Cria ou atualiza um cluster gerenciado.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}?api-version=2025-10-01
Parâmetros URI
| Nome |
Em |
Necessário |
Tipo |
Descrição |
|
resourceGroupName
|
path |
True
|
string
minLength: 1
maxLength: 90
|
O nome do grupo de recursos. O nome não diferencia maiúsculas de minúsculas.
|
|
resourceName
|
path |
True
|
string
minLength: 1
maxLength: 63
pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$
|
O nome do recurso de cluster gerenciado.
|
|
subscriptionId
|
path |
True
|
string
(uuid)
|
A ID da assinatura de destino. O valor deve ser um UUID.
|
|
api-version
|
query |
True
|
string
minLength: 1
|
A versão da API a utilizar para esta operação.
|
| Nome |
Necessário |
Tipo |
Descrição |
|
If-Match
|
|
string
|
A solicitação só deve prosseguir se uma entidade corresponder a essa cadeia de caracteres.
|
|
If-None-Match
|
|
string
|
A solicitação só deve prosseguir se nenhuma entidade corresponder a essa cadeia de caracteres.
|
Órgão do Pedido
| Nome |
Necessário |
Tipo |
Descrição |
|
location
|
True
|
string
|
A geolocalização onde o recurso vive
|
|
extendedLocation
|
|
ExtendedLocation
|
O local estendido da máquina virtual.
|
|
identity
|
|
ManagedClusterIdentity
|
A identidade do cluster gerenciado, se configurado.
|
|
kind
|
|
string
|
Isso é usado principalmente para expor diferentes experiências de interface do usuário no portal para diferentes tipos
|
|
properties.aadProfile
|
|
ManagedClusterAADProfile
|
A configuração do Azure Ative Directory.
|
|
properties.addonProfiles
|
|
<string,
ManagedClusterAddonProfile>
|
O perfil do complemento de cluster gerenciado.
|
|
properties.agentPoolProfiles
|
|
ManagedClusterAgentPoolProfile[]
|
As propriedades do pool de agentes.
|
|
properties.aiToolchainOperatorProfile
|
|
ManagedClusterAIToolchainOperatorProfile
|
Configurações do operador da cadeia de ferramentas de IA que se aplicam a todo o cluster.
|
|
properties.apiServerAccessProfile
|
|
ManagedClusterAPIServerAccessProfile
|
O perfil de acesso para o servidor de API de cluster gerenciado.
|
|
properties.autoScalerProfile
|
|
AutoScalerProfile
|
Parâmetros a serem aplicados ao autoscaler de cluster quando ativado
|
|
properties.autoUpgradeProfile
|
|
ManagedClusterAutoUpgradeProfile
|
A configuração de atualização automática.
|
|
properties.azureMonitorProfile
|
|
ManagedClusterAzureMonitorProfile
|
Perfis de complemento do Azure Monitor para monitorar o cluster gerenciado.
|
|
properties.bootstrapProfile
|
|
ManagedClusterBootstrapProfile
|
Perfil da configuração de bootstrap do cluster.
|
|
properties.disableLocalAccounts
|
|
boolean
|
Se as contas locais devem ser desabilitadas no Cluster Gerenciado. Se definido como true, a obtenção de credenciais estáticas será desabilitada para esse cluster. Isso só deve ser usado em Clusters Gerenciados habilitados para AAD. Para obter mais detalhes, consulte desativar contas locais.
|
|
properties.diskEncryptionSetID
|
|
string
(arm-id)
|
A ID do recurso do conjunto de criptografia de disco a ser usado para habilitar a criptografia em repouso. Este é o formato: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}'
|
|
properties.dnsPrefix
|
|
string
|
O prefixo DNS do Cluster Gerenciado. Isso não pode ser atualizado depois que o Cluster Gerenciado tiver sido criado.
|
|
properties.enableRBAC
|
|
boolean
|
Se o Kubernetes deve ser ativado Role-Based Controle de Acesso.
|
|
properties.fqdnSubdomain
|
|
string
|
O subdomínio FQDN do cluster privado com zona dns privada personalizada. Isso não pode ser atualizado depois que o Cluster Gerenciado tiver sido criado.
|
|
properties.httpProxyConfig
|
|
ManagedClusterHTTPProxyConfig
|
Configurações para provisionamento do cluster com servidores proxy HTTP.
|
|
properties.identityProfile
|
|
<string,
UserAssignedIdentity>
|
A identidade do usuário associada ao cluster gerenciado. Esta identidade será usada pelo kubelet. Apenas uma identidade atribuída ao usuário é permitida. A única chave aceita é "kubeletidentity", com valor de "resourceId": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}".
|
|
properties.ingressProfile
|
|
ManagedClusterIngressProfile
|
Perfil de ingresso para o cluster gerenciado.
|
|
properties.kubernetesVersion
|
|
string
|
A versão do Kubernetes especificada pelo usuário. A versão do patch <> major.minor.patch (por exemplo, 1.20.13) e <> major.minor (por exemplo, 1.20) são suportadas. Quando <> major.minor é especificado, a versão mais recente do patch GA suportada é escolhida automaticamente. Atualizar o cluster com o mesmo <> major.minor depois de criado (por exemplo, 1.14.x -> 1.14) não acionará uma atualização, mesmo que uma versão de patch mais recente esteja disponível. Quando você atualiza um cluster AKS suportado, as versões secundárias do Kubernetes não podem ser ignoradas. Todas as atualizações devem ser executadas sequencialmente pelo número da versão principal. Por exemplo, atualizações entre 1.14.x -> 1.15.x ou 1.15.x -> 1.16.x são permitidas, no entanto, 1.14.x -> 1.16.x não são permitidas. Consulte atualizar um cluster AKS para obter mais detalhes.
|
|
properties.linuxProfile
|
|
ContainerServiceLinuxProfile
|
O perfil para VMs Linux no cluster gerenciado.
|
|
properties.metricsProfile
|
|
ManagedClusterMetricsProfile
|
Configuração opcional de métricas de cluster.
|
|
properties.networkProfile
|
|
ContainerServiceNetworkProfile
|
O perfil de configuração de rede.
|
|
properties.nodeProvisioningProfile
|
|
ManagedClusterNodeProvisioningProfile
|
Configurações de provisionamento de nó que se aplicam a todo o cluster.
|
|
properties.nodeResourceGroup
|
|
string
|
O nome do grupo de recursos que contém nós do pool de agentes.
|
|
properties.nodeResourceGroupProfile
|
|
ManagedClusterNodeResourceGroupProfile
|
Perfil da configuração do grupo de recursos do nó.
|
|
properties.oidcIssuerProfile
|
|
ManagedClusterOIDCIssuerProfile
|
O perfil do emissor OIDC do Cluster Gerenciado.
|
|
properties.podIdentityProfile
|
|
ManagedClusterPodIdentityProfile
|
O perfil de identidade do pod do Cluster Gerenciado. Consulte usar o de identidade do pod do AAD para obter mais detalhes sobre a integração da identidade do pod do AAD.
|
|
properties.privateLinkResources
|
|
PrivateLinkResource[]
|
Recursos de link privado associados ao cluster.
|
|
properties.publicNetworkAccess
|
|
PublicNetworkAccess
|
PublicNetworkAccess do managedCluster. Permitir ou negar acesso à rede pública para o AKS
|
|
properties.securityProfile
|
|
ManagedClusterSecurityProfile
|
Perfil de segurança para o cluster gerenciado.
|
|
properties.serviceMeshProfile
|
|
ServiceMeshProfile
|
Perfil de malha de serviço para um cluster gerenciado.
|
|
properties.servicePrincipalProfile
|
|
ManagedClusterServicePrincipalProfile
|
Informações sobre uma identidade de entidade de serviço para o cluster usar para manipular APIs do Azure.
|
|
properties.status
|
|
ManagedClusterStatus
|
Contém informações somente leitura sobre o Cluster Gerenciado.
|
|
properties.storageProfile
|
|
ManagedClusterStorageProfile
|
Perfil de armazenamento para o cluster gerenciado.
|
|
properties.supportPlan
|
|
KubernetesSupportPlan
|
O plano de suporte para o Cluster Gerenciado. Se não for especificado, o padrão é 'KubernetesOfficial'.
|
|
properties.upgradeSettings
|
|
ClusterUpgradeSettings
|
Configurações para atualizar um cluster.
|
|
properties.windowsProfile
|
|
ManagedClusterWindowsProfile
|
O perfil para VMs do Windows no Cluster Gerenciado.
|
|
properties.workloadAutoScalerProfile
|
|
ManagedClusterWorkloadAutoScalerProfile
|
Perfil do dimensionador automático da carga de trabalho para o cluster gerenciado.
|
|
sku
|
|
ManagedClusterSKU
|
A SKU do cluster gerenciado.
|
|
tags
|
|
object
|
Tags de recursos.
|
Respostas
| Nome |
Tipo |
Descrição |
|
200 OK
|
ManagedCluster
|
O cluster gerenciado existente foi atualizado com êxito.
|
|
201 Created
|
ManagedCluster
|
O novo cluster gerenciado foi criado com êxito.
|
|
Other Status Codes
|
ErrorResponse
|
Resposta de erro descrevendo por que a operação falhou.
|
Segurança
azure_auth
Azure Ative Directory OAuth2 Flow
Tipo:
oauth2
Flow:
implicit
URL de autorização:
https://login.microsoftonline.com/common/oauth2/authorize
Alcances
| Nome |
Descrição |
|
user_impersonation
|
personificar a sua conta de utilizador
|
Exemplos
Create Managed Cluster using an agent pool snapshot
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableFIPS": true,
"creationData": {
"sourceResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"
}
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.CreationData;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_Snapshot.json
*/
/**
* Sample code: Create Managed Cluster using an agent pool snapshot.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterUsingAnAgentPoolSnapshot(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableFips(true)
.withCreationData(new CreationData().withSourceResourceId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"))
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_snapshot.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"creationData": {
"sourceResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"
},
"enableFIPS": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Snapshot.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Snapshot.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterUsingAnAgentPoolSnapshot() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
CreationData: &armcontainerservice.CreationData{
SourceResourceID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"),
},
EnableFIPS: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CreationData: &armcontainerservice.CreationData{
// SourceResourceID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"),
// },
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableFIPS: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Snapshot.json
*/
async function createManagedClusterUsingAnAgentPoolSnapshot() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
creationData: {
sourceResourceId:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1",
},
enableFips: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Snapshot.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableFips = true,
CreationDataSourceResourceId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"),
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"enableFIPS": true,
"creationData": {
"sourceResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"
}
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableFIPS": true,
"creationData": {
"sourceResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/snapshots/snapshot1"
}
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Cluster with AKS-managed NAT gateway as outbound type
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": false,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "managedNATGateway",
"natGatewayProfile": {
"managedOutboundIPProfile": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterManagedOutboundIpProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterNatGatewayProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_ManagedNATGateway.json
*/
/**
* Sample code: Create Managed Cluster with AKS-managed NAT gateway as outbound type.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithAKSManagedNATGatewayAsOutboundType(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(false).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile()
.withOutboundType(OutboundType.MANAGED_NATGATEWAY).withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withNatGatewayProfile(new ManagedClusterNatGatewayProfile()
.withManagedOutboundIpProfile(new ManagedClusterManagedOutboundIpProfile().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_managed_nat_gateway.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": False,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerSku": "standard",
"natGatewayProfile": {"managedOutboundIPProfile": {"count": 2}},
"outboundType": "managedNATGateway",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_ManagedNATGateway.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_ManagedNATGateway.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithAksManagedNatGatewayAsOutboundType() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(false),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
NatGatewayProfile: &armcontainerservice.ManagedClusterNATGatewayProfile{
ManagedOutboundIPProfile: &armcontainerservice.ManagedClusterManagedOutboundIPProfile{
Count: to.Ptr[int32](2),
},
},
OutboundType: to.Ptr(armcontainerservice.OutboundTypeManagedNATGateway),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(false),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NatGatewayProfile: &armcontainerservice.ManagedClusterNATGatewayProfile{
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](4),
// ManagedOutboundIPProfile: &armcontainerservice.ManagedClusterManagedOutboundIPProfile{
// Count: to.Ptr[int32](2),
// },
// },
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeManagedNATGateway),
// PodCidr: to.Ptr("10.244.0.0/16"),
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_ManagedNATGateway.json
*/
async function createManagedClusterWithAksManagedNatGatewayAsOutboundType() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: false,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerSku: "standard",
natGatewayProfile: { managedOutboundIPProfile: { count: 2 } },
outboundType: "managedNATGateway",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_ManagedNATGateway.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = false,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.ManagedNatGateway,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
NatGatewayProfile = new ManagedClusterNatGatewayProfile
{
ManagedOutboundIPCount = 2,
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": false,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "managedNATGateway",
"natGatewayProfile": {
"idleTimeoutInMinutes": 4,
"managedOutboundIPProfile": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": false,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "managedNATGateway",
"natGatewayProfile": {
"idleTimeoutInMinutes": 4,
"managedOutboundIPProfile": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Cluster with Azure KeyVault Secrets Provider Addon
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"enabled": true,
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
}
}
},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAddonProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_AzureKeyvaultSecretsProvider.json
*/
/**
* Sample code: Create Managed Cluster with Azure KeyVault Secrets Provider Addon.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithAzureKeyVaultSecretsProviderAddon(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile().withClientId("clientid")
.withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf("azureKeyvaultSecretsProvider",
new ManagedClusterAddonProfile().withEnabled(true).withConfig(
mapOf("enableSecretRotation", "fakeTokenPlaceholder", "rotationPollInterval", "2m"))))
.withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_azure_keyvault_secrets_provider.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"config": {"enableSecretRotation": "true", "rotationPollInterval": "2m"},
"enabled": True,
}
},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureKeyvaultSecretsProvider.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureKeyvaultSecretsProvider.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithAzureKeyVaultSecretsProviderAddon() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{
"azureKeyvaultSecretsProvider": {
Config: map[string]*string{
"enableSecretRotation": to.Ptr("true"),
"rotationPollInterval": to.Ptr("2m"),
},
Enabled: to.Ptr(true),
},
},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{
// "azureKeyvaultSecretsProvider": &armcontainerservice.ManagedClusterAddonProfile{
// Config: map[string]*string{
// "enableSecretRotation": to.Ptr("true"),
// "rotationPollInterval": to.Ptr("2m"),
// },
// Enabled: to.Ptr(true),
// },
// },
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureKeyvaultSecretsProvider.json
*/
async function createManagedClusterWithAzureKeyVaultSecretsProviderAddon() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {
azureKeyvaultSecretsProvider: {
config: { enableSecretRotation: "true", rotationPollInterval: "2m" },
enabled: true,
},
},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureKeyvaultSecretsProvider.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles =
{
["azureKeyvaultSecretsProvider"] = new ManagedClusterAddonProfile(true)
{
Config =
{
["enableSecretRotation"] = "true",
["rotationPollInterval"] = "2m"
},
}
},
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"enabled": true,
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
}
}
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"enabled": true,
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
}
}
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Cluster with Capacity Reservation Group
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"capacityReservationGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_CRG.json
*/
/**
* Sample code: Create Managed Cluster with Capacity Reservation Group.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithCapacityReservationGroup(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true)
.withCapacityReservationGroupId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1")
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_crg.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"capacityReservationGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1",
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CRG.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CRG.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithCapacityReservationGroup() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
CapacityReservationGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1"),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// CapacityReservationGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1"),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CRG.json
*/
async function createManagedClusterWithCapacityReservationGroup() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
capacityReservationGroupID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CRG.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
CapacityReservationGroupId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1"),
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"capacityReservationGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"capacityReservationGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/capacityReservationGroups/crg1"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Cluster with Custom CA Trust Certificates
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"securityProfile": {
"customCATrustCertificates": [
"ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ="
]
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_CustomCATrustCertificates.json
*/
/**
* Sample code: Create Managed Cluster with Custom CA Trust Certificates.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithCustomCATrustCertificates(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
.withSecurityProfile(new ManagedClusterSecurityProfile().withCustomCATrustCertificates(
Arrays.asList("ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ=".getBytes()))),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_custom_ca_trust_certificates.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"securityProfile": {
"customCATrustCertificates": ["ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ="]
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CustomCATrustCertificates.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CustomCATrustCertificates.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithCustomCaTrustCertificates() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
SecurityProfile: &armcontainerservice.ManagedClusterSecurityProfile{
CustomCATrustCertificates: [][]byte{
[]byte("ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ=")},
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// SecurityProfile: &armcontainerservice.ManagedClusterSecurityProfile{
// CustomCATrustCertificates: [][]byte{
// []byte("ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ=")},
// },
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CustomCATrustCertificates.json
*/
async function createManagedClusterWithCustomCaTrustCertificates() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
securityProfile: {
customCATrustCertificates: [
Buffer.from("ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ="),
],
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_CustomCATrustCertificates.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
SecurityProfile = new ManagedClusterSecurityProfile
{
CustomCATrustCertificates = { Encoding.UTF8.GetBytes("ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ=") },
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"securityProfile": {
"customCATrustCertificates": [
"ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ="
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"securityProfile": {
"customCATrustCertificates": [
"ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ="
]
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Cluster with Dedicated Host Group
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"hostGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_DedicatedHostGroup.json
*/
/**
* Sample code: Create Managed Cluster with Dedicated Host Group.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithDedicatedHostGroup(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withEnableNodePublicIp(true)
.withHostGroupId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1")
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_dedicated_host_group.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"hostGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DedicatedHostGroup.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DedicatedHostGroup.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithDedicatedHostGroup() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
HostGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1"),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// EnableNodePublicIP: to.Ptr(true),
// HostGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1"),
// MaxPods: to.Ptr[int32](110),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DedicatedHostGroup.json
*/
async function createManagedClusterWithDedicatedHostGroup() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
hostGroupID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DedicatedHostGroup.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
EnableNodePublicIP = true,
HostGroupId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1"),
