która węzły puli agentów i opcjonalnie zasobniki zostaną przyłączone podczas uruchamiania. Jeśli ta wartość nie zostanie określona, zostanie wygenerowana i użyta sieć wirtualna oraz podsieć. Jeśli nie określono parametru podSubnetID, dotyczy to węzłów i zasobników, w przeciwnym razie dotyczy tylko węzłów. Jest to forma: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}
|
|
windowsProfile
|
AgentPoolWindowsProfile
|
|
Określony profil puli agentów systemu Windows.
|
|
workloadRuntime
|
WorkloadRuntime
|
|
Określa typ obciążenia, który może uruchomić węzeł.
|
Sprzeciwiać się
Po włączeniu operatora w klastrze zostanie zainstalowany zestaw zarządzanych identyfikatorów CRD i kontrolerów usługi AKS. Operator automatyzuje wdrażanie modeli systemu operacyjnego na potrzeby wnioskowania i/lub trenowania. Zapewnia zestaw wstępnie ustawionych modeli i umożliwia rozproszone wnioskowanie względem nich.
| Nazwa |
Typ |
Opis |
|
enabled
|
boolean
|
Określa, czy włączyć operatora łańcucha narzędzi sztucznej inteligencji w klastrze. Wskazuje, czy operator łańcucha narzędzi sztucznej inteligencji jest włączony, czy nie.
|
ManagedClusterAPIServerAccessProfile
Sprzeciwiać się
Profil dostępu dla serwera interfejsu API klastra zarządzanego.
| Nazwa |
Typ |
Opis |
|
authorizedIPRanges
|
string[]
|
Zakresy adresów IP autoryzowane do uzyskiwania dostępu do serwera interfejsu API Kubernetes. Zakresy adresów IP są określane w formacie CIDR, np. 137.117.106.88/29. Ta funkcja nie jest zgodna z klastrami korzystającymi z publicznego adresu IP na węzeł lub klastrów korzystających z podstawowego modułu równoważenia obciążenia. Aby uzyskać więcej informacji, zobacz Zakresy adresów IP autoryzowanych przez serwer interfejsu API.
|
|
disableRunCommand
|
boolean
|
Czy wyłączyć uruchamianie polecenia dla klastra, czy nie.
|
|
enablePrivateCluster
|
boolean
|
Czy klaster ma zostać utworzony jako klaster prywatny, czy nie. Aby uzyskać więcej informacji, zobacz Tworzenie prywatnego klastra usługi AKS.
|
|
enablePrivateClusterPublicFQDN
|
boolean
|
Czy utworzyć dodatkową publiczną nazwę FQDN dla klastra prywatnego, czy nie.
|
|
enableVnetIntegration
|
boolean
|
Czy włączyć integrację z siecią wirtualną apiserver dla klastra, czy nie. Zobacz aka.ms/AksVnetIntegration, aby uzyskać więcej informacji.
|
|
privateDNSZone
|
string
|
Prywatny tryb strefy DNS dla klastra. Wartość domyślna to System. Aby uzyskać więcej informacji, zobacz konfigurowanie prywatnej strefy DNS. Dozwolone wartości to "system" i "none".
|
|
subnetId
|
string
(arm-id)
|
Podsieć, która ma być używana, gdy jest włączona integracja z siecią wirtualną apiserver. Jest to wymagane podczas tworzenia nowego klastra z siecią wirtualną BYO lub podczas aktualizowania istniejącego klastra w celu włączenia integracji z siecią wirtualną serwera apiserver.
|
ManagedClusterAutoUpgradeProfile
Sprzeciwiać się
Profil automatycznego uaktualniania dla klastra zarządzanego.
ManagedClusterAzureMonitorProfile
Sprzeciwiać się
Profile dodatków usługi Azure Monitor do monitorowania klastra zarządzanego.
| Nazwa |
Typ |
Opis |
|
metrics
|
ManagedClusterAzureMonitorProfileMetrics
|
Profil metryk dla usługi zarządzanej Azure Monitor dla dodatku Prometheus. Zbierz gotowe metryki infrastruktury kubernetes, aby wysyłać je do obszaru roboczego usługi Azure Monitor i konfigurować dodatkowe złomowanie dla niestandardowych obiektów docelowych. Aby zapoznać się z omówieniem, zobacz aka.ms/AzureManagedPrometheus.
|
ManagedClusterAzureMonitorProfileKubeStateMetrics
Sprzeciwiać się
Profil metryk stanu platformy Kube dla dodatku Prometheus zarządzanego przez platformę Azure. Te opcjonalne ustawienia dotyczą zasobnika kube-state-metrics wdrożonego za pomocą dodatku. Aby uzyskać szczegółowe informacje, zobacz aka.ms/AzureManagedPrometheus-optional-parameters.
| Nazwa |
Typ |
Opis |
|
metricAnnotationsAllowList
|
string
|
Rozdzielona przecinkami lista kluczy adnotacji Kubernetes, które będą używane w metryce etykiet zasobu (przykład: "namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],..."). Domyślnie metryka zawiera tylko nazwy zasobu i etykiety przestrzeni nazw.
|
|
metricLabelsAllowlist
|
string
|
Rozdzielona przecinkami lista dodatkowych kluczy etykiet Kubernetes, które będą używane w metryce etykiet zasobu (przykład: "namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...". Domyślnie metryka zawiera tylko nazwy zasobu i etykiety przestrzeni nazw.
|
ManagedClusterAzureMonitorProfileMetrics
Sprzeciwiać się
Profil metryk dla usługi zarządzanej Azure Monitor dla dodatku Prometheus. Zbierz gotowe metryki infrastruktury kubernetes, aby wysyłać je do obszaru roboczego usługi Azure Monitor i konfigurować dodatkowe złomowanie dla niestandardowych obiektów docelowych. Aby zapoznać się z omówieniem, zobacz aka.ms/AzureManagedPrometheus.
| Nazwa |
Typ |
Opis |
|
enabled
|
boolean
|
Czy włączyć lub wyłączyć dodatek Prometheus zarządzany przez platformę Azure na potrzeby monitorowania rozwiązania Prometheus. Aby uzyskać szczegółowe informacje na temat włączania i wyłączania, zobacz aka.ms/AzureManagedPrometheus-aks-enable.
|
|
kubeStateMetrics
|
ManagedClusterAzureMonitorProfileKubeStateMetrics
|
Profil metryk stanu platformy Kube dla dodatku Prometheus zarządzanego przez platformę Azure. Te opcjonalne ustawienia dotyczą zasobnika kube-state-metrics wdrożonego za pomocą dodatku. Aby uzyskać szczegółowe informacje, zobacz aka.ms/AzureManagedPrometheus-optional-parameters.
|
ManagedClusterBootstrapProfile
Sprzeciwiać się
Profil bootstrap.
| Nazwa |
Typ |
Wartość domyślna |
Opis |
|
artifactSource
|
ArtifactSource
|
Direct
|
Źródło artefaktu. Źródło, z którego są pobierane artefakty.
|
|
containerRegistryId
|
string
(arm-id)
|
|
Identyfikator zasobu usługi Azure Container Registry. Rejestr musi mieć dostęp do sieci prywatnej, jednostkę SKU w warstwie Premium i nadmiarowość stref.
|
ManagedClusterCostAnalysis
Sprzeciwiać się
Konfiguracja analizy kosztów klastra
| Nazwa |
Typ |
Opis |
|
enabled
|
boolean
|
Określa, czy włączyć analizę kosztów. Aby włączyć tę funkcję, musi być ustawiona wartość "Standardowa" lub "Premium". Włączenie tej opcji spowoduje dodanie szczegółów przestrzeni nazw i wdrożenia platformy Kubernetes do widoków Analiza kosztów w witrynie Azure Portal. Jeśli nie zostanie określony, wartość domyślna to false. Aby uzyskać więcej informacji, zobacz aka.ms/aks/docs/cost-analysis.
|
ManagedClusterHTTPProxyConfig
Sprzeciwiać się
Konfiguracja serwera proxy HTTP klastra.
| Nazwa |
Typ |
Opis |
|
httpProxy
|
string
|
Punkt końcowy serwera proxy HTTP do użycia.
|
|
httpsProxy
|
string
|
Punkt końcowy serwera proxy HTTPS do użycia.
|
|
noProxy
|
string[]
|
Punkty końcowe, które nie powinny przechodzić przez serwer proxy.