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"hostGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"hostGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg/providers/Microsoft.Compute/hostGroups/hostgroup1"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Cluster with EncryptionAtHost enabled
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_EnableEncryptionAtHost.json
*/
/**
* Sample code: Create Managed Cluster with EncryptionAtHost enabled.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithEncryptionAtHostEnabled(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableEncryptionAtHost(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_enable_encryption_at_host.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableEncryptionAtHost": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableEncryptionAtHost.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableEncryptionAtHost.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithEncryptionAtHostEnabled() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableEncryptionAtHost: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableEncryptionAtHost.json
*/
async function createManagedClusterWithEncryptionAtHostEnabled() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableEncryptionAtHost: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableEncryptionAtHost.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableEncryptionAtHost = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Cluster with FIPS enabled OS
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableFIPS": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_EnabledFIPS.json
*/
/**
* Sample code: Create Managed Cluster with FIPS enabled OS.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithFIPSEnabledOS(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableFips(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_enabled_fips.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableFIPS": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnabledFIPS.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnabledFIPS.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithFipsEnabledOs() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableFIPS: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableFIPS: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnabledFIPS.json
*/
async function createManagedClusterWithFipsEnabledOS() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableFips: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnabledFIPS.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableFips = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"enableFIPS": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableFIPS": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Cluster with GPUMIG
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_ND96asr_v4",
"osType": "Linux",
"gpuInstanceProfile": "MIG3g",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
}
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.GpuInstanceProfile;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterHttpProxyConfig;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_GPUMIG.json
*/
/**
* Sample code: Create Managed Cluster with GPUMIG.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithGPUMIG(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_ND96asr_v4")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true)
.withGpuInstanceProfile(GpuInstanceProfile.MIG3G).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
.withHttpProxyConfig(new ManagedClusterHttpProxyConfig().withHttpProxy("http://myproxy.server.com:8080")
.withHttpsProxy("https://myproxy.server.com:8080")
.withNoProxy(Arrays.asList("localhost", "127.0.0.1"))
.withTrustedCa("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=")),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_gpumig.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"gpuInstanceProfile": "MIG3g",
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_ND96asr_v4",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": ["localhost", "127.0.0.1"],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_GPUMIG.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_GPUMIG.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithGpumig() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
GpuInstanceProfile: to.Ptr(armcontainerservice.GPUInstanceProfileMIG3G),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_ND96asr_v4"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
NoProxy: []*string{
to.Ptr("localhost"),
to.Ptr("127.0.0.1")},
TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
},
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// GpuInstanceProfile: to.Ptr(armcontainerservice.GPUInstanceProfileMIG3G),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_ND96asr_v4"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
// HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
// HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
// NoProxy: []*string{
// to.Ptr("localhost"),
// to.Ptr("127.0.0.1")},
// TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
// },
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_GPUMIG.json
*/
async function createManagedClusterWithGpumig() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
gpuInstanceProfile: "MIG3g",
mode: "System",
osType: "Linux",
vmSize: "Standard_ND96asr_v4",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
httpProxyConfig: {
httpProxy: "http://myproxy.server.com:8080",
httpsProxy: "https://myproxy.server.com:8080",
noProxy: ["localhost", "127.0.0.1"],
trustedCa: "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_GPUMIG.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_ND96asr_v4",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
GpuInstanceProfile = GpuInstanceProfile.Mig3G,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
HttpProxyConfig = new ManagedClusterHttpProxyConfig
{
HttpProxy = "http://myproxy.server.com:8080",
HttpsProxy = "https://myproxy.server.com:8080",
NoProxy = { "localhost", "127.0.0.1" },
TrustedCA = "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_ND96asr_v4",
"maxPods": 110,
"osType": "Linux",
"gpuInstanceProfile": "MIG3g",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_ND96asr_v4",
"maxPods": 110,
"osType": "Linux",
"gpuInstanceProfile": "MIG3g",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
}
}
}
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
}
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterHttpProxyConfig;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_HTTPProxy.json
*/
/**
* Sample code: Create Managed Cluster with HTTP proxy configured.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithHTTPProxyConfigured(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
.withHttpProxyConfig(new ManagedClusterHttpProxyConfig().withHttpProxy("http://myproxy.server.com:8080")
.withHttpsProxy("https://myproxy.server.com:8080")
.withNoProxy(Arrays.asList("localhost", "127.0.0.1"))
.withTrustedCa("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=")),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_httpproxy.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": ["localhost", "127.0.0.1"],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_HTTPProxy.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_HTTPProxy.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithHttpProxyConfigured() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
NoProxy: []*string{
to.Ptr("localhost"),
to.Ptr("127.0.0.1")},
TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
},
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
// HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
// HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
// NoProxy: []*string{
// to.Ptr("localhost"),
// to.Ptr("127.0.0.1")},
// TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
// },
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_HTTPProxy.json
*/
async function createManagedClusterWithHttpProxyConfigured() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
httpProxyConfig: {
httpProxy: "http://myproxy.server.com:8080",
httpsProxy: "https://myproxy.server.com:8080",
noProxy: ["localhost", "127.0.0.1"],
trustedCa: "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_HTTPProxy.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
HttpProxyConfig = new ManagedClusterHttpProxyConfig
{
HttpProxy = "http://myproxy.server.com:8080",
HttpsProxy = "https://myproxy.server.com:8080",
NoProxy = { "localhost", "127.0.0.1" },
TrustedCA = "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
}
}
}
Create Managed Cluster with LongTermSupport
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Base",
"tier": "Premium"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"apiServerAccessProfile": {
"disableRunCommand": true
},
"addonProfiles": {},
"enableRBAC": true,
"supportPlan": "AKSLongTermSupport"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.KubernetesSupportPlan;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterApiServerAccessProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_Premium.json
*/
/**
* Sample code: Create Managed Cluster with LongTermSupport.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithLongTermSupport(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.BASE).withTier(ManagedClusterSkuTier.PREMIUM))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableEncryptionAtHost(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile().withClientId("clientid")
.withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withSupportPlan(KubernetesSupportPlan.AKSLONG_TERM_SUPPORT)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withApiServerAccessProfile(new ManagedClusterApiServerAccessProfile().withDisableRunCommand(true)),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_premium.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableEncryptionAtHost": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"apiServerAccessProfile": {"disableRunCommand": True},
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"supportPlan": "AKSLongTermSupport",
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Base", "tier": "Premium"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Premium.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Premium.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithLongTermSupport() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableEncryptionAtHost: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
DisableRunCommand: to.Ptr(true),
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
SupportPlan: to.Ptr(armcontainerservice.KubernetesSupportPlanAKSLongTermSupport),
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUNameBase),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierPremium),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
// DisableRunCommand: to.Ptr(true),
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-ee788a1f.hcp.location1.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// PrivateFQDN: to.Ptr("dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// SupportPlan: to.Ptr(armcontainerservice.KubernetesSupportPlanAKSLongTermSupport),
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// SKU: &armcontainerservice.ManagedClusterSKU{
// Name: to.Ptr(armcontainerservice.ManagedClusterSKUNameBase),
// Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierPremium),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Premium.json
*/
async function createManagedClusterWithLongTermSupport() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableEncryptionAtHost: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
apiServerAccessProfile: { disableRunCommand: true },
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Base", tier: "Premium" },
supportPlan: "AKSLongTermSupport",
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Premium.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = ManagedClusterSkuName.Base,
Tier = ManagedClusterSkuTier.Premium,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableEncryptionAtHost = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
SupportPlan = KubernetesSupportPlan.AKSLongTermSupport,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
ApiServerAccessProfile = new ManagedClusterApiServerAccessProfile
{
DisableRunCommand = true,
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"sku": {
"name": "Base",
"tier": "Premium"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"apiServerAccessProfile": {
"disableRunCommand": true
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"supportPlan": "AKSLongTermSupport"
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"sku": {
"name": "Base",
"tier": "Premium"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"apiServerAccessProfile": {
"disableRunCommand": true
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"supportPlan": "AKSLongTermSupport"
}
}
Create Managed Cluster with Node Public IP Prefix
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodePublicIPPrefixID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_NodePublicIPPrefix.json
*/
/**
* Sample code: Create Managed Cluster with Node Public IP Prefix.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithNodePublicIPPrefix(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true)
.withNodePublicIpPrefixId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix")
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_node_public_ip_prefix.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"nodePublicIPPrefixID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_NodePublicIPPrefix.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_NodePublicIPPrefix.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithNodePublicIpPrefix() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
NodePublicIPPrefixID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// NodePublicIPPrefixID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_NodePublicIPPrefix.json
*/
async function createManagedClusterWithNodePublicIPPrefix() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
nodePublicIPPrefixID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_NodePublicIPPrefix.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
NodePublicIPPrefixId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"),
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"nodePublicIPPrefixID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodePublicIPPrefixID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/publicIPPrefixes/public-ip-prefix"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Cluster with OSSKU
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"osSKU": "AzureLinux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
}
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterHttpProxyConfig;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSSku;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_OSSKU.json
*/
/**
* Sample code: Create Managed Cluster with OSSKU.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithOSSKU(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX).withOsSku(OSSku.AZURE_LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
.withHttpProxyConfig(new ManagedClusterHttpProxyConfig().withHttpProxy("http://myproxy.server.com:8080")
.withHttpsProxy("https://myproxy.server.com:8080")
.withNoProxy(Arrays.asList("localhost", "127.0.0.1"))
.withTrustedCa("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=")),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_ossku.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osSKU": "AzureLinux",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": ["localhost", "127.0.0.1"],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_OSSKU.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_OSSKU.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithOssku() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSSKU: to.Ptr(armcontainerservice.OSSKUAzureLinux),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
NoProxy: []*string{
to.Ptr("localhost"),
to.Ptr("127.0.0.1")},
TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
},
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSSKU: to.Ptr(armcontainerservice.OSSKUAzureLinux),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// HTTPProxyConfig: &armcontainerservice.ManagedClusterHTTPProxyConfig{
// HTTPProxy: to.Ptr("http://myproxy.server.com:8080"),
// HTTPSProxy: to.Ptr("https://myproxy.server.com:8080"),
// NoProxy: []*string{
// to.Ptr("localhost"),
// to.Ptr("127.0.0.1")},
// TrustedCa: to.Ptr("Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="),
// },
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_OSSKU.json
*/
async function createManagedClusterWithOssku() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osSKU: "AzureLinux",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
httpProxyConfig: {
httpProxy: "http://myproxy.server.com:8080",
httpsProxy: "https://myproxy.server.com:8080",
noProxy: ["localhost", "127.0.0.1"],
trustedCa: "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_OSSKU.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
OSSku = ContainerServiceOSSku.AzureLinux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
HttpProxyConfig = new ManagedClusterHttpProxyConfig
{
HttpProxy = "http://myproxy.server.com:8080",
HttpsProxy = "https://myproxy.server.com:8080",
NoProxy = { "localhost", "127.0.0.1" },
TrustedCA = "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U=",
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"osSKU": "AzureLinux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"osSKU": "AzureLinux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"httpProxyConfig": {
"httpProxy": "http://myproxy.server.com:8080",
"httpsProxy": "https://myproxy.server.com:8080",
"noProxy": [
"localhost",
"127.0.0.1"
],
"trustedCa": "Q29uZ3JhdHMhIFlvdSBoYXZlIGZvdW5kIGEgaGlkZGVuIG1lc3NhZ2U="
}
}
}
Create Managed Cluster with PodIdentity enabled
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"podIdentityProfile": {
"enabled": true,
"allowNetworkPluginKubenet": true
}
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPodIdentityProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_PodIdentity.json
*/
/**
* Sample code: Create Managed Cluster with PodIdentity enabled.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithPodIdentityEnabled(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile().withClientId("clientid")
.withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf())
.withPodIdentityProfile(
new ManagedClusterPodIdentityProfile().withEnabled(true).withAllowNetworkPluginKubenet(true))
.withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_pod_identity.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"podIdentityProfile": {"allowNetworkPluginKubenet": True, "enabled": True},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PodIdentity.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PodIdentity.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithPodIdentityEnabled() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
PodIdentityProfile: &armcontainerservice.ManagedClusterPodIdentityProfile{
AllowNetworkPluginKubenet: to.Ptr(true),
Enabled: to.Ptr(true),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// PodIdentityProfile: &armcontainerservice.ManagedClusterPodIdentityProfile{
// AllowNetworkPluginKubenet: to.Ptr(true),
// Enabled: to.Ptr(true),
// },
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PodIdentity.json
*/
async function createManagedClusterWithPodIdentityEnabled() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
podIdentityProfile: { allowNetworkPluginKubenet: true, enabled: true },
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PodIdentity.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
PodIdentityProfile = new ManagedClusterPodIdentityProfile
{
IsEnabled = true,
AllowNetworkPluginKubenet = true,
},
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"podIdentityProfile": {
"enabled": true,
"allowNetworkPluginKubenet": true
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"podIdentityProfile": {
"enabled": true,
"allowNetworkPluginKubenet": true
}
}
}
Create Managed Cluster with PPG
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"proximityPlacementGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_PPG.json
*/
/**
* Sample code: Create Managed Cluster with PPG.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithPPG(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true)
.withProximityPlacementGroupId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1")
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_ppg.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"proximityPlacementGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PPG.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PPG.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithPpg() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
ProximityPlacementGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1"),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// ProximityPlacementGroupID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PPG.json
*/
async function createManagedClusterWithPpg() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
proximityPlacementGroupID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PPG.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
ProximityPlacementGroupId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1"),
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"proximityPlacementGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"proximityPlacementGroupID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/proximityPlacementGroups/ppg1"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Cluster with RunCommand disabled
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"apiServerAccessProfile": {
"disableRunCommand": true
},
"addonProfiles": {},
"enableRBAC": true
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterApiServerAccessProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_DisableRunCommand.json
*/
/**
* Sample code: Create Managed Cluster with RunCommand disabled.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithRunCommandDisabled(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableEncryptionAtHost(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withApiServerAccessProfile(new ManagedClusterApiServerAccessProfile().withDisableRunCommand(true)),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_disable_run_command.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableEncryptionAtHost": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"apiServerAccessProfile": {"disableRunCommand": True},
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DisableRunCommand.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DisableRunCommand.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithRunCommandDisabled() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableEncryptionAtHost: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
DisableRunCommand: to.Ptr(true),
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
// DisableRunCommand: to.Ptr(true),
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-ee788a1f.hcp.location1.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// PrivateFQDN: to.Ptr("dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// SupportPlan: to.Ptr(armcontainerservice.KubernetesSupportPlanKubernetesOfficial),
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DisableRunCommand.json
*/
async function createManagedClusterWithRunCommandDisabled() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableEncryptionAtHost: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
apiServerAccessProfile: { disableRunCommand: true },
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DisableRunCommand.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableEncryptionAtHost = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
ApiServerAccessProfile = new ManagedClusterApiServerAccessProfile
{
DisableRunCommand = true,
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"apiServerAccessProfile": {
"disableRunCommand": true
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"supportPlan": "KubernetesOfficial"
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"apiServerAccessProfile": {
"disableRunCommand": true
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"supportPlan": "KubernetesOfficial"
}
}
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"securityProfile": {
"defender": {
"logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
"securityMonitoring": {
"enabled": true
}
},
"workloadIdentity": {
"enabled": true
}
}
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfileDefender;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfileDefenderSecurityMonitoring;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSecurityProfileWorkloadIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_SecurityProfile.json
*/
/**
* Sample code: Create Managed Cluster with Security Profile configured.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedClusterWithSecurityProfileConfigured(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withSecurityProfile(new ManagedClusterSecurityProfile()
.withDefender(new ManagedClusterSecurityProfileDefender().withLogAnalyticsWorkspaceResourceId(
"/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME")
.withSecurityMonitoring(
new ManagedClusterSecurityProfileDefenderSecurityMonitoring().withEnabled(true)))
.withWorkloadIdentity(new ManagedClusterSecurityProfileWorkloadIdentity().withEnabled(true))),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_security_profile.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"dnsPrefix": "dnsprefix1",
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"securityProfile": {
"defender": {
"logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
"securityMonitoring": {"enabled": True},
},
"workloadIdentity": {"enabled": True},
},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_SecurityProfile.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_SecurityProfile.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithSecurityProfileConfigured() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
DNSPrefix: to.Ptr("dnsprefix1"),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
SecurityProfile: &armcontainerservice.ManagedClusterSecurityProfile{
Defender: &armcontainerservice.ManagedClusterSecurityProfileDefender{
LogAnalyticsWorkspaceResourceID: to.Ptr("/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME"),
SecurityMonitoring: &armcontainerservice.ManagedClusterSecurityProfileDefenderSecurityMonitoring{
Enabled: to.Ptr(true),
},
},
WorkloadIdentity: &armcontainerservice.ManagedClusterSecurityProfileWorkloadIdentity{
Enabled: to.Ptr(true),
},
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// SecurityProfile: &armcontainerservice.ManagedClusterSecurityProfile{
// Defender: &armcontainerservice.ManagedClusterSecurityProfileDefender{
// LogAnalyticsWorkspaceResourceID: to.Ptr("/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME"),
// SecurityMonitoring: &armcontainerservice.ManagedClusterSecurityProfileDefenderSecurityMonitoring{
// Enabled: to.Ptr(true),
// },
// },
// WorkloadIdentity: &armcontainerservice.ManagedClusterSecurityProfileWorkloadIdentity{
// Enabled: to.Ptr(true),
// },
// },
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_SecurityProfile.json
*/
async function createManagedClusterWithSecurityProfileConfigured() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
dnsPrefix: "dnsprefix1",
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
securityProfile: {
defender: {
logAnalyticsWorkspaceResourceId:
"/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
securityMonitoring: { enabled: true },
},
workloadIdentity: { enabled: true },
},
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_SecurityProfile.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
SecurityProfile = new ManagedClusterSecurityProfile
{
Defender = new ManagedClusterSecurityProfileDefender
{
LogAnalyticsWorkspaceResourceId = new ResourceIdentifier("/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME"),
IsSecurityMonitoringEnabled = true,
},
IsWorkloadIdentityEnabled = true,
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"securityProfile": {
"defender": {
"logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
"securityMonitoring": {
"enabled": true
}
},
"workloadIdentity": {
"enabled": true
}
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"securityProfile": {
"defender": {
"logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
"securityMonitoring": {
"enabled": true
}
},
"workloadIdentity": {
"enabled": true
}
}
}
}
Create Managed Cluster with UltraSSD enabled
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableUltraSSD": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_EnableUltraSSD.json
*/
/**
* Sample code: Create Managed Cluster with UltraSSD enabled.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithUltraSSDEnabled(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableUltraSsd(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_enable_ultra_ssd.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"enableUltraSSD": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableUltraSSD.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableUltraSSD.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithUltraSsdEnabled() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
EnableUltraSSD: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// EnableUltraSSD: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableUltraSSD.json
*/
async function createManagedClusterWithUltraSsdEnabled() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
enableUltraSSD: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_EnableUltraSSD.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableUltraSsd = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"enableUltraSSD": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableUltraSSD": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Cluster with user-assigned NAT gateway as outbound type
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": false,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "userAssignedNATGateway"
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_UserAssignedNATGateway.json
*/
/**
* Sample code: Create Managed Cluster with user-assigned NAT gateway as outbound type.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithUserAssignedNATGatewayAsOutboundType(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(false).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(
new ContainerServiceNetworkProfile().withOutboundType(OutboundType.USER_ASSIGNED_NATGATEWAY)
.withLoadBalancerSku(LoadBalancerSku.STANDARD))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_user_assigned_nat_gateway.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": False,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {"loadBalancerSku": "standard", "outboundType": "userAssignedNATGateway"},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UserAssignedNATGateway.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UserAssignedNATGateway.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithUserAssignedNatGatewayAsOutboundType() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(false),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeUserAssignedNATGateway),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(false),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeUserAssignedNATGateway),
// PodCidr: to.Ptr("10.244.0.0/16"),
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UserAssignedNATGateway.json
*/
async function createManagedClusterWithUserAssignedNatGatewayAsOutboundType() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: false,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerSku: "standard",
outboundType: "userAssignedNATGateway",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UserAssignedNATGateway.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = false,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.UserAssignedNatGateway,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": false,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "userAssignedNATGateway"
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": false,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "userAssignedNATGateway"
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"ingressProfile": {
"webAppRouting": {
"enabled": true,
"dnsZoneResourceIds": [
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME"
]
}
}
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIngressProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIngressProfileWebAppRouting;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_IngressProfile_WebAppRouting.json
*/
/**
* Sample code: Create Managed Cluster with Web App Routing Ingress Profile configured.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createManagedClusterWithWebAppRoutingIngressProfileConfigured(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withIngressProfile(new ManagedClusterIngressProfile()
.withWebAppRouting(new ManagedClusterIngressProfileWebAppRouting().withEnabled(true)
.withDnsZoneResourceIds(Arrays.asList(
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME")))),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_ingress_profile_web_app_routing.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"dnsPrefix": "dnsprefix1",
"ingressProfile": {
"webAppRouting": {
"dnsZoneResourceIds": [
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME"
],
"enabled": True,
}
},
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_IngressProfile_WebAppRouting.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_IngressProfile_WebAppRouting.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedClusterWithWebAppRoutingIngressProfileConfigured() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
DNSPrefix: to.Ptr("dnsprefix1"),
IngressProfile: &armcontainerservice.ManagedClusterIngressProfile{
WebAppRouting: &armcontainerservice.ManagedClusterIngressProfileWebAppRouting{
DNSZoneResourceIDs: []*string{
to.Ptr("/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME")},
Enabled: to.Ptr(true),
},
},
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// IngressProfile: &armcontainerservice.ManagedClusterIngressProfile{
// WebAppRouting: &armcontainerservice.ManagedClusterIngressProfileWebAppRouting{
// DNSZoneResourceIDs: []*string{
// to.Ptr("/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME")},
// Enabled: to.Ptr(true),
// },
// },
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_IngressProfile_WebAppRouting.json
*/
async function createManagedClusterWithWebAppRoutingIngressProfileConfigured() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
dnsPrefix: "dnsprefix1",
ingressProfile: {
webAppRouting: {
dnsZoneResourceIds: [
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME",
],
enabled: true,
},
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_IngressProfile_WebAppRouting.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
IngressWebAppRouting = new ManagedClusterIngressProfileWebAppRouting
{
IsEnabled = true,
DnsZoneResourceIds = { new ResourceIdentifier("/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME") },
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"ingressProfile": {
"webAppRouting": {
"enabled": true,
"dnsZoneResourceIds": [
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME"
]
}
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"ingressProfile": {
"webAppRouting": {
"enabled": true,
"dnsZoneResourceIds": [
"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/dnszones/DNS_ZONE_NAME"
]
}
}
}
}
Create Managed Private Cluster with fqdn subdomain specified
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"fqdnSubdomain": "domain1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"privateDNSZone": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"
},
"addonProfiles": {},
"enableRBAC": true
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterApiServerAccessProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_PrivateClusterFQDNSubdomain.json
*/
/**
* Sample code: Create Managed Private Cluster with fqdn subdomain specified.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedPrivateClusterWithFqdnSubdomainSpecified(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withFqdnSubdomain("domain1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableEncryptionAtHost(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withApiServerAccessProfile(
new ManagedClusterApiServerAccessProfile().withEnablePrivateCluster(true).withPrivateDnsZone(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io")),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_private_cluster_fqdn_subdomain.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableEncryptionAtHost": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"apiServerAccessProfile": {
"enablePrivateCluster": True,
"privateDNSZone": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io",
},
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"enableRBAC": True,
"fqdnSubdomain": "domain1",
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterFQDNSubdomain.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterFQDNSubdomain.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedPrivateClusterWithFqdnSubdomainSpecified() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableEncryptionAtHost: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
EnablePrivateCluster: to.Ptr(true),
PrivateDNSZone: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"),
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
EnableRBAC: to.Ptr(true),
FqdnSubdomain: to.Ptr("domain1"),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
// EnablePrivateCluster: to.Ptr(true),
// PrivateDNSZone: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"),
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// EnableRBAC: to.Ptr(true),
// FqdnSubdomain: to.Ptr("domain1"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// PrivateFQDN: to.Ptr("domain1.privatelink.location1.azmk8s.io"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterFQDNSubdomain.json
*/
async function createManagedPrivateClusterWithFqdnSubdomainSpecified() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableEncryptionAtHost: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
apiServerAccessProfile: {
enablePrivateCluster: true,
privateDNSZone:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io",
},
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
enableRbac: true,
fqdnSubdomain: "domain1",
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterFQDNSubdomain.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
FqdnSubdomain = "domain1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableEncryptionAtHost = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
ApiServerAccessProfile = new ManagedClusterApiServerAccessProfile
{
EnablePrivateCluster = true,
PrivateDnsZone = "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io",
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"fqdnSubdomain": "domain1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"privateDNSZone": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"privateFQDN": "domain1.privatelink.location1.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"fqdnSubdomain": "domain1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"privateDNSZone": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Network/privateDnsZones/privatelink.location1.azmk8s.io"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"privateFQDN": "domain1.privatelink.location1.azmk8s.io",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create Managed Private Cluster with Public FQDN specified
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"enablePrivateClusterPublicFQDN": true
},
"addonProfiles": {},
"enableRBAC": true
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterApiServerAccessProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_PrivateClusterPublicFQDN.json
*/
/**
* Sample code: Create Managed Private Cluster with Public FQDN specified.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createManagedPrivateClusterWithPublicFQDNSpecified(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS2_v2").withOsType(OSType.LINUX)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withEnableNodePublicIp(true).withEnableEncryptionAtHost(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withApiServerAccessProfile(new ManagedClusterApiServerAccessProfile().withEnablePrivateCluster(true)
.withEnablePrivateClusterPublicFqdn(true)),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_private_cluster_public_fqdn.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"count": 3,
"enableEncryptionAtHost": True,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"apiServerAccessProfile": {"enablePrivateCluster": True, "enablePrivateClusterPublicFQDN": True},
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterPublicFQDN.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterPublicFQDN.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createManagedPrivateClusterWithPublicFqdnSpecified() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableEncryptionAtHost: to.Ptr(true),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
EnablePrivateCluster: to.Ptr(true),
EnablePrivateClusterPublicFQDN: to.Ptr(true),
},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// APIServerAccessProfile: &armcontainerservice.ManagedClusterAPIServerAccessProfile{
// EnablePrivateCluster: to.Ptr(true),
// EnablePrivateClusterPublicFQDN: to.Ptr(true),
// PrivateDNSZone: to.Ptr("system"),
// },
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-ee788a1f.hcp.location1.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// PrivateFQDN: to.Ptr("dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterPublicFQDN.json
*/
async function createManagedPrivateClusterWithPublicFqdnSpecified() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableEncryptionAtHost: true,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
apiServerAccessProfile: {
enablePrivateCluster: true,
enablePrivateClusterPublicFqdn: true,
},
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_PrivateClusterPublicFQDN.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
EnableEncryptionAtHost = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
ApiServerAccessProfile = new ManagedClusterApiServerAccessProfile
{
EnablePrivateCluster = true,
EnablePrivateClusterPublicFqdn = true,
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"enablePrivateClusterPublicFQDN": true,
"privateDNSZone": "system"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"enablePrivateClusterPublicFQDN": true,
"privateDNSZone": "system"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"fqdn": "dnsprefix1-ee788a1f.hcp.location1.azmk8s.io",
"privateFQDN": "dnsprefix1-aae7e0f0.5cef6058-b6b5-414d-8cb1-4bd14eb0b15c.privatelink.location1.azmk8s.io",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create/Update AAD Managed Cluster with EnableAzureRBAC
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"aadProfile": {
"managed": true,
"enableAzureRBAC": true
},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAadProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_UpdateWithEnableAzureRBAC.json
*/
/**
* Sample code: Create/Update AAD Managed Cluster with EnableAzureRBAC.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createUpdateAADManagedClusterWithEnableAzureRBAC(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS1_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withAvailabilityZones(Arrays.asList("1", "2", "3"))
.withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAadProfile(new ManagedClusterAadProfile().withManaged(true).withEnableAzureRbac(true))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_update_with_enable_azure_rbac.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"aadProfile": {"enableAzureRBAC": True, "managed": True},
"addonProfiles": {},
"agentPoolProfiles": [
{
"availabilityZones": ["1", "2", "3"],
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS1_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithEnableAzureRBAC.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithEnableAzureRBAC.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateAadManagedClusterWithEnableAzureRbac() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AADProfile: &armcontainerservice.ManagedClusterAADProfile{
EnableAzureRBAC: to.Ptr(true),
Managed: to.Ptr(true),
},
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
AvailabilityZones: []*string{
to.Ptr("1"),
to.Ptr("2"),
to.Ptr("3")},
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS1_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AADProfile: &armcontainerservice.ManagedClusterAADProfile{
// EnableAzureRBAC: to.Ptr(true),
// Managed: to.Ptr(true),
// TenantID: to.Ptr("tenantID"),
// },
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// AvailabilityZones: []*string{
// to.Ptr("1"),
// to.Ptr("2"),
// to.Ptr("3")},
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS1_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithEnableAzureRBAC.json
*/
async function createOrUpdateAadManagedClusterWithEnableAzureRbac() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
aadProfile: { enableAzureRbac: true, managed: true },
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
availabilityZones: ["1", "2", "3"],
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS1_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithEnableAzureRBAC.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS1_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
AvailabilityZones = {"1", "2", "3"},
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AadProfile = new ManagedClusterAadProfile
{
IsManagedAadEnabled = true,
IsAzureRbacEnabled = true,
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"aadProfile": {
"managed": true,