|
|
trustedCa
|
string
|
Alternatywny certyfikat urzędu certyfikacji do użycia do nawiązywania połączenia z serwerami proxy.
|
ManagedClusterIdentity
Sprzeciwiać się
Tożsamość klastra zarządzanego.
| Nazwa |
Typ |
Opis |
|
delegatedResources
|
<string,
DelegatedResource>
|
Delegowane zasoby tożsamości przypisane do tego klastra zarządzanego. Można to ustawić tylko przez innego dostawcę zasobów platformy Azure, a klaster zarządzany akceptuje tylko jeden delegowany zasób tożsamości. Tylko do użytku wewnętrznego.
|
|
principalId
|
string
|
Główny identyfikator tożsamości przypisanej do systemu, która jest używana przez komponenty główne.
|
|
tenantId
|
string
|
Identyfikator dzierżawy tożsamości przypisanej przez system, która jest używana przez składniki główne.
|
|
type
|
ResourceIdentityType
|
Typ tożsamości używany dla klastra zarządzanego. Aby uzyskać więcej informacji, zobacz Używanie tożsamości zarządzanych w usłudze AKS.
|
|
userAssignedIdentities
|
UserAssignedIdentities
|
Tożsamość użytkownika skojarzona z klastrem zarządzanym. Ta tożsamość będzie używana w płaszczyźnie sterowania. Dozwolona jest tylko jedna tożsamość przypisana przez użytkownika. Klucze muszą być identyfikatorami zasobów usługi ARM w postaci: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}".
|
ManagedClusterIngressProfile
Sprzeciwiać się
Profil ruchu przychodzącego dla klastra usługi kontenera.
ManagedClusterIngressProfileNginx
Sprzeciwiać się
| Nazwa |
Typ |
Opis |
|
defaultIngressControllerType
|
NginxIngressControllerType
|
Typ ruchu przychodzącego domyślnego zasobu niestandardowego NginxIngressController
|
ManagedClusterIngressProfileWebAppRouting
Sprzeciwiać się
Ustawienia dodatku routingu aplikacji dla profilu ruchu przychodzącego.
| Nazwa |
Typ |
Opis |
|
dnsZoneResourceIds
|
string[]
(arm-id)
|
Identyfikatory zasobów stref DNS, które mają być skojarzone z dodatkiem Routing aplikacji. Używane tylko wtedy, gdy dodatek routingu aplikacji jest włączony. Publiczne i prywatne strefy DNS mogą znajdować się w różnych grupach zasobów, ale wszystkie publiczne strefy DNS muszą znajdować się w tej samej grupie zasobów, a wszystkie prywatne strefy DNS muszą znajdować się w tej samej grupie zasobów.
|
|
enabled
|
boolean
|
Czy włączyć dodatek routingu aplikacji.
|
|
identity
|
UserAssignedIdentity
|
Tożsamość zarządzana dodatku Application Routing. Jest to tożsamość, której należy udzielić uprawnień, na przykład do zarządzania skojarzonym zasobem usługi Azure DNS i pobierania certyfikatów z usługi Azure Key Vault. Zobacz to omówienie dodatku , aby uzyskać więcej instrukcji.
|
|
nginx
|
ManagedClusterIngressProfileNginx
|
Konfiguracja domyślnego kontrolera NginxIngressController. Zobacz więcej na stronie https://learn.microsoft.com/en-us/azure/aks/app-routing-nginx-configuration#the-default-nginx-ingress-controller.
|
ManagedClusterLoadBalancerProfile
Sprzeciwiać się
Profil modułu równoważenia obciążenia klastra zarządzanego.
| Nazwa |
Typ |
Wartość domyślna |
Opis |
|
allocatedOutboundPorts
|
integer
(int32)
minimum: 0
maximum: 64000
|
0
|
Żądana liczba przydzielonych portów SNAT na maszynę wirtualną. Dozwolone wartości znajdują się w zakresie od 0 do 64000 (włącznie). Wartość domyślna to 0, co powoduje dynamiczne przydzielanie portów na platformie Azure.
|
|
backendPoolType
|
BackendPoolType
|
NodeIPConfiguration
|
Typ zarządzanej puli zaplecza modułu równoważenia obciążenia dla ruchu przychodzącego.
|
|
effectiveOutboundIPs
|
ResourceReference[]
|
|
Efektywne zasoby adresów IP ruchu wychodzącego modułu równoważenia obciążenia klastra.
|
|
enableMultipleStandardLoadBalancers
|
boolean
|
|
Włącz wiele standardowych modułów równoważenia obciążenia na klaster usługi AKS lub nie.
|
|
idleTimeoutInMinutes
|
integer
(int32)
minimum: 4
maximum: 120
|
30
|
Żądany limit czasu bezczynności przepływu wychodzącego w minutach. Dozwolone wartości znajdują się w zakresie od 4 do 120 (włącznie). Wartość domyślna to 30 minut.
|
|
managedOutboundIPs
|
ManagedOutboundIPs
|
|
Żądane zarządzane adresy IP ruchu wychodzącego dla modułu równoważenia obciążenia klastra.
|
|
outboundIPPrefixes
|
OutboundIPPrefixes
|
|
Żądane zasoby prefiksu adresów IP dla modułu równoważenia obciążenia klastra.
|
|
outboundIPs
|
OutboundIPs
|
|
Żądane zasoby adresów IP ruchu wychodzącego dla modułu równoważenia obciążenia klastra.
|
ManagedClusterManagedOutboundIPProfile
Sprzeciwiać się
Profil zarządzanych zasobów wychodzących IP klastra zarządzanego.
| Nazwa |
Typ |
Wartość domyślna |
Opis |
|
count
|
integer
(int32)
minimum: 1
maximum: 16
|
1
|
Żądana liczba wychodzących adresów IP utworzonych/zarządzanych przez platformę Azure. Dozwolone wartości muszą należeć do zakresu od 1 do 16 (włącznie). Wartość domyślna to 1.
|
ManagedClusterMetricsProfile
Sprzeciwiać się
Profil metryk zarządzanychcluster.
ManagedClusterNATGatewayProfile
Sprzeciwiać się
Profil bramy translatora adresów sieciowych klastra zarządzanego.
| Nazwa |
Typ |
Wartość domyślna |
Opis |
|
effectiveOutboundIPs
|
ResourceReference[]
|
|
Efektywne zasoby adresów IP ruchu wychodzącego bramy translatora adresów sieciowych klastra.
|
|
idleTimeoutInMinutes
|
integer
(int32)
minimum: 4
maximum: 120
|
4
|
Żądany limit czasu bezczynności przepływu wychodzącego w minutach. Dozwolone wartości znajdują się w zakresie od 4 do 120 (włącznie). Wartość domyślna to 4 minuty.
|
|
managedOutboundIPProfile
|
ManagedClusterManagedOutboundIPProfile
|
|
Profil zarządzanych zasobów wychodzących IP bramy translatora adresów sieciowych klastra.
|
ManagedClusterNodeProvisioningProfile
Sprzeciwiać się
| Nazwa |
Typ |
Wartość domyślna |
Opis |
|
defaultNodePools
|
NodeProvisioningDefaultNodePools
|
Auto
|
Zestaw domyślnych pul węzłów Karpenter (CRD) skonfigurowanych do aprowizacji węzłów. To pole nie działa, chyba że tryb ma wartość "Auto". Ostrzeżenie: Zmiana tej opcji z Automatycznie na Brak w istniejącym klastrze spowoduje usunięcie domyślnych pul węzłów Karpenter, co spowoduje opróżnienie i usunięcie węzłów skojarzonych z tymi pulami. Zdecydowanie zaleca się, aby tego nie robić, chyba że istnieją bezczynne węzły gotowe do podjęcia zasobników eksmitowanych przez tę akcję. Jeśli nie zostanie określony, wartość domyślna to Auto. Aby uzyskać więcej informacji, zobacz aka.ms/aks/nap#node-pools.
|
|
mode
|
NodeProvisioningMode
|
|
Tryb aprowizacji węzła. Jeśli nie zostanie określony, wartość domyślna to Ręczne.
|
ManagedClusterNodeResourceGroupProfile
Sprzeciwiać się
Profil blokady grupy zasobów węzła dla klastra zarządzanego.
| Nazwa |
Typ |
Opis |
|
restrictionLevel
|
RestrictionLevel
|
Poziom ograniczeń zastosowany do grupy zasobów węzła klastra. Jeśli nie zostanie określony, wartość domyślna to "Bez ograniczeń"
|
ManagedClusterOIDCIssuerProfile
Sprzeciwiać się
Profil wystawcy OIDC klastra zarządzanego.
| Nazwa |
Typ |
Opis |
|
enabled
|
boolean
|
Czy wystawca OIDC jest włączony.
|
|
issuerURL
|
string
|
Adres URL wystawcy OIDC klastra zarządzanego.
|
ManagedClusterPodIdentity
Sprzeciwiać się
Szczegółowe informacje o tożsamości zasobnika przypisanej do klastra zarządzanego.
| Nazwa |
Typ |
Opis |
|
bindingSelector
|
string
|
Selektor powiązania do użycia dla zasobu AzureIdentityBinding.
|
|
identity
|
UserAssignedIdentity
|
Szczegóły tożsamości przypisanej przez użytkownika.
|
|
name
|
string
|
Nazwa tożsamości zasobnika.
|
|
namespace
|
string
|
Przestrzeń nazw tożsamości zasobnika.
|
|
provisioningInfo
|
ProvisioningInfo
|
|
|
provisioningState
|
ManagedClusterPodIdentityProvisioningState
|
Bieżący stan aprowizacji tożsamości zasobnika.
|
ManagedClusterPodIdentityException
Sprzeciwiać się
Wyjątek tożsamości zasobnika, który umożliwia zasobnikom z określonymi etykietami dostęp do punktu końcowego usługi Azure Instance Metadata Service (IMDS) bez przechwytywania przez serwer tożsamości zarządzanej węzła (NMI). Aby uzyskać więcej informacji, zobacz disable AAD Pod Identity for a specific Pod/Application (Wyłączanie tożsamości zasobnika usługi AAD).
| Nazwa |
Typ |
Opis |
|
name
|
string
|
Nazwa wyjątku tożsamości zasobnika.
|
|
namespace
|
string
|
Przestrzeń nazw wyjątku tożsamości zasobnika.
|
|
podLabels
|
object
|
Etykiety zasobników do dopasowania.
|
ManagedClusterPodIdentityProfile
Sprzeciwiać się
Profil tożsamości zasobnika klastra zarządzanego. Zobacz używanie tożsamości zasobnika usługi AAD, aby uzyskać więcej informacji na temat integracji tożsamości zasobnika.
ManagedClusterPodIdentityProvisioningError
Sprzeciwiać się
Odpowiedź na błąd z aprowizacji tożsamości zasobnika.
ManagedClusterPodIdentityProvisioningErrorBody
Sprzeciwiać się
Odpowiedź na błąd z aprowizacji tożsamości zasobnika.
| Nazwa |
Typ |
Opis |
|
code
|
string
|
Identyfikator błędu. Kody są niezmienne i mają być używane programowo.
|
|
details
|
ManagedClusterPodIdentityProvisioningErrorBody[]
|
Lista dodatkowych szczegółów dotyczących błędu.
|
|
message
|
string
|
Komunikat opisujący błąd, który ma być odpowiedni do wyświetlania w interfejsie użytkownika.
|
|
target
|
string
|
Element docelowy określonego błędu. Na przykład nazwa właściwości w błędzie.
|
ManagedClusterPodIdentityProvisioningState
Wyliczenie
Bieżący stan aprowizacji tożsamości zasobnika.
| Wartość |
Opis |
|
Assigned
|
|
|
Canceled
|
|
|
Deleting
|
|
|
Failed
|
|
|
Succeeded
|
|
|
Updating
|
|
ManagedClusterSecurityProfile
Sprzeciwiać się
Profil zabezpieczeń klastra usługi kontenera.
ManagedClusterSecurityProfileDefender
Sprzeciwiać się
Ustawienia usługi Microsoft Defender dla profilu zabezpieczeń.
| Nazwa |
Typ |
Opis |
|
logAnalyticsWorkspaceResourceId
|
string
(arm-id)
|
Identyfikator zasobu obszaru roboczego usługi Log Analytics, który ma być skojarzony z usługą Microsoft Defender. Gdy usługa Microsoft Defender jest włączona, to pole jest wymagane i musi być prawidłowym identyfikatorem zasobu obszaru roboczego. Gdy usługa Microsoft Defender jest wyłączona, pozostaw pole puste.
|
|
securityMonitoring
|
ManagedClusterSecurityProfileDefenderSecurityMonitoring
|
Wykrywanie zagrożeń w usłudze Microsoft Defender dla ustawień chmury dla profilu zabezpieczeń.
|
ManagedClusterSecurityProfileDefenderSecurityMonitoring
Sprzeciwiać się
Ustawienia usługi Microsoft Defender dla wykrywania zagrożeń profilu zabezpieczeń.
| Nazwa |
Typ |
Opis |
|
enabled
|
boolean
|
Czy włączyć wykrywanie zagrożeń w usłudze Defender
|
ManagedClusterSecurityProfileImageCleaner
Sprzeciwiać się
Narzędzie Image Cleaner usuwa nieużywane obrazy z węzłów, zwalniając miejsce na dysku i pomagając zmniejszyć obszar powierzchni podatnej na ataki. Poniżej przedstawiono ustawienia profilu zabezpieczeń.
| Nazwa |
Typ |
Opis |
|
enabled
|
boolean
|
Czy włączyć narzędzie Image Cleaner w klastrze usługi AKS.
|
|
intervalHours
|
integer
(int32)
|
Interwał skanowania czyszczenia obrazów w godzinach.
|
ManagedClusterSecurityProfileWorkloadIdentity
Sprzeciwiać się
Ustawienia tożsamości obciążenia dla profilu zabezpieczeń.
| Nazwa |
Typ |
Opis |
|
enabled
|
boolean
|
Czy włączyć tożsamość obciążenia.
|
ManagedClusterServicePrincipalProfile
Sprzeciwiać się
Informacje o tożsamości jednostki usługi dla klastra do użycia do manipulowania interfejsami API platformy Azure.
| Nazwa |
Typ |
Opis |
|
clientId
|
string
|
Identyfikator jednostki usługi.
|
|
secret
|
string
|
Hasło tajne skojarzone z jednostką usługi w postaci zwykłego tekstu.
|
ManagedClusterSKU
Sprzeciwiać się
Jednostka SKU klastra zarządzanego.
ManagedClusterSKUName
Wyliczenie
Nazwa jednostki SKU klastra zarządzanego.
| Wartość |
Opis |
|
Base
|
Opcja podstawowa dla płaszczyzny sterowania usługi AKS.
|
|
Automatic
|
Klastry automatyczne są zoptymalizowane pod kątem uruchamiania większości obciążeń produkcyjnych z konfiguracją zgodną z najlepszymi rozwiązaniami i zaleceniami dotyczącymi konfiguracji, skalowalności i zabezpieczeń klastra i obciążenia usługi AKS. Aby uzyskać więcej informacji na temat klastrów automatycznych, zobacz aka.ms/aks/automatic.
|
ManagedClusterSKUTier
Wyliczenie
Warstwa jednostki SKU klastra zarządzanego. Jeśli nie zostanie określony, wartość domyślna to "Bezpłatna". Aby uzyskać więcej informacji, zobacz Warstwa cenowa usługi AKS .
| Wartość |
Opis |
|
Standard
|
Zalecane w przypadku obciążeń o znaczeniu krytycznym i produkcyjnych. Obejmuje automatyczne skalowanie płaszczyzny sterowania Platformy Kubernetes, testowanie intensywnie korzystające z obciążenia i maksymalnie 5000 węzłów na klaster. Gwarantuje dostępność punktu końcowego serwera interfejsu API Kubernetes w wersji 99.95% dla klastrów korzystających ze stref dostępności i 99,9% dostępności dla klastrów, które nie korzystają ze stref dostępności.
|
|
Free
|
Zarządzanie klastrem jest bezpłatne, ale opłaty są naliczane za użycie maszyny wirtualnej, magazynu i sieci. Najlepsze w przypadku eksperymentów, uczenia się, prostego testowania lub obciążeń z mniej niż 10 węzłami. Niezalecane w przypadku przypadków użycia w środowisku produkcyjnym.
|
|
Premium
|
Klaster ma funkcje premium oprócz wszystkich funkcji zawartych w warstwie "Standardowa". Wersja Premium umożliwia wybór opcji LongTermSupport (aka.ms/aks/lts) dla niektórych wersji platformy Kubernetes.
|
ManagedClusterStaticEgressGatewayProfile
Sprzeciwiać się
Konfiguracja dodatku static Egress Gateway dla klastra.
| Nazwa |
Typ |
Opis |
|
enabled
|
boolean
|
Włącz dodatek Static Egress Gateway. Wskazuje, czy dodatek bramy ruchu wychodzącego statycznego jest włączony, czy nie.
|
ManagedClusterStatus
Sprzeciwiać się
Zawiera informacje tylko do odczytu dotyczące klastra zarządzanego.
| Nazwa |
Typ |
Opis |
|
provisioningError
|
ErrorDetail
|
Szczegółowe informacje o błędzie klastra zarządzanego. Zachowuje szczegółowe informacje o niepowodzeniu. Jeśli nie wystąpił błąd, to pole jest pomijane.
|
ManagedClusterStorageProfile
Sprzeciwiać się
Profil magazynu dla klastra usługi kontenera.