"adminGroupObjectIDs": null,
"enableAzureRBAC": true,
"tenantID": "tenantID"
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"aadProfile": {
"managed": true,
"adminGroupObjectIDs": null,
"enableAzureRBAC": true,
"tenantID": "tenantID"
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
}
}
Create/Update Managed Cluster
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"scaleDownMode": "Deallocate",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"upgradeSettings": {
"overrideSettings": {
"forceUpgrade": false,
"until": "2022-11-01T13:00:00Z"
}
},
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
}
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ClusterUpgradeSettings;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.Expander;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.ManagedServiceIdentityUserAssignedIdentitiesValue;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ResourceIdentityType;
import com.azure.resourcemanager.containerservice.models.ScaleDownMode;
import com.azure.resourcemanager.containerservice.models.UpgradeOverrideSettings;
import java.time.OffsetDateTime;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_Update.json
*/
/**
* Sample code: Create/Update Managed Cluster.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createUpdateManagedCluster(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku().withName(ManagedClusterSkuName.fromString("Basic"))
.withTier(ManagedClusterSkuTier.FREE))
.withIdentity(new ManagedClusterIdentity().withType(ResourceIdentityType.USER_ASSIGNED)
.withUserAssignedIdentities(mapOf(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1",
new ManagedServiceIdentityUserAssignedIdentitiesValue())))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS1_v2").withOsType(OSType.LINUX).withScaleDownMode(ScaleDownMode.DEALLOCATE)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withAvailabilityZones(Arrays.asList("1", "2", "3")).withEnableNodePublicIp(true)
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withUpgradeSettings(new ClusterUpgradeSettings().withOverrideSettings(new UpgradeOverrideSettings()
.withForceUpgrade(false).withUntil(OffsetDateTime.parse("2022-11-01T13:00:00Z"))))
.withAutoScalerProfile(
new ManagedClusterPropertiesAutoScalerProfile().withBalanceSimilarNodeGroups("true")
.withExpander(Expander.PRIORITY).withMaxNodeProvisionTime("15m").withNewPodScaleUpDelay("1m")
.withScanInterval("20s").withScaleDownDelayAfterAdd("15m").withSkipNodesWithSystemPods("false"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_update.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
},
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"availabilityZones": ["1", "2", "3"],
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"scaleDownMode": "Deallocate",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS1_v2",
}
],
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false",
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"upgradeSettings": {"overrideSettings": {"forceUpgrade": False, "until": "2022-11-01T13:00:00Z"}},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Update.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"time"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Update.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedCluster() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Identity: &armcontainerservice.ManagedClusterIdentity{
Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {},
},
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
AvailabilityZones: []*string{
to.Ptr("1"),
to.Ptr("2"),
to.Ptr("3")},
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
ScaleDownMode: to.Ptr(armcontainerservice.ScaleDownModeDeallocate),
VMSize: to.Ptr("Standard_DS1_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
BalanceSimilarNodeGroups: to.Ptr("true"),
Expander: to.Ptr(armcontainerservice.ExpanderPriority),
MaxNodeProvisionTime: to.Ptr("15m"),
NewPodScaleUpDelay: to.Ptr("1m"),
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
SkipNodesWithSystemPods: to.Ptr("false"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
UpgradeSettings: &armcontainerservice.ClusterUpgradeSettings{
OverrideSettings: &armcontainerservice.UpgradeOverrideSettings{
ForceUpgrade: to.Ptr(false),
Until: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-01T13:00:00.000Z"); return t }()),
},
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Identity: &armcontainerservice.ManagedClusterIdentity{
// Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": &armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// ClientID: to.Ptr("clientId1"),
// PrincipalID: to.Ptr("principalId1"),
// },
// },
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// AvailabilityZones: []*string{
// to.Ptr("1"),
// to.Ptr("2"),
// to.Ptr("3")},
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// ScaleDownMode: to.Ptr(armcontainerservice.ScaleDownModeDeallocate),
// VMSize: to.Ptr("Standard_DS1_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// BalanceSimilarNodeGroups: to.Ptr("true"),
// Expander: to.Ptr(armcontainerservice.ExpanderPriority),
// MaxNodeProvisionTime: to.Ptr("15m"),
// NewPodScaleUpDelay: to.Ptr("1m"),
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// SkipNodesWithSystemPods: to.Ptr("false"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// UpgradeSettings: &armcontainerservice.ClusterUpgradeSettings{
// OverrideSettings: &armcontainerservice.UpgradeOverrideSettings{
// ForceUpgrade: to.Ptr(false),
// Until: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2022-11-01T13:00:00.000Z"); return t}()),
// },
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Update.json
*/
async function createOrUpdateManagedCluster() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
availabilityZones: ["1", "2", "3"],
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
scaleDownMode: "Deallocate",
vmSize: "Standard_DS1_v2",
},
],
autoScalerProfile: {
balanceSimilarNodeGroups: "true",
expander: "priority",
maxNodeProvisionTime: "15m",
newPodScaleUpDelay: "1m",
scaleDownDelayAfterAdd: "15m",
scanInterval: "20s",
skipNodesWithSystemPods: "false",
},
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/00000000000000000000000000000000/resourcegroups/rgName1/providers/MicrosoftManagedIdentity/userAssignedIdentities/identity1":
{},
},
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
upgradeSettings: {
overrideSettings: {
forceUpgrade: false,
until: new Date("2022-11-01T13:00:00Z"),
},
},
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_Update.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
ClusterIdentity = new ManagedClusterIdentity
{
ResourceIdentityType = "UserAssigned",
UserAssignedIdentities =
{
[new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1")] = new UserAssignedIdentity()
},
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS1_v2",
OSType = ContainerServiceOSType.Linux,
ScaleDownMode = ScaleDownMode.Deallocate,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
AvailabilityZones = {"1", "2", "3"},
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
UpgradeOverrideSettings = new UpgradeOverrideSettings
{
ForceUpgrade = false,
Until = DateTimeOffset.Parse("2022-11-01T13:00:00Z"),
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
BalanceSimilarNodeGroups = "true",
Expander = AutoScaleExpander.Priority,
MaxNodeProvisionTime = "15m",
NewPodScaleUpDelay = "1m",
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
SkipNodesWithSystemPods = "false",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"scaleDownMode": "Deallocate",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"upgradeSettings": {
"overrideSettings": {
"forceUpgrade": false,
"until": "2022-11-01T13:00:00Z"
}
},
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false"
}
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"principalId": "principalId1",
"clientId": "clientId1"
}
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"scaleDownMode": "Deallocate",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"principalId": "principalId1",
"clientId": "clientId1"
}
}
}
}
Create/Update Managed Cluster with Azure Service Mesh
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"serviceMeshProfile": {
"mode": "Istio",
"istio": {
"components": {
"ingressGateways": [
{
"enabled": true,
"mode": "Internal"
}
],
"egressGateways": [
{
"enabled": true,
"name": "test-istio-egress",
"gatewayConfigurationName": "test-gateway-configuration"
}
]
},
"certificateAuthority": {
"plugin": {
"keyVaultId": "/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
"certObjectName": "ca-cert",
"keyObjectName": "ca-key",
"rootCertObjectName": "root-cert",
"certChainObjectName": "cert-chain"
}
}
}
},
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"enabled": true,
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
}
}
},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.IstioCertificateAuthority;
import com.azure.resourcemanager.containerservice.models.IstioComponents;
import com.azure.resourcemanager.containerservice.models.IstioEgressGateway;
import com.azure.resourcemanager.containerservice.models.IstioIngressGateway;
import com.azure.resourcemanager.containerservice.models.IstioIngressGatewayMode;
import com.azure.resourcemanager.containerservice.models.IstioPluginCertificateAuthority;
import com.azure.resourcemanager.containerservice.models.IstioServiceMesh;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAddonProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ServiceMeshMode;
import com.azure.resourcemanager.containerservice.models.ServiceMeshProfile;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_AzureServiceMesh.json
*/
/**
* Sample code: Create/Update Managed Cluster with Azure Service Mesh.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createUpdateManagedClusterWithAzureServiceMesh(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku()
.withName(ManagedClusterSkuName.fromString("Basic")).withTier(ManagedClusterSkuTier.FREE))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS2_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile().withClientId("clientid")
.withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf("azureKeyvaultSecretsProvider",
new ManagedClusterAddonProfile().withEnabled(true).withConfig(
mapOf("enableSecretRotation", "fakeTokenPlaceholder", "rotationPollInterval", "2m"))))
.withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des")
.withServiceMeshProfile(
new ServiceMeshProfile().withMode(ServiceMeshMode.ISTIO)
.withIstio(new IstioServiceMesh()
.withComponents(new IstioComponents()
.withIngressGateways(Arrays.asList(new IstioIngressGateway()
.withMode(IstioIngressGatewayMode.INTERNAL).withEnabled(true)))
.withEgressGateways(Arrays
.asList(new IstioEgressGateway().withEnabled(true).withName("test-istio-egress")
.withGatewayConfigurationName("test-gateway-configuration"))))
.withCertificateAuthority(new IstioCertificateAuthority()
.withPlugin(new IstioPluginCertificateAuthority().withKeyVaultId("fakeTokenPlaceholder")
.withCertObjectName("ca-cert").withKeyObjectName("fakeTokenPlaceholder")
.withRootCertObjectName("root-cert").withCertChainObjectName("cert-chain"))))),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_azure_service_mesh.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"location": "location1",
"properties": {
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"config": {"enableSecretRotation": "true", "rotationPollInterval": "2m"},
"enabled": True,
}
},
"agentPoolProfiles": [
{
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS2_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"serviceMeshProfile": {
"istio": {
"certificateAuthority": {
"plugin": {
"certChainObjectName": "cert-chain",
"certObjectName": "ca-cert",
"keyObjectName": "ca-key",
"keyVaultId": "/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
"rootCertObjectName": "root-cert",
}
},
"components": {
"egressGateways": [
{
"enabled": True,
"gatewayConfigurationName": "test-gateway-configuration",
"name": "test-istio-egress",
}
],
"ingressGateways": [{"enabled": True, "mode": "Internal"}],
},
},
"mode": "Istio",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureServiceMesh.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureServiceMesh.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedClusterWithAzureServiceMesh() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{
"azureKeyvaultSecretsProvider": {
Config: map[string]*string{
"enableSecretRotation": to.Ptr("true"),
"rotationPollInterval": to.Ptr("2m"),
},
Enabled: to.Ptr(true),
},
},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS2_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServiceMeshProfile: &armcontainerservice.ServiceMeshProfile{
Istio: &armcontainerservice.IstioServiceMesh{
CertificateAuthority: &armcontainerservice.IstioCertificateAuthority{
Plugin: &armcontainerservice.IstioPluginCertificateAuthority{
CertChainObjectName: to.Ptr("cert-chain"),
CertObjectName: to.Ptr("ca-cert"),
KeyObjectName: to.Ptr("ca-key"),
KeyVaultID: to.Ptr("/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv"),
RootCertObjectName: to.Ptr("root-cert"),
},
},
Components: &armcontainerservice.IstioComponents{
EgressGateways: []*armcontainerservice.IstioEgressGateway{
{
Name: to.Ptr("test-istio-egress"),
Enabled: to.Ptr(true),
GatewayConfigurationName: to.Ptr("test-gateway-configuration"),
}},
IngressGateways: []*armcontainerservice.IstioIngressGateway{
{
Enabled: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.IstioIngressGatewayModeInternal),
}},
},
},
Mode: to.Ptr(armcontainerservice.ServiceMeshModeIstio),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{
// "azureKeyvaultSecretsProvider": &armcontainerservice.ManagedClusterAddonProfile{
// Config: map[string]*string{
// "enableSecretRotation": to.Ptr("true"),
// "rotationPollInterval": to.Ptr("2m"),
// },
// Enabled: to.Ptr(true),
// },
// },
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// Count: to.Ptr[int32](3),
// EnableEncryptionAtHost: to.Ptr(true),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS2_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServiceMeshProfile: &armcontainerservice.ServiceMeshProfile{
// Istio: &armcontainerservice.IstioServiceMesh{
// CertificateAuthority: &armcontainerservice.IstioCertificateAuthority{
// Plugin: &armcontainerservice.IstioPluginCertificateAuthority{
// CertChainObjectName: to.Ptr("cert-chain"),
// CertObjectName: to.Ptr("ca-cert"),
// KeyObjectName: to.Ptr("ca-key"),
// KeyVaultID: to.Ptr("/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv"),
// RootCertObjectName: to.Ptr("root-cert"),
// },
// },
// Components: &armcontainerservice.IstioComponents{
// EgressGateways: []*armcontainerservice.IstioEgressGateway{
// {
// Name: to.Ptr("test-istio-egress"),
// Enabled: to.Ptr(true),
// GatewayConfigurationName: to.Ptr("test-gateway-configuration"),
// }},
// IngressGateways: []*armcontainerservice.IstioIngressGateway{
// {
// Enabled: to.Ptr(true),
// Mode: to.Ptr(armcontainerservice.IstioIngressGatewayModeInternal),
// }},
// },
// Revisions: []*string{
// to.Ptr("asm-1-17")},
// },
// Mode: to.Ptr(armcontainerservice.ServiceMeshModeIstio),
// },
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureServiceMesh.json
*/
async function createOrUpdateManagedClusterWithAzureServiceMesh() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {
azureKeyvaultSecretsProvider: {
config: { enableSecretRotation: "true", rotationPollInterval: "2m" },
enabled: true,
},
},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS2_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
serviceMeshProfile: {
istio: {
certificateAuthority: {
plugin: {
certChainObjectName: "cert-chain",
certObjectName: "ca-cert",
keyObjectName: "ca-key",
keyVaultId:
"/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
rootCertObjectName: "root-cert",
},
},
components: {
egressGateways: [
{
name: "test-istio-egress",
enabled: true,
gatewayConfigurationName: "test-gateway-configuration",
},
],
ingressGateways: [{ enabled: true, mode: "Internal" }],
},
},
mode: "Istio",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_AzureServiceMesh.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS2_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles =
{
["azureKeyvaultSecretsProvider"] = new ManagedClusterAddonProfile(true)
{
Config =
{
["enableSecretRotation"] = "true",
["rotationPollInterval"] = "2m"
},
}
},
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
ServiceMeshProfile = new ServiceMeshProfile(ServiceMeshMode.Istio)
{
Istio = new IstioServiceMesh
{
Components = new IstioComponents
{
IngressGateways = { new IstioIngressGateway(IstioIngressGatewayMode.Internal, true) },
EgressGateways = {new IstioEgressGateway(true, "test-istio-egress")
{
GatewayConfigurationName = "test-gateway-configuration",
}},
},
CertificateAuthorityPlugin = new IstioPluginCertificateAuthority
{
KeyVaultId = new ResourceIdentifier("/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv"),
CertObjectName = "ca-cert",
KeyObjectName = "ca-key",
RootCertObjectName = "root-cert",
CertChainObjectName = "cert-chain",
},
},
},
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"enabled": true,
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
}
}
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"serviceMeshProfile": {
"mode": "Istio",
"istio": {
"components": {
"ingressGateways": [
{
"enabled": true,
"mode": "Internal"
}
],
"egressGateways": [
{
"enabled": true,
"name": "test-istio-egress",
"gatewayConfigurationName": "test-gateway-configuration"
}
]
},
"certificateAuthority": {
"plugin": {
"keyVaultId": "/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
"certObjectName": "ca-cert",
"keyObjectName": "ca-key",
"rootCertObjectName": "root-cert",
"certChainObjectName": "cert-chain"
}
},
"revisions": [
"asm-1-17"
]
}
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS2_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"enableNodePublicIP": true,
"mode": "System",
"enableEncryptionAtHost": true
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"addonProfiles": {
"azureKeyvaultSecretsProvider": {
"enabled": true,
"config": {
"enableSecretRotation": "true",
"rotationPollInterval": "2m"
}
}
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"serviceMeshProfile": {
"mode": "Istio",
"istio": {
"components": {
"ingressGateways": [
{
"enabled": true,
"mode": "Internal"
}
],
"egressGateways": [
{
"enabled": true,
"name": "test-istio-egress",
"gatewayConfigurationName": "test-gateway-configuration"
}
]
},
"certificateAuthority": {
"plugin": {
"keyVaultId": "/subscriptions/854c9ddb-fe9e-4aea-8d58-99ed88282881/resourceGroups/ddama-test/providers/Microsoft.KeyVault/vaults/my-akv",
"certObjectName": "ca-cert",
"keyObjectName": "ca-key",
"rootCertObjectName": "root-cert",
"certChainObjectName": "cert-chain"
}
},
"revisions": [
"asm-1-17"
]
}
}
}
}
Create/Update Managed Cluster with dual-stack networking
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"scaleDownMode": "Deallocate",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
},
"ipFamilies": [
"IPv4",
"IPv6"
]
},
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
}
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.Expander;
import com.azure.resourcemanager.containerservice.models.IpFamily;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.ManagedServiceIdentityUserAssignedIdentitiesValue;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ResourceIdentityType;
import com.azure.resourcemanager.containerservice.models.ScaleDownMode;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_DualStackNetworking.json
*/
/**
* Sample code: Create/Update Managed Cluster with dual-stack networking.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createUpdateManagedClusterWithDualStackNetworking(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku().withName(ManagedClusterSkuName.fromString("Basic"))
.withTier(ManagedClusterSkuTier.FREE))
.withIdentity(new ManagedClusterIdentity().withType(ResourceIdentityType.USER_ASSIGNED)
.withUserAssignedIdentities(mapOf(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1",
new ManagedServiceIdentityUserAssignedIdentitiesValue())))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3)
.withVmSize("Standard_DS1_v2").withOsType(OSType.LINUX).withScaleDownMode(ScaleDownMode.DEALLOCATE)
.withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS).withMode(AgentPoolMode.SYSTEM)
.withAvailabilityZones(Arrays.asList("1", "2", "3")).withEnableNodePublicIp(true)
.withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder"))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile()
.withManagedOutboundIPs(new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2)))
.withIpFamilies(Arrays.asList(IpFamily.IPV4, IpFamily.IPV6)))
.withAutoScalerProfile(
new ManagedClusterPropertiesAutoScalerProfile().withBalanceSimilarNodeGroups("true")
.withExpander(Expander.PRIORITY).withMaxNodeProvisionTime("15m").withNewPodScaleUpDelay("1m")
.withScanInterval("20s").withScaleDownDelayAfterAdd("15m").withSkipNodesWithSystemPods("false"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_dual_stack_networking.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
},
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"availabilityZones": ["1", "2", "3"],
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"scaleDownMode": "Deallocate",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS1_v2",
}
],
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false",
},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"ipFamilies": ["IPv4", "IPv6"],
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {"adminPassword": "replacePassword1234$", "adminUsername": "azureuser"},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DualStackNetworking.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DualStackNetworking.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedClusterWithDualStackNetworking() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Identity: &armcontainerservice.ManagedClusterIdentity{
Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {},
},
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
AvailabilityZones: []*string{
to.Ptr("1"),
to.Ptr("2"),
to.Ptr("3")},
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
ScaleDownMode: to.Ptr(armcontainerservice.ScaleDownModeDeallocate),
VMSize: to.Ptr("Standard_DS1_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
BalanceSimilarNodeGroups: to.Ptr("true"),
Expander: to.Ptr(armcontainerservice.ExpanderPriority),
MaxNodeProvisionTime: to.Ptr("15m"),
NewPodScaleUpDelay: to.Ptr("1m"),
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
SkipNodesWithSystemPods: to.Ptr("false"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
IPFamilies: []*armcontainerservice.IPFamily{
to.Ptr(armcontainerservice.IPFamilyIPv4),
to.Ptr(armcontainerservice.IPFamilyIPv6)},
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Identity: &armcontainerservice.ManagedClusterIdentity{
// Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": &armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// ClientID: to.Ptr("clientId1"),