ManagedClusterStorageProfileBlobCSIDriver
Sprzeciwiać się
Ustawienia sterownika CSI usługi AzureBlob dla profilu magazynu.
| Nazwa |
Typ |
Opis |
|
enabled
|
boolean
|
Czy włączyć sterownik AZUREBlob CSI. Wartość domyślna to fałsz.
|
ManagedClusterStorageProfileDiskCSIDriver
Sprzeciwiać się
Ustawienia sterownika AZUREDisk CSI dla profilu magazynu.
| Nazwa |
Typ |
Opis |
|
enabled
|
boolean
|
Czy włączyć sterownik AzureDisk CSI. Wartość domyślna to true.
|
ManagedClusterStorageProfileFileCSIDriver
Sprzeciwiać się
Ustawienia sterownika AZUREFile CSI dla profilu magazynu.
| Nazwa |
Typ |
Opis |
|
enabled
|
boolean
|
Czy włączyć sterownik AzureFile CSI. Wartość domyślna to true.
|
ManagedClusterStorageProfileSnapshotController
Sprzeciwiać się
Ustawienia kontrolera migawek dla profilu magazynu.
| Nazwa |
Typ |
Opis |
|
enabled
|
boolean
|
Czy włączyć kontroler migawek. Wartość domyślna to true.
|
ManagedClusterWindowsProfile
Sprzeciwiać się
Profil maszyn wirtualnych z systemem Windows w klastrze zarządzanym.
| Nazwa |
Typ |
Opis |
|
adminPassword
|
string
|
Określa hasło konta administratora.
minimalna długość : 8 znaków
maksymalna długość: 123 znaków
wymagania dotyczące złożoności: należy spełnić 3 na 4 poniższe warunki
Ma małe znaki
Ma wielkie znaki
Ma cyfrę
Ma znak specjalny (dopasowanie wyrażenia regularnego [\W_])
niedozwolone wartości: "abc@123", "P@$$w 0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!"
|
|
adminUsername
|
string
|
Określa nazwę konta administratora.
Ograniczenie: Nie można zakończyć się "."
niedozwolone wartości: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5".
Minimalna długość: 1 znak
maksymalna długość: 20 znaków
|
|
enableCSIProxy
|
boolean
|
Czy włączyć serwer proxy CSI. Aby uzyskać więcej informacji na temat serwera proxy CSI, zobacz repozytorium GitHub serwera proxy CSI.
|
|
gmsaProfile
|
WindowsGmsaProfile
|
Profil gMSA systemu Windows w klastrze zarządzanym.
|
|
licenseType
|
licenseType
|
Typ licencji do użycia dla maszyn wirtualnych z systemem Windows. Aby uzyskać więcej informacji, zobacz Korzyści użytkownika hybrydowego platformy Azure .
|
ManagedClusterWorkloadAutoScalerProfile
Sprzeciwiać się
Profil automatycznego skalowania obciążenia dla klastra zarządzanego.
ManagedClusterWorkloadAutoScalerProfileKeda
Sprzeciwiać się
Ustawienia skalowania automatycznego opartego na zdarzeniach platformy KEDA (Kubernetes Event-driven Autoscaling) dla profilu automatycznego skalowania obciążenia.
| Nazwa |
Typ |
Opis |
|
enabled
|
boolean
|
Czy włączyć usługę KEDA.
|
ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler
Sprzeciwiać się
Ustawienia narzędzia VPA (vertical Pod Autoscaler) dla profilu automatycznego skalowania obciążenia.
| Nazwa |
Typ |
Wartość domyślna |
Opis |
|
enabled
|
boolean
|
False
|
Czy włączyć vpa. Wartość domyślna to false.
|
ManagedOutboundIPs
Sprzeciwiać się
Żądane zarządzane adresy IP ruchu wychodzącego dla modułu równoważenia obciążenia klastra.
| Nazwa |
Typ |
Wartość domyślna |
Opis |
|
count
|
integer
(int32)
minimum: 1
maximum: 100
|
1
|
Żądana liczba wychodzących adresów IP protokołu IPv4 utworzonych/zarządzanych przez platformę Azure dla modułu równoważenia obciążenia klastra. Dozwolone wartości muszą należeć do zakresu od 1 do 100 (włącznie). Wartość domyślna to 1.
|
|
countIPv6
|
integer
(int32)
minimum: 0
maximum: 100
|
0
|
Żądana liczba adresów IP ruchu wychodzącego IPv6 utworzonych/zarządzanych przez platformę Azure dla modułu równoważenia obciążenia klastra. Dozwolone wartości muszą należeć do zakresu od 1 do 100 (włącznie). Wartość domyślna to 0 dla pojedynczego stosu i 1 dla podwójnego stosu.
|
ManualScaleProfile
Sprzeciwiać się
Specyfikacje dotyczące liczby maszyn.
| Nazwa |
Typ |
Opis |
|
count
|
integer
(int32)
|
Liczba węzłów.
|
|
size
|
string
|
Rozmiar maszyny wirtualnej używany przez usługę AKS podczas tworzenia i skalowania, np. "Standard_E4s_v3", "Standard_E16s_v3" lub "Standard_D16s_v5".
|
networkDataplane
Wyliczenie
Plan danych sieci używany w klastrze Kubernetes.
| Wartość |
Opis |
|
azure
|
Użyj płaszczyzny danych sieci platformy Azure.
|
|
cilium
|
Użyj płaszczyzny danych sieci rzęsek. Aby uzyskać więcej informacji, zobacz Azure CNI Powered by Cilium.
|
networkMode
Wyliczenie
Tryb sieciowy platformy Azure CNI jest skonfigurowany za pomocą polecenia . Nie można tego określić, jeśli parametr networkPlugin jest inny niż "azure".
| Wartość |
Opis |
|
transparent
|
Nie jest tworzony żaden most. Intra-VM komunikacja zasobnika z zasobnikami odbywa się za pośrednictwem tras IP utworzonych przez usługę Azure CNI. Aby uzyskać więcej informacji, zobacz tryb przezroczysty.
|
|
bridge
|
Ta funkcja nie jest już obsługiwana
|
NetworkPlugin
Wyliczenie
Wtyczka sieci używana do tworzenia sieci Kubernetes.
| Wartość |
Opis |
|
azure
|
Użyj wtyczki sieciowej usługi Azure CNI. Aby uzyskać więcej informacji, zobacz sieci usługi Azure CNI (advanced).
|
|
kubenet
|
Użyj wtyczki sieciowej Kubenet. Aby uzyskać więcej informacji, zobacz sieci platformy Kubenet (podstawowa).
|
|
none
|
Żadna wtyczka CNI nie jest preinstalowana. Aby uzyskać więcej informacji, zobacz BYO CNI.
|
NetworkPluginMode
Wyliczenie
Tryb, który ma być używany przez wtyczkę sieci.
| Wartość |
Opis |
|
overlay
|
Używane z networkPlugin=azure, zasobniki otrzymują adresy IP z przestrzeni adresowej PodCIDR, ale używają Azure Routing Domains, a nie metody Kubenet tabel tras. Aby uzyskać więcej informacji, odwiedź stronę https://aka.ms/aks/azure-cni-overlay.
|
NetworkPolicy
Wyliczenie
Zasady sieci używane do tworzenia sieci Kubernetes.
| Wartość |
Opis |
|
none
|
Zasady sieciowe nie będą wymuszane. Jest to wartość domyślna, gdy wartość NetworkPolicy nie jest określona.
|
|
calico
|
Użyj zasad sieciowych Calico. Aby uzyskać więcej informacji, zobacz różnice między zasadami platformy Azure i calico.
|
|
azure
|
Użyj zasad sieciowych platformy Azure. Aby uzyskać więcej informacji, zobacz różnice między zasadami platformy Azure i calico.
|
|
cilium
|
Użyj Cilium, aby wymusić zasady sieciowe. Wymaga to, aby networkDataplane był "cilium".
|
NginxIngressControllerType
Wyliczenie
Typ ruchu przychodzącego domyślnego zasobu niestandardowego NginxIngressController
| Wartość |
Opis |
|
AnnotationControlled
|
Zostanie utworzony domyślny NginxIngressController. Użytkownicy mogą edytować domyślny zasób niestandardowy NginxIngressController, aby skonfigurować adnotacje modułu równoważenia obciążenia.
|
|
External
|
Zostanie utworzony domyślny NginxIngressController, a operator aprowizuje za jego pomocą zewnętrzny moduł równoważenia obciążenia. Każda adnotacja, aby domyślny moduł równoważenia obciążenia był wewnętrzny, zostanie zastąpiony.
|
|
Internal
|
Zostanie utworzony domyślny NginxIngressController, a operator aprowizuje za jego pomocą wewnętrzny moduł równoważenia obciążenia. Wszelkie adnotacje, które mają na celu ustawienie domyślnego modułu równoważenia obciążenia zewnętrznego, zostaną zastąpione.
|
|
None
|
Domyślny kontroler ruchu przychodzącego nie zostanie utworzony. Nie zostanie on usunięty przez system, jeśli istnieje. Użytkownicy powinni ręcznie usunąć domyślny zasób niestandardowy NginxIngressController.
|
nodeOSUpgradeChannel
Wyliczenie
Kanał uaktualniania systemu operacyjnego węzła. Sposób aktualizowania systemu operacyjnego w węzłach. Wartość domyślna to NodeImage.
| Wartość |
Opis |
|
Unmanaged
|
Aktualizacje systemu operacyjnego będą stosowane automatycznie za pośrednictwem wbudowanej infrastruktury poprawek systemu operacyjnego. Nowo skalowane w maszynach będą początkowo niezaznaczone i będą poprawiane w pewnym momencie przez infrastrukturę systemu operacyjnego. Zachowanie tej opcji zależy od danego systemu operacyjnego. System Ubuntu i Mariner stosują poprawki zabezpieczeń za pośrednictwem nienadzorowanego uaktualnienia mniej więcej raz dziennie około 06:00 UTC. System Windows nie stosuje automatycznie poprawek zabezpieczeń, więc dla nich ta opcja jest równoznaczna z Brak do odwołania
|
|
None
|
Żadna próba zaktualizowania systemu operacyjnego maszyn nie zostanie podjęta ani przez system operacyjny, ani przez toczące się wirtualne dyski twarde. Oznacza to, że ponosisz odpowiedzialność za aktualizacje zabezpieczeń
|
|
NodeImage
|
Usługa AKS zaktualizuje węzły przy użyciu nowo poprawionego wirtualnego dysku twardego zawierającego poprawki zabezpieczeń i poprawki błędów w cyklu tygodniowym. Po ponownym odtworzeniu obrazu wirtualnego dysku twardego maszyny aktualizacji zostaną wyświetlone na tym dysku VHD po oknach konserwacji i ustawieniach skoków. Podczas wybierania tej opcji jako hostowanie obrazów przez usługę AKS nie są naliczane żadne dodatkowe koszty dysku VHD.
|
|
SecurityPatch
|
Usługa AKS pobiera i aktualizuje węzły przy użyciu przetestowanych aktualizacji zabezpieczeń. Te aktualizacje honorują ustawienia okna obsługi i tworzą nowy wirtualny dysk twardy używany w nowych węzłach. W niektórych przypadkach nie można zastosować aktualizacji, w takich przypadkach istniejące węzły również zostaną ponownie zreprodukowane do nowo utworzonego wirtualnego dysku twardego w celu zastosowania zmian. Ta opcja wiąże się z dodatkowymi kosztami hostowania nowych dysków VHD poprawek zabezpieczeń w grupie zasobów na potrzeby użycia just in time.
|
NodeProvisioningDefaultNodePools
Wyliczenie
Zestaw domyślnych pul węzłów Karpenter (CRD) skonfigurowanych do aprowizacji węzłów. To pole nie działa, chyba że tryb ma wartość "Auto". Ostrzeżenie: Zmiana tej opcji z Automatycznie na Brak w istniejącym klastrze spowoduje usunięcie domyślnych pul węzłów Karpenter, co spowoduje opróżnienie i usunięcie węzłów skojarzonych z tymi pulami. Zdecydowanie zaleca się, aby tego nie robić, chyba że istnieją bezczynne węzły gotowe do podjęcia zasobników eksmitowanych przez tę akcję. Jeśli nie zostanie określony, wartość domyślna to Auto. Aby uzyskać więcej informacji, zobacz aka.ms/aks/nap#node-pools.
| Wartość |
Opis |
|
None
|
Żadne pule węzłów Karpenter nie są aprowizowane automatycznie. Automatyczne skalowanie nie będzie miało miejsca, chyba że użytkownik utworzy co najmniej jedną instancję CRD NodePool.
|
|
Auto
|
Aprowizowany jest standardowy zestaw Karpenter NodePools
|
NodeProvisioningMode
Wyliczenie
Tryb aprowizacji węzła. Jeśli nie zostanie określony, wartość domyślna to Ręczne.
| Wartość |
Opis |
|
Manual
|
Węzły są aprowizowane ręcznie przez użytkownika
|
|
Auto
|
Węzły są aprowizowane automatycznie przez usługę AKS przy użyciu narzędzia Karpenter (zobacz aka.ms/aks/nap, aby uzyskać więcej informacji). Nadal można tworzyć pule węzłów o stałym rozmiarze, ale nie można skalować automatycznie pul węzłów. (Zobacz aka.ms/aks/nap, aby uzyskać więcej informacji).
|
OSDiskType
Wyliczenie
Typ dysku systemu operacyjnego, który ma być używany dla maszyn w puli agentów. Wartość domyślna to "Efemeryczna", jeśli maszyna wirtualna ją obsługuje i ma dysk pamięci podręcznej większy niż żądany dysk OSDiskSizeGB. W przeciwnym razie wartość domyślna to "Zarządzane". Nie można zmienić po utworzeniu. Aby uzyskać więcej informacji, zobacz efemeryczny system operacyjny.
| Wartość |
Opis |
|
Managed
|
Platforma Azure replikuje dysk systemu operacyjnego dla maszyny wirtualnej do usługi Azure Storage, aby uniknąć utraty danych w przypadku konieczności przeniesienia maszyny wirtualnej na inny host. Ponieważ kontenery nie są zaprojektowane tak, aby stan lokalny był utrwalany, to zachowanie zapewnia ograniczoną wartość, zapewniając pewne wady, w tym wolniejsze aprowizowanie węzłów i większe opóźnienie odczytu/zapisu.
|
|
Ephemeral
|
Efemeryczne dyski systemu operacyjnego są przechowywane tylko na maszynie hosta, podobnie jak dysk tymczasowy. Zapewnia to mniejsze opóźnienie odczytu/zapisu oraz szybsze skalowanie węzłów i uaktualnienia klastra.
|
OSSKU
Wyliczenie
Określa jednostkę SKU systemu operacyjnego używaną przez pulę agentów. Wartość domyślna to Ubuntu, jeśli typ systemu operacyjnego to Linux. Wartość domyślna to Windows2019, gdy platforma Kubernetes <= 1.24 lub Windows2022, gdy platforma Kubernetes >= 1,25, jeśli typ systemu operacyjnego to Windows.
| Wartość |
Opis |
|
AzureLinux
|
Użyj usługi AzureLinux jako systemu operacyjnego dla obrazów węzłów. Azure Linux to zoptymalizowana pod kątem kontenera dystrybucja systemu Linux utworzona przez firmę Microsoft, odwiedź stronę https://aka.ms/azurelinux, aby uzyskać więcej informacji.
|
|
AzureLinux3
|
Użyj AzureLinux3 jako systemu operacyjnego dla obrazów węzłów. Azure Linux to zoptymalizowana pod kątem kontenera dystrybucja systemu Linux utworzona przez firmę Microsoft, odwiedź stronę https://aka.ms/azurelinux, aby uzyskać więcej informacji. Aby zapoznać się z ograniczeniami, odwiedź stronę https://aka.ms/aks/node-images. Aby uzyskać wskazówki dotyczące migracji systemu operacyjnego, zobacz https://aka.ms/aks/upgrade-os-version.