// PrincipalID: to.Ptr("principalId1"),
// },
// },
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// AvailabilityZones: []*string{
// to.Ptr("1"),
// to.Ptr("2"),
// to.Ptr("3")},
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.22.1"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.22.1"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// ScaleDownMode: to.Ptr(armcontainerservice.ScaleDownModeDeallocate),
// VMSize: to.Ptr("Standard_DS1_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// BalanceSimilarNodeGroups: to.Ptr("true"),
// Expander: to.Ptr(armcontainerservice.ExpanderPriority),
// MaxNodeProvisionTime: to.Ptr("15m"),
// NewPodScaleUpDelay: to.Ptr("1m"),
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// SkipNodesWithSystemPods: to.Ptr("false"),
// },
// CurrentKubernetesVersion: to.Ptr("1.22.1"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.22.1"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4),
// to.Ptr(armcontainerservice.IPFamilyIPv6)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip3-ipv6"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// CountIPv6: to.Ptr[int32](1),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16"),
// to.Ptr("fd11:1234::/64")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16"),
// to.Ptr("fd00:1234::/108")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DualStackNetworking.json
*/
async function createOrUpdateManagedClusterWithDualStackNetworking() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
availabilityZones: ["1", "2", "3"],
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
scaleDownMode: "Deallocate",
vmSize: "Standard_DS1_v2",
},
],
autoScalerProfile: {
balanceSimilarNodeGroups: "true",
expander: "priority",
maxNodeProvisionTime: "15m",
newPodScaleUpDelay: "1m",
scaleDownDelayAfterAdd: "15m",
scanInterval: "20s",
skipNodesWithSystemPods: "false",
},
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/00000000000000000000000000000000/resourcegroups/rgName1/providers/MicrosoftManagedIdentity/userAssignedIdentities/identity1":
{},
},
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
ipFamilies: ["IPv4", "IPv6"],
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_DualStackNetworking.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
ClusterIdentity = new ManagedClusterIdentity
{
ResourceIdentityType = "UserAssigned",
UserAssignedIdentities =
{
[new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1")] = new UserAssignedIdentity()
},
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS1_v2",
OSType = ContainerServiceOSType.Linux,
ScaleDownMode = ScaleDownMode.Deallocate,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
AvailabilityZones = {"1", "2", "3"},
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
NetworkIPFamilies = { ContainerServiceIPFamily.IPv4, ContainerServiceIPFamily.IPv6 },
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
BalanceSimilarNodeGroups = "true",
Expander = AutoScaleExpander.Priority,
MaxNodeProvisionTime = "15m",
NewPodScaleUpDelay = "1m",
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
SkipNodesWithSystemPods = "false",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.22.1",
"currentKubernetesVersion": "1.22.1",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.22.1",
"currentOrchestratorVersion": "1.22.1",
"type": "VirtualMachineScaleSets",
"scaleDownMode": "Deallocate",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16",
"fd11:1234::/64"
],
"serviceCidrs": [
"10.0.0.0/16",
"fd00:1234::/108"
],
"ipFamilies": [
"IPv4",
"IPv6"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2,
"countIPv6": 1
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip3-ipv6"
}
]
}
},
"autoScalerProfile": {
"balance-similar-node-groups": "true",
"expander": "priority",
"max-node-provision-time": "15m",
"new-pod-scale-up-delay": "1m",
"scale-down-delay-after-add": "15m",
"scan-interval": "20s",
"skip-nodes-with-system-pods": "false"
}
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"principalId": "principalId1",
"clientId": "clientId1"
}
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.22.1",
"currentKubernetesVersion": "1.22.1",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.22.1",
"currentOrchestratorVersion": "1.22.1",
"type": "VirtualMachineScaleSets",
"scaleDownMode": "Deallocate",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16",
"fd11:1234::/64"
],
"serviceCidrs": [
"10.0.0.0/16",
"fd00:1234::/108"
],
"ipFamilies": [
"IPv4",
"IPv6"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2,
"countIPv6": 1
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip3-ipv6"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"principalId": "principalId1",
"clientId": "clientId1"
}
}
}
}
Create/Update Managed Cluster with EnableAHUB
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$",
"licenseType": "Windows_Server"
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
}
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LicenseType;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.ManagedServiceIdentityUserAssignedIdentitiesValue;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ResourceIdentityType;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_UpdateWithAHUB.json
*/
/**
* Sample code: Create/Update Managed Cluster with EnableAHUB.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createUpdateManagedClusterWithEnableAHUB(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku().withName(ManagedClusterSkuName.fromString("Basic"))
.withTier(ManagedClusterSkuTier.FREE))
.withIdentity(new ManagedClusterIdentity().withType(ResourceIdentityType.USER_ASSIGNED)
.withUserAssignedIdentities(mapOf(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1",
new ManagedServiceIdentityUserAssignedIdentitiesValue())))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS1_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withAvailabilityZones(Arrays.asList("1", "2", "3"))
.withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder").withLicenseType(LicenseType.WINDOWS_SERVER))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_update_with_ahub.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
},
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"availabilityZones": ["1", "2", "3"],
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS1_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser",
"licenseType": "Windows_Server",
},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithAHUB.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithAHUB.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedClusterWithEnableAhub() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Identity: &armcontainerservice.ManagedClusterIdentity{
Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {},
},
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
AvailabilityZones: []*string{
to.Ptr("1"),
to.Ptr("2"),
to.Ptr("3")},
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS1_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
LicenseType: to.Ptr(armcontainerservice.LicenseTypeWindowsServer),
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Identity: &armcontainerservice.ManagedClusterIdentity{
// Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": &armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// ClientID: to.Ptr("clientId1"),
// PrincipalID: to.Ptr("principalId1"),
// },
// },
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// AvailabilityZones: []*string{
// to.Ptr("1"),
// to.Ptr("2"),
// to.Ptr("3")},
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS1_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// LicenseType: to.Ptr(armcontainerservice.LicenseTypeWindowsServer),
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithAHUB.json
*/
async function createOrUpdateManagedClusterWithEnableAhub() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
availabilityZones: ["1", "2", "3"],
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS1_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/00000000000000000000000000000000/resourcegroups/rgName1/providers/MicrosoftManagedIdentity/userAssignedIdentities/identity1":
{},
},
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
licenseType: "Windows_Server",
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWithAHUB.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
ClusterIdentity = new ManagedClusterIdentity
{
ResourceIdentityType = "UserAssigned",
UserAssignedIdentities =
{
[new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1")] = new UserAssignedIdentity()
},
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS1_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
AvailabilityZones = {"1", "2", "3"},
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
LicenseType = WindowsVmLicenseType.WindowsServer,
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser",
"licenseType": "Windows_Server"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"principalId": "principalId1",
"clientId": "clientId1"
}
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser",
"licenseType": "Windows_Server"
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"principalId": "principalId1",
"clientId": "clientId1"
}
}
}
}
Create/Update Managed Cluster with Windows gMSA enabled
Pedido de exemplo
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1?api-version=2025-10-01
{
"location": "location1",
"tags": {
"tier": "production",
"archv2": ""
},
"sku": {
"name": "Basic",
"tier": "Free"
},
"properties": {
"kubernetesVersion": "",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"networkProfile": {
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"loadBalancerProfile": {
"managedOutboundIPs": {
"count": 2
}
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
},
"windowsProfile": {
"adminUsername": "azureuser",
"adminPassword": "replacePassword1234$",
"gmsaProfile": {
"enabled": true
}
},
"servicePrincipalProfile": {
"clientId": "clientid",
"secret": "secret"
},
"addonProfiles": {},
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
}
}
}
import com.azure.resourcemanager.containerservice.fluent.models.ManagedClusterInner;
import com.azure.resourcemanager.containerservice.models.AgentPoolMode;
import com.azure.resourcemanager.containerservice.models.AgentPoolType;
import com.azure.resourcemanager.containerservice.models.ContainerServiceLinuxProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceNetworkProfile;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshConfiguration;
import com.azure.resourcemanager.containerservice.models.ContainerServiceSshPublicKey;
import com.azure.resourcemanager.containerservice.models.LoadBalancerSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterAgentPoolProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterIdentity;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterLoadBalancerProfileManagedOutboundIPs;
import com.azure.resourcemanager.containerservice.models.ManagedClusterPropertiesAutoScalerProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterServicePrincipalProfile;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSku;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuName;
import com.azure.resourcemanager.containerservice.models.ManagedClusterSkuTier;
import com.azure.resourcemanager.containerservice.models.ManagedClusterWindowsProfile;
import com.azure.resourcemanager.containerservice.models.ManagedServiceIdentityUserAssignedIdentitiesValue;
import com.azure.resourcemanager.containerservice.models.OSType;
import com.azure.resourcemanager.containerservice.models.OutboundType;
import com.azure.resourcemanager.containerservice.models.ResourceIdentityType;
import com.azure.resourcemanager.containerservice.models.WindowsGmsaProfile;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Samples for ManagedClusters CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/
* ManagedClustersCreate_UpdateWindowsGmsa.json
*/
/**
* Sample code: Create/Update Managed Cluster with Windows gMSA enabled.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createUpdateManagedClusterWithWindowsGMSAEnabled(com.azure.resourcemanager.AzureResourceManager azure) {
azure.kubernetesClusters().manager().serviceClient().getManagedClusters().createOrUpdate("rg1", "clustername1",
new ManagedClusterInner().withLocation("location1").withTags(mapOf("archv2", "", "tier", "production"))
.withSku(new ManagedClusterSku().withName(ManagedClusterSkuName.fromString("Basic"))
.withTier(ManagedClusterSkuTier.FREE))
.withIdentity(new ManagedClusterIdentity().withType(ResourceIdentityType.USER_ASSIGNED)
.withUserAssignedIdentities(mapOf(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1",
new ManagedServiceIdentityUserAssignedIdentitiesValue())))
.withKubernetesVersion("").withDnsPrefix("dnsprefix1")
.withAgentPoolProfiles(
Arrays.asList(new ManagedClusterAgentPoolProfile().withCount(3).withVmSize("Standard_DS1_v2")
.withOsType(OSType.LINUX).withType(AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS)
.withMode(AgentPoolMode.SYSTEM).withAvailabilityZones(Arrays.asList("1", "2", "3"))
.withEnableNodePublicIp(true).withName("nodepool1")))
.withLinuxProfile(new ContainerServiceLinuxProfile().withAdminUsername("azureuser")
.withSsh(new ContainerServiceSshConfiguration().withPublicKeys(
Arrays.asList(new ContainerServiceSshPublicKey().withKeyData("fakeTokenPlaceholder")))))
.withWindowsProfile(new ManagedClusterWindowsProfile().withAdminUsername("azureuser")
.withAdminPassword("fakeTokenPlaceholder")
.withGmsaProfile(new WindowsGmsaProfile().withEnabled(true)))
.withServicePrincipalProfile(new ManagedClusterServicePrincipalProfile()
.withClientId("clientid").withSecret("fakeTokenPlaceholder"))
.withAddonProfiles(mapOf()).withEnableRbac(true)
.withNetworkProfile(new ContainerServiceNetworkProfile().withOutboundType(OutboundType.LOAD_BALANCER)
.withLoadBalancerSku(LoadBalancerSku.STANDARD)
.withLoadBalancerProfile(new ManagedClusterLoadBalancerProfile().withManagedOutboundIPs(
new ManagedClusterLoadBalancerProfileManagedOutboundIPs().withCount(2))))
.withAutoScalerProfile(new ManagedClusterPropertiesAutoScalerProfile().withScanInterval("20s")
.withScaleDownDelayAfterAdd("15m"))
.withDiskEncryptionSetId(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
null, null, com.azure.core.util.Context.NONE);
}
// Use "Map.of" if available
@SuppressWarnings("unchecked")
private static <T> Map<String, T> mapOf(Object... inputs) {
Map<String, T> map = new HashMap<>();
for (int i = 0; i < inputs.length; i += 2) {
String key = (String) inputs[i];
T value = (T) inputs[i + 1];
map.put(key, value);
}
return map;
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerservice import ContainerServiceClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-containerservice
# USAGE
python managed_clusters_create_update_windows_gmsa.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = ContainerServiceClient(
credential=DefaultAzureCredential(),
subscription_id="00000000-0000-0000-0000-000000000000",
)
response = client.managed_clusters.begin_create_or_update(
resource_group_name="rg1",
resource_name="clustername1",
parameters={
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {}
},
},
"location": "location1",
"properties": {
"addonProfiles": {},
"agentPoolProfiles": [
{
"availabilityZones": ["1", "2", "3"],
"count": 3,
"enableNodePublicIP": True,
"mode": "System",
"name": "nodepool1",
"osType": "Linux",
"type": "VirtualMachineScaleSets",
"vmSize": "Standard_DS1_v2",
}
],
"autoScalerProfile": {"scale-down-delay-after-add": "15m", "scan-interval": "20s"},
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"dnsPrefix": "dnsprefix1",
"enableRBAC": True,
"kubernetesVersion": "",
"linuxProfile": {"adminUsername": "azureuser", "ssh": {"publicKeys": [{"keyData": "keydata"}]}},
"networkProfile": {
"loadBalancerProfile": {"managedOutboundIPs": {"count": 2}},
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
},
"servicePrincipalProfile": {"clientId": "clientid", "secret": "secret"},
"windowsProfile": {
"adminPassword": "replacePassword1234$",
"adminUsername": "azureuser",
"gmsaProfile": {"enabled": True},
},
},
"sku": {"name": "Basic", "tier": "Free"},
"tags": {"archv2": "", "tier": "production"},
},
).result()
print(response)
# x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWindowsGmsa.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armcontainerservice_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v8"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9cc7633f842575274f715cc02e37c5769ac2742d/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWindowsGmsa.json
func ExampleManagedClustersClient_BeginCreateOrUpdate_createUpdateManagedClusterWithWindowsGMsaEnabled() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armcontainerservice.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewManagedClustersClient().BeginCreateOrUpdate(ctx, "rg1", "clustername1", armcontainerservice.ManagedCluster{
Location: to.Ptr("location1"),
Tags: map[string]*string{
"archv2": to.Ptr(""),
"tier": to.Ptr("production"),
},
Identity: &armcontainerservice.ManagedClusterIdentity{
Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {},
},
},
Properties: &armcontainerservice.ManagedClusterProperties{
AddonProfiles: map[string]*armcontainerservice.ManagedClusterAddonProfile{},
AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
{
Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
AvailabilityZones: []*string{
to.Ptr("1"),
to.Ptr("2"),
to.Ptr("3")},
Count: to.Ptr[int32](3),
EnableNodePublicIP: to.Ptr(true),
Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
OSType: to.Ptr(armcontainerservice.OSTypeLinux),
VMSize: to.Ptr("Standard_DS1_v2"),
Name: to.Ptr("nodepool1"),
}},
AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
ScaleDownDelayAfterAdd: to.Ptr("15m"),
ScanInterval: to.Ptr("20s"),
},
DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
DNSPrefix: to.Ptr("dnsprefix1"),
EnableRBAC: to.Ptr(true),
KubernetesVersion: to.Ptr(""),
LinuxProfile: &armcontainerservice.LinuxProfile{
AdminUsername: to.Ptr("azureuser"),
SSH: &armcontainerservice.SSHConfiguration{
PublicKeys: []*armcontainerservice.SSHPublicKey{
{
KeyData: to.Ptr("keydata"),
}},
},
},
NetworkProfile: &armcontainerservice.NetworkProfile{
LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
Count: to.Ptr[int32](2),
},
},
LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUStandard),
OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
},
ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
ClientID: to.Ptr("clientid"),
Secret: to.Ptr("secret"),
},
WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
AdminPassword: to.Ptr("replacePassword1234$"),
AdminUsername: to.Ptr("azureuser"),
GmsaProfile: &armcontainerservice.WindowsGmsaProfile{
Enabled: to.Ptr(true),
},
},
},
SKU: &armcontainerservice.ManagedClusterSKU{
Name: to.Ptr(armcontainerservice.ManagedClusterSKUName("Basic")),
Tier: to.Ptr(armcontainerservice.ManagedClusterSKUTierFree),
},
}, &armcontainerservice.ManagedClustersClientBeginCreateOrUpdateOptions{IfMatch: nil,
IfNoneMatch: nil,
})
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.ManagedCluster = armcontainerservice.ManagedCluster{
// Name: to.Ptr("clustername1"),
// Type: to.Ptr("Microsoft.ContainerService/ManagedClusters"),
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1"),
// Location: to.Ptr("location1"),
// Tags: map[string]*string{
// "archv2": to.Ptr(""),
// "tier": to.Ptr("production"),
// },
// Identity: &armcontainerservice.ManagedClusterIdentity{
// Type: to.Ptr(armcontainerservice.ResourceIdentityTypeUserAssigned),
// UserAssignedIdentities: map[string]*armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": &armcontainerservice.ManagedServiceIdentityUserAssignedIdentitiesValue{
// ClientID: to.Ptr("clientId1"),
// PrincipalID: to.Ptr("principalId1"),
// },
// },
// },
// Properties: &armcontainerservice.ManagedClusterProperties{
// AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
// {
// Type: to.Ptr(armcontainerservice.AgentPoolTypeVirtualMachineScaleSets),
// AvailabilityZones: []*string{
// to.Ptr("1"),
// to.Ptr("2"),
// to.Ptr("3")},
// Count: to.Ptr[int32](3),
// CurrentOrchestratorVersion: to.Ptr("1.9.6"),
// EnableNodePublicIP: to.Ptr(true),
// MaxPods: to.Ptr[int32](110),
// Mode: to.Ptr(armcontainerservice.AgentPoolModeSystem),
// NodeImageVersion: to.Ptr("AKSUbuntu:1604:2020.03.11"),
// OrchestratorVersion: to.Ptr("1.9.6"),
// OSType: to.Ptr(armcontainerservice.OSTypeLinux),
// ProvisioningState: to.Ptr("Succeeded"),
// VMSize: to.Ptr("Standard_DS1_v2"),
// Name: to.Ptr("nodepool1"),
// }},
// AutoScalerProfile: &armcontainerservice.ManagedClusterPropertiesAutoScalerProfile{
// ScaleDownDelayAfterAdd: to.Ptr("15m"),
// ScanInterval: to.Ptr("20s"),
// },
// CurrentKubernetesVersion: to.Ptr("1.9.6"),
// DiskEncryptionSetID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
// DNSPrefix: to.Ptr("dnsprefix1"),
// EnableRBAC: to.Ptr(true),
// Fqdn: to.Ptr("dnsprefix1-abcd1234.hcp.eastus.azmk8s.io"),
// KubernetesVersion: to.Ptr("1.9.6"),
// LinuxProfile: &armcontainerservice.LinuxProfile{
// AdminUsername: to.Ptr("azureuser"),
// SSH: &armcontainerservice.SSHConfiguration{
// PublicKeys: []*armcontainerservice.SSHPublicKey{
// {
// KeyData: to.Ptr("keydata"),
// }},
// },
// },
// MaxAgentPools: to.Ptr[int32](1),
// NetworkProfile: &armcontainerservice.NetworkProfile{
// DNSServiceIP: to.Ptr("10.0.0.10"),
// IPFamilies: []*armcontainerservice.IPFamily{
// to.Ptr(armcontainerservice.IPFamilyIPv4)},
// LoadBalancerProfile: &armcontainerservice.ManagedClusterLoadBalancerProfile{
// AllocatedOutboundPorts: to.Ptr[int32](2000),
// EffectiveOutboundIPs: []*armcontainerservice.ResourceReference{
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"),
// },
// {
// ID: to.Ptr("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"),
// }},
// IdleTimeoutInMinutes: to.Ptr[int32](10),
// ManagedOutboundIPs: &armcontainerservice.ManagedClusterLoadBalancerProfileManagedOutboundIPs{
// Count: to.Ptr[int32](2),
// },
// },
// LoadBalancerSKU: to.Ptr(armcontainerservice.LoadBalancerSKUBasic),
// NetworkPlugin: to.Ptr(armcontainerservice.NetworkPluginKubenet),
// OutboundType: to.Ptr(armcontainerservice.OutboundTypeLoadBalancer),
// PodCidr: to.Ptr("10.244.0.0/16"),
// PodCidrs: []*string{
// to.Ptr("10.244.0.0/16")},
// ServiceCidr: to.Ptr("10.0.0.0/16"),
// ServiceCidrs: []*string{
// to.Ptr("10.0.0.0/16")},
// },
// NodeResourceGroup: to.Ptr("MC_rg1_clustername1_location1"),
// ProvisioningState: to.Ptr("Succeeded"),
// ServicePrincipalProfile: &armcontainerservice.ManagedClusterServicePrincipalProfile{
// ClientID: to.Ptr("clientid"),
// },
// WindowsProfile: &armcontainerservice.ManagedClusterWindowsProfile{
// AdminUsername: to.Ptr("azureuser"),
// GmsaProfile: &armcontainerservice.WindowsGmsaProfile{
// Enabled: to.Ptr(true),
// },
// },
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { ContainerServiceClient } = require("@azure/arm-containerservice");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");
/**
* This sample demonstrates how to Creates or updates a managed cluster.
*
* @summary Creates or updates a managed cluster.