|
|
CBLMariner
|
Przestarzałe jednostki OSSKU. Firma Microsoft zaleca, aby nowe wdrożenia zamiast tego wybierały pozycję "AzureLinux".
|
|
Ubuntu
|
Użyj systemu Ubuntu jako systemu operacyjnego dla obrazów węzłów.
|
|
Ubuntu2204
|
Użyj Ubuntu2204 jako systemu operacyjnego dla obrazów węzłów, jednak Ubuntu 22.04 może nie być obsługiwany dla wszystkich pul węzłów. Aby uzyskać informacje o ograniczeniach i obsługiwanych wersjach kubernetes, zobacz https://aka.ms/aks/supported-ubuntu-versions
|
|
Ubuntu2404
|
Użyj Ubuntu2404 jako systemu operacyjnego dla obrazów węzłów, jednak system Ubuntu 24.04 może nie być obsługiwany dla wszystkich pul węzłów. Aby uzyskać informacje o ograniczeniach i obsługiwanych wersjach kubernetes, zobacz https://aka.ms/aks/supported-ubuntu-versions
|
|
Windows2019
|
Użyj systemu Windows2019 jako systemu operacyjnego dla obrazów węzłów. Nieobsługiwane dla pul węzłów systemowych. System Windows2019 obsługuje tylko kontenery systemu Windows2019; Nie można uruchomić kontenerów systemu Windows2022 i na odwrót.
|
|
Windows2022
|
Użyj systemu Windows2022 jako systemu operacyjnego dla obrazów węzłów. Nieobsługiwane dla pul węzłów systemowych. System Windows2022 obsługuje tylko kontenery systemu Windows2022; nie może uruchamiać kontenerów systemu Windows 2019 i na odwrót.
|
OSType
Wyliczenie
Typ systemu operacyjnego. Wartość domyślna to Linux.
| Wartość |
Opis |
|
Linux
|
Użyj Linuksa.
|
|
Windows
|
Korzystanie z systemu Windows.
|
OutboundIPPrefixes
Sprzeciwiać się
Żądane zasoby prefiksu adresów IP dla modułu równoważenia obciążenia klastra.
| Nazwa |
Typ |
Opis |
|
publicIPPrefixes
|
ResourceReference[]
|
Lista zasobów prefiksu publicznego adresu IP.
|
OutboundIPs
Sprzeciwiać się
Żądane zasoby adresów IP ruchu wychodzącego dla modułu równoważenia obciążenia klastra.
outboundType
Wyliczenie
Metoda routingu ruchu wychodzącego (wychodzącego). Można to ustawić tylko w czasie tworzenia klastra i nie można go zmienić później. Aby uzyskać więcej informacji, zobacz typ ruchu wychodzącego wychodzącego.
| Wartość |
Opis |
|
loadBalancer
|
Moduł równoważenia obciążenia jest używany do ruchu wychodzącego za pośrednictwem publicznego adresu IP przypisanego przez usługę AKS. Obsługuje to usługi Kubernetes typu "loadBalancer". Aby uzyskać więcej informacji, zobacz typ obciążenia ruchu wychodzącego.
|
|
userDefinedRouting
|
Ścieżki ruchu wychodzącego muszą być zdefiniowane przez użytkownika. Jest to zaawansowany scenariusz i wymaga odpowiedniej konfiguracji sieci. Aby uzyskać więcej informacji, zobacz typ ruchu wychodzącego userDefinedRouting.
|
|
managedNATGateway
|
Brama translatora adresów sieciowych zarządzana przez usługę AKS jest używana do ruchu wychodzącego.
|
|
userAssignedNATGateway
|
Brama translatora adresów sieciowych przypisana przez użytkownika skojarzona z podsiecią klastra jest używana do ruchu wychodzącego. Jest to zaawansowany scenariusz i wymaga odpowiedniej konfiguracji sieci.
|
|
none
|
Klaster usługi AKS nie jest ustawiony z żadnym typem ruchu wychodzącego. Wszystkie węzły usługi AKS są zgodne z domyślnym zachowaniem ruchu wychodzącego maszyny wirtualnej platformy Azure. Proszę zajrzeć do https://azure.microsoft.com/en-us/updates/default-outbound-access-for-vms-in-azure-will-be-retired-transition-to-a-new-method-of-internet-access/
|
PodIPAllocationMode
Wyliczenie
Tryb alokacji adresów IP zasobnika. Tryb alokacji adresów IP dla zasobników w puli agentów. Musi być używany z podSubnetId. Wartość domyślna to "DynamicIndividual".
| Wartość |
Opis |
|
DynamicIndividual
|
Każdy węzeł jest przydzielany z nieciągłą listą adresów IP, które można przypisać do zasobników. Jest to lepsze rozwiązanie do maksymalizacji małej lub średniej podsieci o rozmiarze /16 lub mniejszym. Klaster usługi Azure CNI z dynamiczną alokacją adresów IP domyślnie korzysta z tego trybu, jeśli klient nie określi jawnie podIPAllocationMode
|
|
StaticBlock
|
Każdy węzeł jest statycznie przydzielany blok(i) CIDR o rozmiarze /28 = 16 adresów IP na blok, aby spełnić maksymalną liczbę adresów IP na węzeł. Liczba bloków CIDR >= (maxPods / 16). Blok, a nie pojedynczy adres IP, liczy się na limit prywatnych adresów IP sieci wirtualnej platformy Azure 65K. W związku z tym tryb blokowy nadaje się do uruchamiania większych obciążeń z większym limitem 65 tys. zasobników w klastrze. Ten tryb lepiej nadaje się do skalowania z większymi podsieciami /15 lub większymi
|
PortRange
Sprzeciwiać się
Zakres portów.
| Nazwa |
Typ |
Opis |
|
portEnd
|
integer
(int32)
minimum: 1
maximum: 65535
|
Maksymalny port uwzględniony w zakresie. Powinien on zawierać zakres od 1 do 65535 i być większy niż lub równy portStart.
|
|
portStart
|
integer
(int32)
minimum: 1
maximum: 65535
|
Minimalny port uwzględniony w zakresie. Powinien on być z zakresu od 1 do 65535 i być mniejszy lub równy portEnd.
|
|
protocol
|
Protocol
|
Protokół sieciowy portu.
|
PowerState
Sprzeciwiać się
Opisuje stan zasilania klastra
| Nazwa |
Typ |
Opis |
|
code
|
code
|
Informuje, czy klaster jest uruchomiony, czy zatrzymany
|
PrivateLinkResource
Sprzeciwiać się
Zasób łącza prywatnego
| Nazwa |
Typ |
Opis |
|
groupId
|
string
|
Identyfikator grupy zasobu.
|
|
id
|
string
|
Identyfikator zasobu łącza prywatnego.
|
|
name
|
string
|
Nazwa zasobu łącza prywatnego.
|
|
privateLinkServiceID
|
string
(arm-id)
|
Identyfikator usługi łącza prywatnego zasobu, to pole jest uwidocznione tylko wewnętrznie dla NRP.
|
|
requiredMembers
|
string[]
|
Liczba wymaganych elementów zasobu
|
|
type
|
string
|
Typ zasobu.
|
Protocol
Wyliczenie
Protokół sieciowy portu.
| Wartość |
Opis |
|
TCP
|
Protokół TCP.
|
|
UDP
|
Protokół UDP.
|
ProvisioningInfo
Sprzeciwiać się
PublicNetworkAccess
Wyliczenie
PublicNetworkAccess klastra zarządzanego. Zezwalanie na dostęp do sieci publicznej dla usługi AKS lub odmawianie dostępu do sieci publicznej
| Wartość |
Opis |
|
Enabled
|
|
|
Disabled
|
|
ResourceIdentityType
Wyliczenie
Typ tożsamości używany dla klastra zarządzanego. Aby uzyskać więcej informacji, zobacz Używanie tożsamości zarządzanych w usłudze AKS.
| Wartość |
Opis |
|
SystemAssigned
|
Używanie niejawnie utworzonej tożsamości zarządzanej przypisanej przez system do zarządzania zasobami klastra. Składniki główne na płaszczyźnie sterowania, takie jak kube-controller-manager, będą używać tożsamości zarządzanej przypisanej przez system do manipulowania zasobami platformy Azure.