* x-ms-original-file: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWindowsGmsa.json
*/
async function createOrUpdateManagedClusterWithWindowsGMsaEnabled() {
const subscriptionId =
process.env["CONTAINERSERVICE_SUBSCRIPTION_ID"] || "00000000-0000-0000-0000-000000000000";
const resourceGroupName = process.env["CONTAINERSERVICE_RESOURCE_GROUP"] || "rg1";
const resourceName = "clustername1";
const parameters = {
addonProfiles: {},
agentPoolProfiles: [
{
name: "nodepool1",
type: "VirtualMachineScaleSets",
availabilityZones: ["1", "2", "3"],
count: 3,
enableNodePublicIP: true,
mode: "System",
osType: "Linux",
vmSize: "Standard_DS1_v2",
},
],
autoScalerProfile: { scaleDownDelayAfterAdd: "15m", scanInterval: "20s" },
diskEncryptionSetID:
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
dnsPrefix: "dnsprefix1",
enableRbac: true,
identity: {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/00000000000000000000000000000000/resourcegroups/rgName1/providers/MicrosoftManagedIdentity/userAssignedIdentities/identity1":
{},
},
},
kubernetesVersion: "",
linuxProfile: {
adminUsername: "azureuser",
ssh: { publicKeys: [{ keyData: "keydata" }] },
},
location: "location1",
networkProfile: {
loadBalancerProfile: { managedOutboundIPs: { count: 2 } },
loadBalancerSku: "standard",
outboundType: "loadBalancer",
},
servicePrincipalProfile: { clientId: "clientid", secret: "secret" },
sku: { name: "Basic", tier: "Free" },
tags: { archv2: "", tier: "production" },
windowsProfile: {
adminPassword: "replacePassword1234$",
adminUsername: "azureuser",
gmsaProfile: { enabled: true },
},
};
const credential = new DefaultAzureCredential();
const client = new ContainerServiceClient(credential, subscriptionId);
const result = await client.managedClusters.beginCreateOrUpdateAndWait(
resourceGroupName,
resourceName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using Azure;
using Azure.ResourceManager;
using System;
using System.Text;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ContainerService.Models;
using Azure.ResourceManager.Models;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.ContainerService;
// Generated from example definition: specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-10-01/examples/ManagedClustersCreate_UpdateWindowsGmsa.json
// this example is just showing the usage of "ManagedClusters_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this ResourceGroupResource created on azure
// for more information of creating ResourceGroupResource, please refer to the document of ResourceGroupResource
string subscriptionId = "00000000-0000-0000-0000-000000000000";
string resourceGroupName = "rg1";
ResourceIdentifier resourceGroupResourceId = ResourceGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName);
ResourceGroupResource resourceGroupResource = client.GetResourceGroupResource(resourceGroupResourceId);
// get the collection of this ContainerServiceManagedClusterResource
ContainerServiceManagedClusterCollection collection = resourceGroupResource.GetContainerServiceManagedClusters();
// invoke the operation
string resourceName = "clustername1";
ContainerServiceManagedClusterData data = new ContainerServiceManagedClusterData(new AzureLocation("location1"))
{
Sku = new ManagedClusterSku
{
Name = new ManagedClusterSkuName("Basic"),
Tier = ManagedClusterSkuTier.Free,
},
ClusterIdentity = new ManagedClusterIdentity
{
ResourceIdentityType = "UserAssigned",
UserAssignedIdentities =
{
[new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1")] = new UserAssignedIdentity()
},
},
KubernetesVersion = "",
DnsPrefix = "dnsprefix1",
AgentPoolProfiles = {new ManagedClusterAgentPoolProfile("nodepool1")
{
Count = 3,
VmSize = "Standard_DS1_v2",
OSType = ContainerServiceOSType.Linux,
AgentPoolType = AgentPoolType.VirtualMachineScaleSets,
Mode = AgentPoolMode.System,
AvailabilityZones = {"1", "2", "3"},
EnableNodePublicIP = true,
}},
LinuxProfile = new ContainerServiceLinuxProfile("azureuser", new ContainerServiceSshConfiguration(new ContainerServiceSshPublicKey[]
{
new ContainerServiceSshPublicKey("keydata")
})),
WindowsProfile = new ManagedClusterWindowsProfile("azureuser")
{
AdminPassword = "replacePassword1234$",
GmsaProfile = new WindowsGmsaProfile
{
IsEnabled = true,
},
},
ServicePrincipalProfile = new ManagedClusterServicePrincipalProfile("clientid")
{
Secret = "secret",
},
AddonProfiles = { },
EnableRbac = true,
NetworkProfile = new ContainerServiceNetworkProfile
{
OutboundType = ContainerServiceOutboundType.LoadBalancer,
LoadBalancerSku = ContainerServiceLoadBalancerSku.Standard,
LoadBalancerProfile = new ManagedClusterLoadBalancerProfile
{
ManagedOutboundIPs = new ManagedClusterLoadBalancerProfileManagedOutboundIPs
{
Count = 2,
},
},
},
AutoScalerProfile = new ManagedClusterAutoScalerProfile
{
ScanIntervalInSeconds = "20s",
ScaleDownDelayAfterAdd = "15m",
},
DiskEncryptionSetId = new ResourceIdentifier("/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des"),
Tags =
{
["archv2"] = "",
["tier"] = "production"
},
};
ArmOperation<ContainerServiceManagedClusterResource> lro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, resourceName, data);
ContainerServiceManagedClusterResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ContainerServiceManagedClusterData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Resposta de exemplo
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Succeeded",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System",
"nodeImageVersion": "AKSUbuntu:1604:2020.03.11"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser",
"gmsaProfile": {
"enabled": true
}
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io",
"networkProfile": {
"loadBalancerSku": "basic",
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"principalId": "principalId1",
"clientId": "clientId1"
}
}
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1",
"location": "location1",
"name": "clustername1",
"tags": {
"archv2": "",
"tier": "production"
},
"type": "Microsoft.ContainerService/ManagedClusters",
"properties": {
"provisioningState": "Creating",
"maxAgentPools": 1,
"kubernetesVersion": "1.9.6",
"currentKubernetesVersion": "1.9.6",
"dnsPrefix": "dnsprefix1",
"agentPoolProfiles": [
{
"name": "nodepool1",
"count": 3,
"vmSize": "Standard_DS1_v2",
"maxPods": 110,
"osType": "Linux",
"provisioningState": "Creating",
"orchestratorVersion": "1.9.6",
"currentOrchestratorVersion": "1.9.6",
"type": "VirtualMachineScaleSets",
"availabilityZones": [
"1",
"2",
"3"
],
"enableNodePublicIP": true,
"mode": "System"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": "keydata"
}
]
}
},
"windowsProfile": {
"adminUsername": "azureuser",
"gmsaProfile": {
"enabled": true
}
},
"servicePrincipalProfile": {
"clientId": "clientid"
},
"nodeResourceGroup": "MC_rg1_clustername1_location1",
"enableRBAC": true,
"diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des",
"networkProfile": {
"networkPlugin": "kubenet",
"podCidr": "10.244.0.0/16",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"loadBalancerSku": "standard",
"outboundType": "loadBalancer",
"podCidrs": [
"10.244.0.0/16"
],
"serviceCidrs": [
"10.0.0.0/16"
],
"ipFamilies": [
"IPv4"
],
"loadBalancerProfile": {
"allocatedOutboundPorts": 2000,
"idleTimeoutInMinutes": 10,
"managedOutboundIPs": {
"count": 2
},
"effectiveOutboundIPs": [
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1"
},
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2"
}
]
}
},
"autoScalerProfile": {
"scan-interval": "20s",
"scale-down-delay-after-add": "15m"
}
},
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rgName1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity1": {
"principalId": "principalId1",
"clientId": "clientId1"
}
}
}
}
Definições
| Nome |
Descrição |
|
AdvancedNetworking
|
Perfil de rede avançado para habilitar o conjunto de recursos de observabilidade e segurança em um cluster. Para obter mais informações, consulte aka.ms/aksadvancednetworking.
|
|
AdvancedNetworkingObservability
|
Perfil de observabilidade para permitir métricas de rede avançadas e logs de fluxo com contextos históricos.
|
|
AdvancedNetworkingSecurity
|
Perfil de segurança para habilitar recursos de segurança no cluster baseado em cílio.
|
|
advancedNetworkPolicies
|
Habilite políticas de rede avançadas. Isso permite que os usuários configurem políticas de rede de Camada 7 (FQDN, HTTP, Kafka). As próprias políticas devem ser configuradas por meio dos recursos da Diretiva de Rede da Cílium, consulte https://docs.cilium.io/en/latest/security/policy/index.html. Isso só pode ser habilitado em clusters baseados em cílio. Se não for especificado, o valor padrão será FQDN se security.enabled estiver definido como true.
|
|
AgentPoolGatewayProfile
|
Perfil do pool de agentes de gateway de cluster gerenciado.
|
|
AgentPoolMode
|
O modo de um pool de agentes. Um cluster deve ter pelo menos um Pool de Agentes do 'Sistema' o tempo todo. Para obter informações adicionais sobre restrições e práticas recomendadas do pool de agentes, consulte: https://docs.microsoft.com/azure/aks/use-system-pools
|
|
AgentPoolNetworkProfile
|
Configurações de rede de um pool de agentes.
|
|
AgentPoolSecurityProfile
|
As configurações de segurança de um pool de agentes.
|
|
AgentPoolSSHAccess
|
Método de acesso SSH de um pool de agentes.
|
|
AgentPoolStatus
|
Contém informações somente leitura sobre o Pool de Agentes.
|
|
AgentPoolType
|
O tipo de pool de agentes.
|
|
AgentPoolUpgradeSettings
|
Configurações para atualizar um agentpool
|
|
AgentPoolWindowsProfile
|
O perfil específico do pool de agentes do Windows.
|
|
ArtifactSource
|
A fonte do artefato. A fonte de onde os artefatos são baixados.
|
|
AutoScalerProfile
|
Parâmetros a serem aplicados ao autoscaler de cluster quando ativado
|
|
AzureKeyVaultKms
|
Configurações do serviço de gerenciamento de chaves do Azure Key Vault para o perfil de segurança.
|
|
BackendPoolType
|
O tipo do BackendPool do Balanceador de Carga de entrada gerenciado.
|
|
ClusterUpgradeSettings
|
Configurações para atualizar um cluster.
|
|
code
|
Informa se o cluster está em execução ou interrompido
|
|
ContainerServiceLinuxProfile
|
Perfil para VMs Linux no cluster de serviço de contêiner.
|
|
ContainerServiceNetworkProfile
|
Perfil de configuração de rede.
|
|
ContainerServiceSshConfiguration
|
Configuração SSH para VMs baseadas em Linux em execução no Azure.
|
|
ContainerServiceSshPublicKey
|
Contém informações sobre dados de chave pública do certificado SSH.
|
|
createdByType
|
O tipo de identidade que criou o recurso.
|
|
CreationData
|
Dados usados ao criar um recurso de destino a partir de um recurso de origem.
|
|
DelegatedResource
|
Propriedades de recursos delegados - somente uso interno.
|
|
ErrorAdditionalInfo
|
O erro de gerenciamento de recursos informações adicionais.
|
|
ErrorDetail
|
O detalhe do erro.
|
|
ErrorResponse
|
Resposta de erro
|
|
expander
|
O expansor a ser usado durante a expansão. Se não for especificado, o padrão é 'aleatório'. Consulte expansores para obter mais informações.
|
|
ExtendedLocation
|
O tipo complexo do local estendido.
|
|
ExtendedLocationTypes
|
O tipo de localização ampliada.
|
|
GPUDriver
|
Se deseja instalar drivers de GPU. Quando não é especificado, o padrão é Instalar.
|
|
GPUInstanceProfile
|
GPUInstanceProfile a ser usado para especificar o perfil de instância MIG da GPU para GPU VM SKU suportado.
|
|
GPUProfile
|
Configurações de GPU para o pool de agentes.
|
|
Identity
|
Identidade do recurso.
|
|
ipFamily
|
As famílias IP usadas para especificar as versões IP disponíveis para o cluster. As famílias IP são usadas para determinar clusters de pilha única ou de pilha dupla. Para pilha única, o valor esperado é IPv4. Para dual-stack, os valores esperados são IPv4 e IPv6.
|
|
IPTag
|
Contém o IPTag associado ao objeto.
|
|
IstioCertificateAuthority
|
Configuração da Autoridade de Certificação (CA) Istio Service Mesh. Por enquanto, só suportamos certificados de plug-in conforme descrito aqui https://aka.ms/asm-plugin-ca
|
|
IstioComponents
|
Configuração de componentes Istio.
|
|
IstioEgressGateway
|
Configuração do gateway de saída do Istio.
|
|
IstioIngressGateway
|
Configuração do gateway de ingresso do Istio. Por enquanto, suportamos até um gateway de entrada externo chamado aks-istio-ingressgateway-external e um gateway de entrada interno chamado aks-istio-ingressgateway-internal.
|
|
IstioIngressGatewayMode
|
Modo de um gateway de entrada.
|
|
IstioPluginCertificateAuthority
|
Informações de certificados de plug-in para Service Mesh.
|
|
IstioServiceMesh
|
Configuração de malha de serviço Istio.
|
|
KeyVaultNetworkAccessTypes
|
Acesso à rede do cofre de chaves. Acesso à rede do cofre de chaves. Os valores possíveis são Public e Private.
Public significa que o cofre de chaves permite o acesso público a partir de todas as redes.
Private significa que o cofre de chaves desativa o acesso público e habilita o link privado. O valor predefinido é Public.
|
|
KubeletConfig
|
Configurações Kubelet de nós de agente. Consulte de configuração de nó personalizado do AKS para obter mais detalhes.
|
|
KubeletDiskType
|
Determina o posicionamento de volumes emptyDir, raiz de dados de tempo de execução do contêiner e armazenamento efêmero do Kubelet.
|
|
KubernetesSupportPlan
|
Diferentes níveis de suporte para clusters gerenciados pelo AKS
|
|
licenseType
|
O tipo de licença a ser usado para VMs do Windows. Consulte Benefícios do usuário híbrido do Azure para obter mais detalhes.
|
|
LinuxOSConfig
|
Configurações de SO de nós de agente Linux. Consulte de configuração de nó personalizado do AKS para obter mais detalhes.
|
|
loadBalancerSku
|
O sku do balanceador de carga para o cluster gerenciado. O padrão é 'padrão'. Consulte SKUs do Azure Load Balancer para obter mais informações sobre as diferenças entre SKUs do balanceador de carga.
|
|
LocalDNSForwardDestination
|
Servidor de destino para consultas DNS a serem encaminhadas do localDNS.
|
|
LocalDNSForwardPolicy
|
Política de encaminhamento para selecionar o servidor DNS upstream. Consulte forward plugin para obter mais informações.
|
|
LocalDNSMode
|
Modo de ativação para localDNS.
|
|
LocalDNSOverride
|
Substitui o perfil localDNS.
|
|
LocalDNSProfile
|
Configura o DNS local por nó, com substituições de VnetDNS e KubeDNS. LocalDNS ajuda a melhorar o desempenho e a confiabilidade da resolução DNS em um cluster AKS. Para mais detalhes, ver aka.ms/aks/localdns.
|
|
LocalDNSProtocol
|
Imponha TCP ou prefira o protocolo UDP para conexões de localDNS para servidor DNS upstream.
|
|
LocalDNSQueryLogging
|
Nível de log para consultas DNS no localDNS.
|
|
LocalDNSServeStale
|
Política para servir dados obsoletos. Consulte o plug-in de cache para obter mais informações.
|
|
LocalDNSState
|
Estado gerado pelo sistema de localDNS.
|
|
ManagedCluster
|
Cluster gerenciado.
|
|
ManagedClusterAADProfile
|
AADProfile especifica atributos para integração do Azure Ative Directory. Para obter mais detalhes, consulte AAD gerenciado no AKS.
|
|
ManagedClusterAddonProfile
|
Um perfil de complemento do Kubernetes para um cluster gerenciado.
|
|
ManagedClusterAgentPoolProfile
|
Perfil para o pool de agentes de serviço de contêiner.
|
|
ManagedClusterAIToolchainOperatorProfile
|
Ao habilitar o operador, um conjunto de CRDs e controladores gerenciados pelo AKS serão instalados no cluster. O operador automatiza a implantação de modelos OSS para fins de inferência e/ou treinamento. Ele fornece um conjunto de modelos predefinidos e permite a inferência distribuída em relação a eles.
|
|
ManagedClusterAPIServerAccessProfile
|
Perfil de acesso para o servidor de API de cluster gerenciado.
|
|
ManagedClusterAutoUpgradeProfile
|
Perfil de atualização automática para um cluster gerenciado.
|
|
ManagedClusterAzureMonitorProfile
|
Perfis de complemento do Azure Monitor para monitorar o cluster gerenciado.
|
|
ManagedClusterAzureMonitorProfileKubeStateMetrics
|
Perfil Kube State Metrics para o addon Azure Managed Prometheus. Essas configurações opcionais são para o pod kube-state-metrics que é implantado com o addon. Consulte aka.ms/AzureManagedPrometheus-optional-parameters para obter detalhes.
|
|
ManagedClusterAzureMonitorProfileMetrics
|
Perfil de métricas para o serviço gerenciado do Azure Monitor para Prometheus addon. Colete métricas de infraestrutura do Kubernetes prontas para uso para enviar a um Espaço de Trabalho do Azure Monitor e configure a raspagem adicional para destinos personalizados. Consulte aka.ms/AzureManagedPrometheus para obter uma visão geral.
|
|
ManagedClusterBootstrapProfile
|
O perfil de bootstrap.
|
|
ManagedClusterCostAnalysis
|
A configuração de análise de custo para o cluster
|
|
ManagedClusterHTTPProxyConfig
|
Configuração de proxy HTTP de cluster.
|
|
ManagedClusterIdentity
|
Identidade para o cluster gerenciado.
|
|
ManagedClusterIngressProfile
|
Perfil de entrada para o cluster de serviço de contêiner.
|
|
ManagedClusterIngressProfileNginx
|
|
|
ManagedClusterIngressProfileWebAppRouting
|
Configurações do complemento Roteamento de Aplicativo para o perfil de entrada.
|
|
ManagedClusterLoadBalancerProfile
|
Perfil do balanceador de carga de cluster gerenciado.
|
|
ManagedClusterManagedOutboundIPProfile
|
Perfil dos recursos IP de saída gerenciados do cluster gerenciado.
|
|
ManagedClusterMetricsProfile
|
O perfil de métricas para o ManagedCluster.
|
|
ManagedClusterNATGatewayProfile
|
Perfil do gateway NAT do cluster gerenciado.
|
|
ManagedClusterNodeProvisioningProfile
|
|
|
ManagedClusterNodeResourceGroupProfile
|
Perfil de bloqueio do grupo de recursos do nó para um cluster gerenciado.
|
|
ManagedClusterOIDCIssuerProfile
|
O perfil do emissor OIDC do Cluster Gerenciado.