|
|
UserAssigned
|
Używanie tożsamości określonej przez użytkownika do zarządzania zasobami klastra. Składniki główne na płaszczyźnie sterowania, takie jak kube-controller-manager, będą używać określonej tożsamości zarządzanej przypisanej przez użytkownika do manipulowania zasobami platformy Azure.
|
|
None
|
Nie używaj tożsamości zarządzanej dla klastra zarządzanego, zamiast tego zostanie użyta jednostka usługi.
|
ResourceReference
Sprzeciwiać się
Odwołanie do zasobu platformy Azure.
| Nazwa |
Typ |
Opis |
|
id
|
string
(arm-id)
|
W pełni kwalifikowany identyfikator zasobu platformy Azure.
|
RestrictionLevel
Wyliczenie
Poziom ograniczeń zastosowany do grupy zasobów węzła klastra. Jeśli nie zostanie określony, wartość domyślna to "Bez ograniczeń"
| Wartość |
Opis |
|
Unrestricted
|
Wszystkie uprawnienia RBAC są dozwolone w grupie zasobów węzła zarządzanego
|
|
ReadOnly
|
W grupie zasobów węzła zarządzanego dozwolone są tylko uprawnienia */odczytu RBAC
|
ScaleDownMode
Wyliczenie
W tym artykule opisano, jak maszyny wirtualne są dodawane do pul agentów lub usuwane z nich. Zobacz stany rozliczeń.
| Wartość |
Opis |
|
Delete
|
Tworzenie nowych wystąpień podczas skalowania w górę i usuwanie wystąpień podczas skalowania w dół.
|
|
Deallocate
|
Spróbuj uruchomić wystąpienia o cofniętej alokacji (jeśli istnieją) podczas skalowania w górę i cofnąć alokację wystąpień podczas skalowania w dół.
|
ScaleProfile
Sprzeciwiać się
Specyfikacje dotyczące skalowania puli agentów VirtualMachines.
| Nazwa |
Typ |
Opis |
|
manual
|
ManualScaleProfile[]
|
Specyfikacje dotyczące sposobu skalowania puli agentów VirtualMachines do stałego rozmiaru.
|
ScaleSetEvictionPolicy
Wyliczenie
Zasady eksmisji zestawu skalowania maszyn wirtualnych. Zasady eksmisji określają, co należy zrobić z maszyną wirtualną po jej eksmisji. Wartość domyślna to Usuń. Aby uzyskać więcej informacji na temat eksmisji, zobacz Maszyny wirtualne typu spot
| Wartość |
Opis |
|
Delete
|
Węzły w bazowym zestawie skalowania puli węzłów są usuwane po ich eksmisji.
|
|
Deallocate
|
Węzły w bazowym zestawie skalowania puli węzłów są ustawiane na stan zatrzymania-cofniętego przydziału po eksmisji. Węzły w zatrzymanej liczbie stanu cofania przydziału zasobów obliczeniowych i mogą powodować problemy ze skalowaniem lub uaktualnianiem klastra.
|
ScaleSetPriority
Wyliczenie
Priorytet zestawu skalowania maszyn wirtualnych.
| Wartość |
Opis |
|
Spot
|
Będą używane maszyny wirtualne o priorytecie typu spot. Brak umowy SLA dla węzłów typu spot. Aby uzyskać więcej informacji, zobacz miejscu w usłudze AKS.
|
|
Regular
|
Będą używane zwykłe maszyny wirtualne.
|
ServiceMeshMode
Wyliczenie
Tryb siatki usług.
| Wartość |
Opis |
|
Istio
|
Istio wdrożone jako dodatek do usługi AKS.
|
|
Disabled
|
Siatka jest wyłączona.
|
ServiceMeshProfile
Sprzeciwiać się
Profil usługi Service Mesh dla klastra zarządzanego.
SysctlConfig
Sprzeciwiać się
Ustawienia sysctl dla węzłów agenta systemu Linux.
| Nazwa |
Typ |
Opis |
|
fsAioMaxNr
|
integer
(int32)
|
Ustawienie Sysctl fs.aio-max-nr.
|
|
fsFileMax
|
integer
(int32)
|
Ustawienie sysctl fs.file-max.
|
|
fsInotifyMaxUserWatches
|
integer
(int32)
|
Ustawienie sysctl fs.inotify.max_user_watches.
|
|
fsNrOpen
|
integer
(int32)
|
Ustawienie Sysctl fs.nr_open.
|
|
kernelThreadsMax
|
integer
(int32)
|
Ustawienie sysctl kernel.threads-max.
|
|
netCoreNetdevMaxBacklog
|
integer
(int32)
|
Ustawienie Sysctl net.core.netdev_max_backlog.
|
|
netCoreOptmemMax
|
integer
(int32)
|
Ustawienie sysctl net.core.optmem_max.
|
|
netCoreRmemDefault
|
integer
(int32)
|
Ustawienie Sysctl net.core.rmem_default.
|
|
netCoreRmemMax
|
integer
(int32)
|
Ustawienie sysctl net.core.rmem_max.
|
|
netCoreSomaxconn
|
integer
(int32)
|
Ustawienie sysctl net.core.somaxconn.
|
|
netCoreWmemDefault
|
integer
(int32)
|
Ustawienie sysctl net.core.wmem_default.
|
|
netCoreWmemMax
|
integer
(int32)
|
Ustawienie sysctl net.core.wmem_max.
|
|
netIpv4IpLocalPortRange
|
string
|
Ustawienie sysctl net.ipv4.ip_local_port_range.
|
|
netIpv4NeighDefaultGcThresh1
|
integer
(int32)
|
Ustawienie sysctl net.ipv4.neigh.default.gc_thresh1.
|
|
netIpv4NeighDefaultGcThresh2
|
integer
(int32)
|
Ustawienie Sysctl net.ipv4.neigh.default.gc_thresh2.
|
|
netIpv4NeighDefaultGcThresh3
|
integer
(int32)
|
Ustawienie sysctl net.ipv4.neigh.default.gc_thresh3.
|
|
netIpv4TcpFinTimeout
|
integer
(int32)
|
Ustawienie Sysctl net.ipv4.tcp_fin_timeout.
|
|
netIpv4TcpKeepaliveProbes
|
integer
(int32)
|
Ustawienie sysctl net.ipv4.tcp_keepalive_probes.
|
|
netIpv4TcpKeepaliveTime
|
integer
(int32)
|
Ustawienie sysctl net.ipv4.tcp_keepalive_time.
|
|
netIpv4TcpMaxSynBacklog
|
integer
(int32)
|
Ustawienie Sysctl net.ipv4.tcp_max_syn_backlog.
|
|
netIpv4TcpMaxTwBuckets
|
integer
(int32)
|
Ustawienie Sysctl net.ipv4.tcp_max_tw_buckets.
|
|
netIpv4TcpTwReuse
|
boolean
|
Ustawienie Sysctl net.ipv4.tcp_tw_reuse.
|
|
netIpv4TcpkeepaliveIntvl
|
integer
(int32)
minimum: 10
maximum: 90
|
Ustawienie sysctl net.ipv4.tcp_keepalive_intvl.
|
|
netNetfilterNfConntrackBuckets
|
integer
(int32)
minimum: 65536
maximum: 524288
|
Ustawienie sysctl net.netfilter.nf_conntrack_buckets.
|
|
netNetfilterNfConntrackMax
|
integer
(int32)
minimum: 131072
maximum: 2097152
|
Ustawienie sysctl net.netfilter.nf_conntrack_max.
|
|
vmMaxMapCount
|
integer
(int32)
|
Ustawienie sysctl vm.max_map_count.
|
|
vmSwappiness
|
integer
(int32)
|
Ustawienie sysctl vm.swappiness.
|
|
vmVfsCachePressure
|
integer
(int32)
|
Ustawienie Sysctl vm.vfs_cache_pressure.
|
systemData
Sprzeciwiać się
Metadane dotyczące tworzenia i ostatniej modyfikacji zasobu.
| Nazwa |
Typ |
Opis |
|
createdAt
|
string
(date-time)
|
Sygnatura czasowa tworzenia zasobu (UTC).
|
|
createdBy
|
string
|
Tożsamość, która utworzyła zasób.
|
|
createdByType
|
createdByType
|
Typ tożsamości, która utworzyła zasób.
|
|
lastModifiedAt
|
string
(date-time)
|
Sygnatura czasowa ostatniej modyfikacji zasobu (UTC)
|
|
lastModifiedBy
|
string
|
Tożsamość, która ostatnio zmodyfikowała zasób.
|
|
lastModifiedByType
|
createdByType
|
Typ tożsamości, która ostatnio zmodyfikowała zasób.
|
UndrainableNodeBehavior
Wyliczenie
Definiuje zachowanie węzłów niewykonalnych podczas uaktualniania. Najczęstszą przyczyną niedostępnych węzłów jest budżety zakłóceń zasobników (PDB), ale inne problemy, takie jak okres prolongaty zakończenia zasobnika przekracza pozostały limit czasu opróżniania węzła lub zasobnik jest nadal w stanie uruchomienia, może również spowodować niezrównowadzone węzły.
| Wartość |
Opis |
|
Schedule
|
Usługa AKS oznaczy zablokowane węzły jako możliwe do zaplanowania, ale zablokowane węzły nie zostaną uaktualnione. Zostanie podjęta próba usunięcia wszystkich węzłów przepięcia. Operacja uaktualniania i klaster zarządzany będą w stanie niepowodzenia, jeśli istnieją zablokowane węzły.
|
|
Cordon
|
Usługa AKS zabezpieczy zablokowane węzły i zastąpi je węzłami przepięcia podczas uaktualniania. Zablokowane węzły zostaną kordonowane i zastąpione węzłami przepięcia. Zablokowane węzły będą miały etykietę "kubernetes.azure.com/upgrade-status:Quarantined". Węzeł przepięcia zostanie zachowany dla każdego zablokowanego węzła. Zostanie podjęta próba usunięcia wszystkich innych węzłów przepięcia. Jeśli istnieje wystarczająca liczba węzłów przepięcia, aby zastąpić zablokowane węzły, operacja uaktualniania i klaster zarządzany będą w stanie niepowodzenia. W przeciwnym razie operacja uaktualniania i zarządzany klaster będą w stanie anulowania.
|
upgradeChannel
Wyliczenie
Kanał uaktualniania na potrzeby automatycznego uaktualniania. Wartość domyślna to "none". Aby uzyskać więcej informacji, zobacz ustawianie kanału automatycznego uaktualniania klastra usługi AKS.
| Wartość |
Opis |
|
rapid
|
Automatycznie uaktualnij klaster do najnowszej obsługiwanej wersji poprawki w najnowszej obsługiwanej wersji pomocniczej. W przypadkach, gdy klaster znajduje się w wersji rozwiązania Kubernetes, która znajduje się w wersji pomocniczej N-2, w której N jest najnowszą obsługiwaną wersją pomocniczą, klaster najpierw uaktualnia do najnowszej obsługiwanej wersji poprawki w wersji pomocniczej N-1. Jeśli na przykład klaster działa w wersji 1.17.7 i w wersjach 1.17.9, 1.18.4, 1.18.6 i 1.19.1, klaster najpierw zostanie uaktualniony do wersji 1.18.6, a następnie zostanie uaktualniony do wersji 1.19.1.
|
|
stable
|
Automatycznie uaktualnij klaster do najnowszej obsługiwanej wersji poprawki w wersji pomocniczej N-1, gdzie N jest najnowszą obsługiwaną wersją pomocniczą. Jeśli na przykład klaster działa w wersji 1.17.7 i w wersjach 1.17.9, 1.18.4, 1.18.6 i 1.19.1, klaster zostanie uaktualniony do wersji 1.18.6.
|
|
patch
|
Automatycznie uaktualnij klaster do najnowszej obsługiwanej wersji poprawki, gdy stanie się dostępna, zachowując tę samą wersję pomocniczą. Jeśli na przykład klaster jest uruchomiony w wersji 1.17.7 i w wersjach 1.17.9, 1.18.4, 1.18.6 i 1.19.1, klaster zostanie uaktualniony do wersji 1.17.9.
|
|
node-image
|
Automatycznie uaktualnij obraz węzła do najnowszej dostępnej wersji. Rozważ użycie nodeOSUpgradeChannel zamiast tego, ponieważ umożliwia to skonfigurowanie poprawek systemu operacyjnego węzła oddzielnie od stosowania poprawek wersji Kubernetes
|
|
none
|
Wyłącza automatyczne uaktualnienia i utrzymuje klaster w bieżącej wersji platformy Kubernetes.
|
UpgradeOverrideSettings
Sprzeciwiać się
Ustawienia przesłonięć podczas uaktualniania klastra.
| Nazwa |
Typ |
Opis |
|
forceUpgrade
|
boolean
|
Czy wymusić uaktualnienie klastra. Należy pamiętać, że ta opcja instruuje operację uaktualniania, aby pominąć zabezpieczenia uaktualnienia, takie jak sprawdzanie przestarzałego użycia interfejsu API. Włącz tę opcję tylko z ostrożnością.
|
|
until
|
string
(date-time)
|
Do momentu, gdy przesłonięcia są skuteczne. Należy pamiętać, że jest to zgodne tylko z godziną rozpoczęcia uaktualnienia, a skuteczność nie zmieni się po uruchomieniu uaktualnienia, nawet jeśli until uaktualnienie wygaśnie po zakończeniu uaktualniania. To pole nie jest domyślnie ustawione. Aby przesłonięcia zaczęły obowiązywać, należy go ustawić.
|
UserAssignedIdentities
Sprzeciwiać się
Tożsamość użytkownika skojarzona z klastrem zarządzanym. Ta tożsamość będzie używana w płaszczyźnie sterowania. Dozwolona jest tylko jedna tożsamość przypisana przez użytkownika. Klucze muszą być identyfikatorami zasobów usługi ARM w postaci: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}".
UserAssignedIdentity
Sprzeciwiać się
Szczegółowe informacje o tożsamości przypisanej przez użytkownika.
| Nazwa |
Typ |
Opis |
|
clientId
|
string
|
Identyfikator klienta tożsamości przypisanej przez użytkownika.
|
|
objectId
|
string
|
Identyfikator obiektu tożsamości przypisanej przez użytkownika.
|
|
resourceId
|
string
(arm-id)
|
Identyfikator zasobu tożsamości przypisanej przez użytkownika.
|
VirtualMachineNodes
Sprzeciwiać się
Bieżący stan w grupie węzłów o tym samym rozmiarze maszyny wirtualnej.
| Nazwa |
Typ |
Opis |
|
count
|
integer
(int32)
|
Liczba węzłów.
|
|
size
|
string
|
Rozmiar maszyny wirtualnej agentów używanych do hostowania tej grupy węzłów.
|
VirtualMachinesProfile
Sprzeciwiać się
Specyfikacje w puli agentów VirtualMachines.
| Nazwa |
Typ |
Opis |
|
scale
|
ScaleProfile
|
Specyfikacje dotyczące skalowania puli agentów VirtualMachines.
|
WindowsGmsaProfile
Sprzeciwiać się
Profil gMSA systemu Windows w klastrze zarządzanym.
| Nazwa |
Typ |
Opis |
|
dnsServer
|
string
|
Określa serwer DNS dla systemu Windows gMSA.
Ustaw ją na pustą, jeśli skonfigurowano serwer DNS w sieci wirtualnej, która jest używana do tworzenia klastra zarządzanego.
|
|
enabled
|
boolean
|
Czy włączyć gMSA systemu Windows. Określa, czy włączyć grupę zarządzania systemem Windows w klastrze zarządzanym.
|
|
rootDomainName
|
string
|
Określa nazwę domeny głównej dla gMSA systemu Windows.
Ustaw ją na pustą, jeśli skonfigurowano serwer DNS w sieci wirtualnej, która jest używana do tworzenia klastra zarządzanego.
|
WorkloadRuntime
Wyliczenie
Określa typ obciążenia, który może uruchomić węzeł.
| Wartość |
Opis |
|
OCIContainer
|
Węzły będą używać rozwiązania Kubelet do uruchamiania standardowych obciążeń kontenerów OCI.
|
|
WasmWasi
|
Węzły będą używać narzędzia Krustlet do uruchamiania obciążeń WASM przy użyciu dostawcy WASI (wersja zapoznawcza).
|
|
KataVmIsolation
|
Węzły mogą używać (Kata + Cloud Hypervisor + Hyper-V) do włączania zagnieżdżonych zasobników opartych na maszynach wirtualnych. Ze względu na użycie funkcji Hyper-V sam system operacyjny węzła usługi AKS jest zagnieżdżonym maszyną wirtualną (głównym systemem operacyjnym) funkcji Hyper-V. W związku z tym można go używać tylko z serii maszyn wirtualnych, które obsługują wirtualizację zagnieżdżona, taką jak seria Dv3.
|