|
|
ManagedClusterPodIdentity
|
Detalhes sobre a identidade do pod atribuída ao Cluster Gerenciado.
|
|
ManagedClusterPodIdentityException
|
Uma exceção de identidade de pod, que permite que pods com determinados rótulos acessem o ponto de extremidade IMDS (Serviço de Metadados de Instância do Azure) sem serem intercetados pelo servidor de identidade gerenciada pelo nó (NMI). Consulte desativar o AAD Pod Identity para um específico de Pod/Aplicativo para obter mais detalhes.
|
|
ManagedClusterPodIdentityProfile
|
O perfil de identidade do pod do Cluster Gerenciado. Consulte usar o de identidade do pod do AAD para obter mais detalhes sobre a integração da identidade do pod.
|
|
ManagedClusterPodIdentityProvisioningError
|
Uma resposta de erro do provisionamento de identidade do pod.
|
|
ManagedClusterPodIdentityProvisioningErrorBody
|
Uma resposta de erro do provisionamento de identidade do pod.
|
|
ManagedClusterPodIdentityProvisioningState
|
O estado de provisionamento atual da identidade do pod.
|
|
ManagedClusterSecurityProfile
|
Perfil de segurança para o cluster de serviço de contêiner.
|
|
ManagedClusterSecurityProfileDefender
|
Configurações do Microsoft Defender para o perfil de segurança.
|
|
ManagedClusterSecurityProfileDefenderSecurityMonitoring
|
Configurações do Microsoft Defender para a deteção de ameaças ao perfil de segurança.
|
|
ManagedClusterSecurityProfileImageCleaner
|
O Image Cleaner remove imagens não utilizadas dos nós, libertando espaço em disco e ajudando a reduzir a área da superfície de ataque. Aqui estão as configurações para o perfil de segurança.
|
|
ManagedClusterSecurityProfileWorkloadIdentity
|
Configurações de identidade de carga de trabalho para o perfil de segurança.
|
|
ManagedClusterServicePrincipalProfile
|
Informações sobre uma identidade de entidade de serviço para o cluster usar para manipular APIs do Azure.
|
|
ManagedClusterSKU
|
A SKU de um cluster gerenciado.
|
|
ManagedClusterSKUName
|
O nome de uma SKU de cluster gerenciado.
|
|
ManagedClusterSKUTier
|
A camada de uma SKU de cluster gerenciado. Se não for especificado, o padrão é 'Livre'. Consulte AKS Pricing Tier para obter mais detalhes.
|
|
ManagedClusterStaticEgressGatewayProfile
|
A configuração do complemento Static Egress Gateway para o cluster.
|
|
ManagedClusterStatus
|
Contém informações somente leitura sobre o Cluster Gerenciado.
|
|
ManagedClusterStorageProfile
|
Perfil de armazenamento para o cluster de serviço de contêiner.
|
|
ManagedClusterStorageProfileBlobCSIDriver
|
Configurações do AzureBlob CSI Driver para o perfil de armazenamento.
|
|
ManagedClusterStorageProfileDiskCSIDriver
|
Configurações do driver CSI do AzureDisk para o perfil de armazenamento.
|
|
ManagedClusterStorageProfileFileCSIDriver
|
Configurações do AzureFile CSI Driver para o perfil de armazenamento.
|
|
ManagedClusterStorageProfileSnapshotController
|
Configurações do Snapshot Controller para o perfil de armazenamento.
|
|
ManagedClusterWindowsProfile
|
Perfil para VMs do Windows no cluster gerenciado.
|
|
ManagedClusterWorkloadAutoScalerProfile
|
Perfil do dimensionador automático da carga de trabalho para o cluster gerenciado.
|
|
ManagedClusterWorkloadAutoScalerProfileKeda
|
Configurações KEDA (Kubernetes Event-driven Autoscaling) para o perfil de dimensionamento automático da carga de trabalho.
|
|
ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler
|
Configurações de VPA (Vertical Pod Autoscaler) para o perfil de dimensionamento automático da carga de trabalho.
|
|
ManagedOutboundIPs
|
IPs de saída gerenciados desejados para o balanceador de carga de cluster.
|
|
ManualScaleProfile
|
Especificações sobre o número de máquinas.
|
|
networkDataplane
|
Dataplane de rede usado no cluster Kubernetes.
|
|
networkMode
|
O modo de rede Azure CNI está configurado com. Isso não pode ser especificado se networkPlugin for algo diferente de 'azure'.
|
|
NetworkPlugin
|
Plug-in de rede usado para construir a rede Kubernetes.
|
|
NetworkPluginMode
|
O modo que o plugin de rede deve usar.
|
|
NetworkPolicy
|
Política de rede usada para criar a rede Kubernetes.
|
|
NginxIngressControllerType
|
Tipo de ingresso para o recurso personalizado padrão NginxIngressController
|
|
nodeOSUpgradeChannel
|
Canal de atualização do sistema operacional do nó. Maneira como o sistema operacional em seus nós é atualizado. O padrão é NodeImage.
|
|
NodeProvisioningDefaultNodePools
|
O conjunto de NodePools Karpenter (CRDs) padrão configurado para provisionamento de nós. Este campo não tem efeito a menos que o modo seja 'Auto'. Aviso: Alterar isso de Auto para Nenhum em um cluster existente fará com que os NodePools Karpenter padrão sejam excluídos, o que drenará e excluirá os nós associados a esses pools. É altamente recomendável não fazer isso, a menos que haja nós ociosos prontos para levar os pods removidos por essa ação. Se não for especificado, o padrão será Auto. Para obter mais informações, consulte aka.ms/aks/nap#node-pools.
|
|
NodeProvisioningMode
|
O modo de provisionamento do nó. Se não for especificado, o padrão é Manual.
|
|
OSDiskType
|
O tipo de disco do sistema operacional a ser usado para máquinas no pool de agentes. O padrão é 'Ephemeral' se a VM suportar e tiver um disco de cache maior do que o OSDiskSizeGB solicitado. Caso contrário, o padrão será 'Gerenciado'. Não pode ser alterado após a criação. Para obter mais informações, consulte Ephemeral OS.
|
|
OSSKU
|
Especifica a SKU do sistema operacional usada pelo pool de agentes. O padrão é Ubuntu se OSType é Linux. O padrão é Windows2019 quando o Kubernetes <= 1.24 ou Windows2022 quando o Kubernetes >= 1.25 se OSType for Windows.
|
|
OSType
|
O tipo de sistema operacional. O padrão é Linux.
|
|
OutboundIPPrefixes
|
Recursos de prefixo IP de saída desejados para o balanceador de carga de cluster.
|
|
OutboundIPs
|
Recursos IP de saída desejados para o balanceador de carga do cluster.
|
|
outboundType
|
O método de roteamento de saída (saída). Isso só pode ser definido no momento da criação do cluster e não pode ser alterado posteriormente. Para obter mais informações, consulte Tipo de saída de saída.
|
|
PodIPAllocationMode
|
Modo de alocação de IP do pod. O modo de alocação de IP para pods no pool de agentes. Deve ser usado com podSubnetId. O padrão é 'DynamicIndividual'.
|
|
PortRange
|
O intervalo de portas.
|
|
PowerState
|
Descreve o estado de energia do cluster
|
|
PrivateLinkResource
|
Um recurso de link privado
|
|
Protocol
|
O protocolo de rede da porta.
|
|
ProvisioningInfo
|
|
|
PublicNetworkAccess
|
PublicNetworkAccess do managedCluster. Permitir ou negar acesso à rede pública para o AKS
|
|
ResourceIdentityType
|
O tipo de identidade usado para o cluster gerenciado. Para obter mais informações, consulte Usar identidades gerenciadas no AKS.
|
|
ResourceReference
|
Uma referência a um recurso do Azure.
|
|
RestrictionLevel
|
O nível de restrição aplicado ao grupo de recursos do nó do cluster. Se não for especificado, o padrão será 'Sem restrições'
|
|
ScaleDownMode
|
Descreve como as VMs são adicionadas ou removidas dos Pools de Agentes. Consulte os estados de faturação.
|
|
ScaleProfile
|
Especificações sobre como dimensionar um pool de agentes VirtualMachines.
|
|
ScaleSetEvictionPolicy
|
A política de remoção do Conjunto de Dimensionamento de Máquina Virtual. A política de remoção especifica o que fazer com a VM quando ela é removida. O padrão é Excluir. Para obter mais informações sobre remoção, consulte VMs spot
|
|
ScaleSetPriority
|
A prioridade do Conjunto de Dimensionamento de Máquina Virtual.
|
|
ServiceMeshMode
|
Modo da malha de serviço.
|
|
ServiceMeshProfile
|
Perfil de malha de serviço para um cluster gerenciado.
|
|
SysctlConfig
|
Configurações de sysctl para nós de agente Linux.
|
|
systemData
|
Metadados referentes à criação e última modificação do recurso.
|
|
UndrainableNodeBehavior
|
Define o comportamento para nós não drenáveis durante a atualização. A causa mais comum de nós não drenáveis é Pod Disruption Budgets (PDBs), mas outros problemas, como o período de carência de término do pod está excedendo o tempo limite de drenagem por nó restante ou o pod ainda está em um estado de execução, também podem causar nós não drenáveis.
|
|
upgradeChannel
|
O canal de atualização para atualização automática. O padrão é 'nenhum'. Para obter mais informações, consulte a configuração do canal de atualização automática do cluster AKS.
|
|
UpgradeOverrideSettings
|
Configurações para substituições ao atualizar um cluster.
|
|
UserAssignedIdentities
|
A identidade do usuário associada ao cluster gerenciado. Esta identidade será utilizada no plano de controlo. Apenas uma identidade atribuída ao usuário é permitida. As chaves devem ser IDs de recursos ARM no formato: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
|
|
UserAssignedIdentity
|
Detalhes sobre uma identidade atribuída ao usuário.
|
|
VirtualMachineNodes
|
Status atual em um grupo de nós do mesmo tamanho vm.
|
|
VirtualMachinesProfile
|
Especificações no pool de agentes do VirtualMachines.
|
|
WindowsGmsaProfile
|
Perfil gMSA do Windows no cluster gerenciado.
|
|
WorkloadRuntime
|
Determina o tipo de carga de trabalho que um nó pode executar.
|
AdvancedNetworking
Objetivo
Perfil de rede avançado para habilitar o conjunto de recursos de observabilidade e segurança em um cluster. Para obter mais informações, consulte aka.ms/aksadvancednetworking.
| Nome |
Tipo |
Descrição |
|
enabled
|
boolean
|
Indica a habilitação de funcionalidades avançadas de rede de observabilidade e segurança em clusters AKS. Quando isso for definido como true, todos os recursos de observabilidade e segurança serão definidos como habilitados, a menos que explicitamente desativados. Se não for especificado, o padrão será false.
|
|
observability
|
AdvancedNetworkingObservability
|
Perfil de observabilidade para permitir métricas de rede avançadas e logs de fluxo com contextos históricos.
|
|
security
|
AdvancedNetworkingSecurity
|
Perfil de segurança para habilitar recursos de segurança no cluster baseado em cílio.
|
AdvancedNetworkingObservability
Objetivo
Perfil de observabilidade para permitir métricas de rede avançadas e logs de fluxo com contextos históricos.
| Nome |
Tipo |
Descrição |
|
enabled
|
boolean
|
Indica a ativação de funcionalidades avançadas de observabilidade de rede em clusters.
|
AdvancedNetworkingSecurity
Objetivo
Perfil de segurança para habilitar recursos de segurança no cluster baseado em cílio.
| Nome |
Tipo |
Descrição |
|
advancedNetworkPolicies
|
advancedNetworkPolicies
|
Habilite políticas de rede avançadas. Isso permite que os usuários configurem políticas de rede de Camada 7 (FQDN, HTTP, Kafka). As próprias políticas devem ser configuradas por meio dos recursos da Diretiva de Rede da Cílium, consulte https://docs.cilium.io/en/latest/security/policy/index.html. Isso só pode ser habilitado em clusters baseados em cílio. Se não for especificado, o valor padrão será FQDN se security.enabled estiver definido como true.
|
|
enabled
|
boolean
|
Esse recurso permite que o usuário configure a política de rede com base em nomes DNS (FQDN). Ele só pode ser ativado em clusters baseados em cílio. Se não for especificado, o padrão será false.
|
advancedNetworkPolicies
Enumeração
Habilite políticas de rede avançadas. Isso permite que os usuários configurem políticas de rede de Camada 7 (FQDN, HTTP, Kafka). As próprias políticas devem ser configuradas por meio dos recursos da Diretiva de Rede da Cílium, consulte https://docs.cilium.io/en/latest/security/policy/index.html. Isso só pode ser habilitado em clusters baseados em cílio. Se não for especificado, o valor padrão será FQDN se security.enabled estiver definido como true.
| Valor |
Descrição |
|
L7
|
Habilite as políticas de rede Layer7 (FQDN, HTTP/S, Kafka). Esta opção é um superconjunto da opção FQDN.
|
|
FQDN
|
Habilitar diretivas de rede baseadas em FQDN
|
|
None
|
Desativar políticas de rede da Camada 7 (FQDN, HTTP/S, Kafka)
|
AgentPoolGatewayProfile
Objetivo
Perfil do pool de agentes de gateway de cluster gerenciado.
| Nome |
Tipo |
Valor padrão |
Descrição |
|
publicIPPrefixSize
|
integer
(int32)
minimum: 28
maximum: 31
|
31
|
O pool de agentes de gateway associa um IPPrefix público para cada gateway de saída estático para fornecer saída pública. O tamanho do IPPrefix público deve ser selecionado pelo usuário. Cada nó no pool de agentes é atribuído com um IP do IPPrefix. O tamanho do IPPrefix serve, portanto, como um limite no tamanho do pool de agentes do Gateway. Devido à limitação de tamanho do IPPrefix público do Azure, o intervalo de valores válido é [28, 31] (/31 = 2 nós/IPs, /30 = 4 nós/IPs, /29 = 8 nós/IPs, /28 = 16 nós/IPs). O valor padrão é 31.
|
AgentPoolMode
Enumeração
O modo de um pool de agentes. Um cluster deve ter pelo menos um Pool de Agentes do 'Sistema' o tempo todo. Para obter informações adicionais sobre restrições e práticas recomendadas do pool de agentes, consulte: https://docs.microsoft.com/azure/aks/use-system-pools
| Valor |
Descrição |
|
System
|
Os pools de agentes do sistema são principalmente para hospedar pods críticos do sistema, como CoreDNS e metrics-server. Os pools de agentes do sistema osType devem ser Linux. Os pools de agentes do sistema VM SKU devem ter pelo menos 2vCPUs e 4GB de memória.
|
|
User
|
Os pools de agentes de usuário são principalmente para hospedar seus pods de aplicativo.
|
|
Gateway
|
Os pools de agentes de gateway são dedicados a fornecer IPs de saída estáticos para pods. Para obter mais detalhes, veja https://aka.ms/aks/static-egress-gateway.
|
AgentPoolNetworkProfile
Objetivo
Configurações de rede de um pool de agentes.
| Nome |
Tipo |
Descrição |
|
allowedHostPorts
|
PortRange[]
|
Os intervalos de porta que têm permissão para acessar. Os intervalos especificados podem sobrepor-se.
|
|
applicationSecurityGroups
|
string[]
(arm-id)
|
As IDs dos grupos de segurança de aplicativos que o pool de agentes associará quando criado.
|
|
nodePublicIPTags
|
IPTag[]
|
IPTags de IPs públicos de nível de instância.
|
AgentPoolSecurityProfile
Objetivo
As configurações de segurança de um pool de agentes.
| Nome |
Tipo |
Descrição |
|
enableSecureBoot
|
boolean
|
A Inicialização Segura é um recurso do Trusted Launch que garante que apenas sistemas operacionais e drivers assinados possam inicializar. Para obter mais detalhes, consulte aka.ms/aks/trustedlaunch. Se não for especificado, o padrão será false.
|
|
enableVTPM
|
boolean
|
O vTPM é um recurso de inicialização confiável para configurar um cofre seguro dedicado para chaves e medições mantidas localmente no nó. Para obter mais detalhes, consulte aka.ms/aks/trustedlaunch. Se não for especificado, o padrão será false.
|
|
sshAccess
|
AgentPoolSSHAccess
|
Método de acesso SSH de um pool de agentes.
|
AgentPoolSSHAccess
Enumeração
Método de acesso SSH de um pool de agentes.
| Valor |
Descrição |
|
LocalUser
|
Pode SSH no nó como um usuário local usando chave privada.
|
|
Disabled
|
O serviço SSH será desativado no nó.
|
AgentPoolStatus
Objetivo
Contém informações somente leitura sobre o Pool de Agentes.
| Nome |
Tipo |
Descrição |
|
provisioningError
|
ErrorDetail
|
As informações de detalhes do erro do pool de agentes. Preserva as informações detalhadas da falha. Se não houve erro, este campo é omitido.
|
AgentPoolType
Enumeração
O tipo de pool de agentes.
| Valor |
Descrição |
|
VirtualMachineScaleSets
|
Crie um Pool de Agentes apoiado por um Conjunto de Dimensionamento de Máquina Virtual.
|
|
AvailabilitySet
|
O seu uso é fortemente desencorajado.
|
|
VirtualMachines
|
Crie um pool de agentes apoiado por um modo de orquestração de VM de instância única.
|
AgentPoolUpgradeSettings
Objetivo
Configurações para atualizar um agentpool
| Nome |
Tipo |
Descrição |
|
drainTimeoutInMinutes
|
integer
(int32)
minimum: 1
maximum: 1440
|
O tempo limite de drenagem para um nó. A quantidade de tempo (em minutos) para aguardar a remoção de pods e terminação graciosa por nó. Este tempo de espera de despejo honra a espera em orçamentos de interrupção de pod. Se esse tempo for excedido, a atualização falhará. Se não for especificado, o padrão é 30 minutos.
|
|
maxSurge
|
string
|
O número máximo ou a porcentagem de nós que são aumentados durante a atualização. Este valor pode ser definido como um número inteiro (por exemplo, «5») ou uma percentagem (por exemplo, «50%»). Se uma porcentagem for especificada, será a porcentagem do tamanho total do pool de agentes no momento da atualização. Para porcentagens, os nós fracionários são arredondados para cima. Se não for especificado, o padrão será 10%. Para obter mais informações, incluindo práticas recomendadas, consulte: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster
|
|
maxUnavailable
|
string
|
O número máximo ou a porcentagem de nós que podem estar simultaneamente indisponíveis durante a atualização. Este valor pode ser definido como um número inteiro (por exemplo, «1») ou uma percentagem (por exemplo, «5%»). Se uma porcentagem for especificada, será a porcentagem do tamanho total do pool de agentes no momento da atualização. Para porcentagens, os nós fracionários são arredondados para cima. Se não for especificado, o padrão será 0. Para obter mais informações, incluindo práticas recomendadas, consulte: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster
|
|
nodeSoakDurationInMinutes
|
integer
(int32)
minimum: 0
maximum: 30
|
A duração de imersão de um nó. A quantidade de tempo (em minutos) para esperar depois de drenar um nó e antes de recriar a imagem e passar para o próximo nó. Se não for especificado, o padrão será 0 minutos.
|
|
undrainableNodeBehavior
|
UndrainableNodeBehavior
|
Define o comportamento para nós não drenáveis durante a atualização. A causa mais comum de nós não drenáveis é Pod Disruption Budgets (PDBs), mas outros problemas, como o período de carência de término do pod está excedendo o tempo limite de drenagem por nó restante ou o pod ainda está em um estado de execução, também podem causar nós não drenáveis.
|
AgentPoolWindowsProfile
Objetivo
O perfil específico do pool de agentes do Windows.
| Nome |
Tipo |
Descrição |
|
disableOutboundNat
|
boolean
|
Se deseja desativar OutboundNAT em nós do Windows. O valor predefinido é false. O NAT de saída só pode ser desabilitado se o cluster outboundType for NAT Gateway e o pool de agentes do Windows não tiver o IP público do nó habilitado.
|
ArtifactSource
Enumeração
A fonte do artefato. A fonte de onde os artefatos são baixados.
| Valor |
Descrição |
|
Direct
|
extrair imagens do Microsoft Artifact Registry
|
|
Cache
|
extrair imagens do Registro de Contêiner do Azure com cache
|
AutoScalerProfile
Objetivo
Parâmetros a serem aplicados ao autoscaler de cluster quando ativado
| Nome |
Tipo |
Descrição |
|
balance-similar-node-groups
|
string
|
Detecta agrupamentos de nós semelhantes e equilibra o número de nós entre eles. Os valores válidos são 'true' e 'false'
|
|
daemonset-eviction-for-empty-nodes
|
boolean
|
Os pods DaemonSet serão terminados graciosamente a partir de nós vazios. Se definido como true, todos os pods daemonset em nós vazios serão removidos antes da exclusão do nó. Se o pod daemonset não puder ser removido, outro nó será escolhido para dimensionamento. Se definido como false, o nó será excluído sem garantir que os pods daemonset sejam excluídos ou removidos.
|
|
daemonset-eviction-for-occupied-nodes
|
boolean
|
Os pods DaemonSet serão terminados graciosamente a partir de nós não vazios. Se definido como true, todos os pods daemonset em nós ocupados serão removidos antes da exclusão do nó. Se o pod daemonset não puder ser removido, outro nó será escolhido para dimensionamento. Se definido como false, o nó será excluído sem garantir que os pods daemonset sejam excluídos ou removidos.
|
|
expander
|
expander
|
O expansor a ser usado durante a expansão. Se não for especificado, o padrão é 'aleatório'. Consulte expansores para obter mais informações.
|
|
ignore-daemonsets-utilization
|
boolean
|
A autoridade de certificação deve ignorar os pods DaemonSet ao calcular a utilização de recursos para reduzir a escala. Se definido como true, os recursos usados pelo daemonset serão levados em conta ao tomar decisões de redução.
|
|
max-empty-bulk-delete
|
string
|
O número máximo de nós vazios que podem ser excluídos ao mesmo tempo. Este deve ser um número inteiro positivo. O padrão é 10.
|
|
max-graceful-termination-sec
|
string
|
O número máximo de segundos que o autoscaler do cluster aguarda o encerramento do pod ao tentar reduzir a escala de um nó. O padrão é 600.
|
|
max-node-provision-time
|
string
|
O tempo máximo que o autoscaler aguarda para que um nó seja provisionado. O padrão é '15m'. Os valores devem ser um inteiro seguido de um 'm'. Nenhuma unidade de tempo além de minutos (m) é suportada.
|
|
max-total-unready-percentage
|
string
|
A porcentagem máxima de nós desprontos no cluster. Depois que essa porcentagem é excedida, o autoscaler do cluster interrompe as operações. O padrão é 45. O máximo é 100 e o mínimo é 0.
|
|
new-pod-scale-up-delay
|
string
|
Ignore pods não programados antes de terem uma certa idade. Para cenários como burst/batch scale em que você não quer que a CA aja antes que o agendador do kubernetes possa agendar todos os pods, você pode dizer à CA para ignorar pods não programados antes que eles tenham uma certa idade. O padrão é '0s'. Os valores devem ser um número inteiro seguido de uma unidade («s» durante segundos, «m» durante minutos, «h» durante horas, etc.).
|
|
ok-total-unready-count
|
string
|
O número de nós não prontos permitidos, independentemente da porcentagem máxima de total não pronto. Este deve ser um número inteiro. O padrão é 3.
|
|
scale-down-delay-after-add
|
string
|
Quanto tempo após escalar para cima é retomada a avaliação de redução de escala. O padrão é '10m'. Os valores devem ser um inteiro seguido de um 'm'. Nenhuma unidade de tempo além de minutos (m) é suportada.
|
|
scale-down-delay-after-delete
|
string
|
Quanto tempo após a exclusão do nó a avaliação de redução é retomada. O padrão é o intervalo de varredura. Os valores devem ser um inteiro seguido de um 'm'. Nenhuma unidade de tempo além de minutos (m) é suportada.
|
|
scale-down-delay-after-failure
|
string
|
Quanto tempo depois da falha de redução de escala essa avaliação de redução é retomada. O padrão é '3m'. Os valores devem ser um inteiro seguido de um 'm'. Nenhuma unidade de tempo além de minutos (m) é suportada.
|
|
scale-down-unneeded-time
|
string
|
Por quanto tempo um nó deve ser desnecessário antes de ser elegível para redução de escala. O padrão é '10m'. Os valores devem ser um inteiro seguido de um 'm'. Nenhuma unidade de tempo além de minutos (m) é suportada.
|
|
scale-down-unready-time
|
string
|
Por quanto tempo um nó despronto deve ser desnecessário antes de ser elegível para redução de escala. O padrão é '20m'. Os valores devem ser um inteiro seguido de um 'm'. Nenhuma unidade de tempo além de minutos (m) é suportada.
|
|
scale-down-utilization-threshold
|
string
|
Nível de utilização do nó, definido como a soma dos recursos solicitados divididos pela capacidade, abaixo do qual um nó pode ser considerado para redução de escala. O padrão é '0.5'.
|
|
scan-interval
|
string
|
Com que frequência o cluster é reavaliado para aumentar ou diminuir a escala. O padrão é '10'. Os valores devem ser um número inteiro de segundos.
|
|
skip-nodes-with-local-storage
|
string
|
Se o autoscaler do cluster ignorar a exclusão de nós com pods com armazenamento local, por exemplo, EmptyDir ou HostPath. O padrão é verdadeiro.
|
|
skip-nodes-with-system-pods
|
string
|
Se o cluster autoscaler ignorará a exclusão de nós com pods do kube-system (exceto para DaemonSet ou mirror pods). O padrão é verdadeiro.
|
AzureKeyVaultKms
Objetivo
Configurações do serviço de gerenciamento de chaves do Azure Key Vault para o perfil de segurança.
| Nome |
Tipo |
Valor padrão |
Descrição |
|
enabled
|
boolean
|
|
Se o serviço de gerenciamento de chaves do Azure Key Vault deve ser habilitado. O padrão é "false".
|
|
keyId
|
string
|
|
Identificador da chave do Cofre da Chave do Azure. Consulte o formato do identificador de chave para obter mais detalhes. Quando o serviço de gerenciamento de chaves do Azure Key Vault está habilitado, esse campo é obrigatório e deve ser um identificador de chave válido. Quando o serviço de gerenciamento de chaves do Azure Key Vault estiver desabilitado, deixe o campo vazio.
|
|
keyVaultNetworkAccess
|
KeyVaultNetworkAccessTypes
|
Public
|
Acesso à rede do cofre de chaves. Acesso à rede do cofre de chaves. Os valores possíveis são Public e Private.
Public significa que o cofre de chaves permite o acesso público a partir de todas as redes.
Private significa que o cofre de chaves desativa o acesso público e habilita o link privado. O valor predefinido é Public.
|
|
keyVaultResourceId
|
string
(arm-id)
|
|
ID do recurso do cofre de chaves. Quando keyVaultNetworkAccess é Private, este campo é obrigatório e deve ser um ID de recurso válido. Quando keyVaultNetworkAccess for Public, deixe o campo vazio.
|
BackendPoolType
Enumeração
O tipo do BackendPool do Balanceador de Carga de entrada gerenciado.
ClusterUpgradeSettings
Objetivo
Configurações para atualizar um cluster.
code
Enumeração
Informa se o cluster está em execução ou interrompido
| Valor |
Descrição |
|
Running
|
O cluster está em execução.
|
|
Stopped
|
O cluster é interrompido.
|
ContainerServiceLinuxProfile
Objetivo
Perfil para VMs Linux no cluster de serviço de contêiner.
| Nome |
Tipo |
Descrição |
|
adminUsername
|
string
pattern: ^[A-Za-z][-A-Za-z0-9_]*$
|
O nome de usuário do administrador a ser usado para VMs Linux.
|
|
ssh
|
ContainerServiceSshConfiguration
|
A configuração SSH para VMs baseadas em Linux em execução no Azure.
|
ContainerServiceNetworkProfile
Objetivo
Perfil de configuração de rede.
| Nome |
Tipo |
Valor padrão |
Descrição |
|
advancedNetworking
|
AdvancedNetworking
|
|
Perfil de rede avançado para habilitar o conjunto de recursos de observabilidade e segurança em um cluster. Para obter mais informações, consulte aka.ms/aksadvancednetworking.
|
|
dnsServiceIP
|
string
pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
|
10.0.0.10
|
Um endereço IP atribuído ao serviço DNS do Kubernetes. Ele deve estar dentro do intervalo de endereços de serviço do Kubernetes especificado em serviceCidr.
|
|
ipFamilies
|
ipFamily[]
|
|
As famílias IP usadas para especificar as versões IP disponíveis para o cluster. As famílias IP são usadas para determinar clusters de pilha única ou de pilha dupla. Para pilha única, o valor esperado é IPv4. Para dual-stack, os valores esperados são IPv4 e IPv6.
|
|
loadBalancerProfile
|
ManagedClusterLoadBalancerProfile
|
|
Perfil do balanceador de carga do cluster.
|
|
loadBalancerSku
|
loadBalancerSku
|
|
O sku do balanceador de carga para o cluster gerenciado. O padrão é 'padrão'. Consulte SKUs do Azure Load Balancer para obter mais informações sobre as diferenças entre SKUs do balanceador de carga.
|
|
natGatewayProfile
|
ManagedClusterNATGatewayProfile
|
|
Perfil do gateway NAT do cluster.
|
|
networkDataplane
|
networkDataplane
|
|
Dataplane de rede usado no cluster Kubernetes.
|
|
networkMode
|
networkMode
|
|
O modo de rede Azure CNI está configurado com. Isso não pode ser especificado se networkPlugin for algo diferente de 'azure'.
|
|
networkPlugin
|
NetworkPlugin
|
|
Plug-in de rede usado para construir a rede Kubernetes.
|
|
networkPluginMode
|
NetworkPluginMode
|
|
O modo que o plugin de rede deve usar.
|
|
networkPolicy
|
NetworkPolicy
|
|
Política de rede usada para criar a rede Kubernetes.
|
|
outboundType
|
outboundType
|
loadBalancer
|
O método de roteamento de saída (saída). Isso só pode ser definido no momento da criação do cluster e não pode ser alterado posteriormente. Para obter mais informações, consulte Tipo de saída de saída.
|
|
podCidr
|
string
pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
|
10.244.0.0/16
|
Um intervalo de IP de notação CIDR a partir do qual atribuir IPs pod quando kubenet é usado.
|
|
podCidrs
|
string[]
|
|
O IP de notação CIDR varia a partir do qual atribuir IPs pod. Um CIDR IPv4 é esperado para redes de pilha única. Dois CIDRs, um para cada família IP (IPv4/IPv6), são esperados para redes de pilha dupla.
|
|
serviceCidr
|
string
pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$
|
10.0.0.0/16
|
Um intervalo de IP de notação CIDR a partir do qual atribuir IPs de cluster de serviço. Ele não deve se sobrepor a nenhum intervalo IP de sub-rede.
|
|
serviceCidrs
|
string[]
|
|
O IP de notação CIDR varia a partir do qual atribuir IPs de cluster de serviço. Um CIDR IPv4 é esperado para redes de pilha única. Dois CIDRs, um para cada família IP (IPv4/IPv6), são esperados para redes de pilha dupla. Eles não devem se sobrepor a nenhum intervalo IP de sub-rede.
|
|
staticEgressGatewayProfile
|
ManagedClusterStaticEgressGatewayProfile
|
|
O perfil para o addon Static Egress Gateway. Para obter mais detalhes sobre o Static Egress Gateway, consulte https://aka.ms/aks/static-egress-gateway.
|
ContainerServiceSshConfiguration
Objetivo
Configuração SSH para VMs baseadas em Linux em execução no Azure.
| Nome |
Tipo |
Descrição |
|
publicKeys
|
ContainerServiceSshPublicKey[]
|
A lista de chaves públicas SSH usadas para autenticar com VMs baseadas em Linux. Pode ser especificado um máximo de 1 chave.
|
ContainerServiceSshPublicKey
Objetivo
Contém informações sobre dados de chave pública do certificado SSH.
| Nome |
Tipo |
Descrição |
|
keyData
|
string
|
Chave pública de certificado usada para autenticar com VMs por meio de SSH. O certificado deve estar em formato PEM com ou sem cabeçalhos.
|
createdByType
Enumeração
O tipo de identidade que criou o recurso.
| Valor |
Descrição |
|
User
|
|
|
Application
|
|
|
ManagedIdentity
|
|
|
Key
|
|
CreationData
Objetivo
Dados usados ao criar um recurso de destino a partir de um recurso de origem.
| Nome |
Tipo |
Descrição |
|
sourceResourceId
|
string
(arm-id)
|
Este é o ID ARM do objeto de origem a ser usado para criar o objeto de destino.
|
DelegatedResource
Objetivo
Propriedades de recursos delegados - somente uso interno.
| Nome |
Tipo |
Descrição |
|
location
|
string
|
O local do recurso de origem - somente uso interno.
|
|
referralResource
|
string
|
O ID de delegação da delegação de referência (opcional) - apenas para uso interno.
|
|
resourceId
|
string
|
A ID do recurso ARM do recurso delegado - apenas para uso interno.
|
|
tenantId
|
string
(uuid)
|
A ID do locatário do recurso delegado - somente uso interno.
|
ErrorAdditionalInfo
Objetivo
O erro de gerenciamento de recursos informações adicionais.
| Nome |
Tipo |
Descrição |
|
info
|
object
|
As informações adicionais.
|
|
type
|
string
|
O tipo de informação adicional.
|
ErrorDetail
Objetivo
O detalhe do erro.
| Nome |
Tipo |
Descrição |
|
additionalInfo
|
ErrorAdditionalInfo[]
|
O erro informações adicionais.
|
|
code
|
string
|
O código de erro.
|
|
details
|
ErrorDetail[]
|
Os detalhes do erro.
|
|
message
|
string
|
A mensagem de erro.
|
|
target
|
string
|
O destino do erro.
|
ErrorResponse
Objetivo
Resposta de erro
| Nome |
Tipo |
Descrição |
|
error
|
ErrorDetail
|
O objeto de erro.
|
expander
Enumeração
O expansor a ser usado durante a expansão. Se não for especificado, o padrão é 'aleatório'. Consulte expansores para obter mais informações.
| Valor |
Descrição |
|
least-waste
|
Seleciona o grupo de nós que terá a CPU menos ociosa (se vinculada, memória não utilizada) após a expansão. Isso é útil quando você tem diferentes classes de nós, por exemplo, nós de alta CPU ou alta memória, e só deseja expandi-los quando há pods pendentes que precisam de muitos desses recursos.
|
|
most-pods
|
Seleciona o grupo de nós que seria capaz de agendar o maior número de pods ao aumentar a escala. Isso é útil quando você está usando nodeSelector para garantir que certos pods aterrissem em determinados nós. Observe que isso não fará com que o autoscaler selecione nós maiores versus menores, pois ele pode adicionar vários nós menores de uma só vez.
|
|
priority
|
Seleciona o grupo de nós que tem a prioridade mais alta atribuída pelo usuário. Sua configuração é descrita em mais detalhes aqui.
|
|
random
|
Usado quando você não tem uma necessidade específica de que os grupos de nós sejam dimensionados de forma diferente.
|
ExtendedLocation
Objetivo
O tipo complexo do local estendido.
| Nome |
Tipo |
Descrição |
|
name
|
string
|
O nome do local estendido.
|
|
type
|
ExtendedLocationTypes
|
O tipo de localização ampliada.
|
ExtendedLocationTypes
Enumeração
O tipo de localização ampliada.
GPUDriver
Enumeração
Se deseja instalar drivers de GPU. Quando não é especificado, o padrão é Instalar.
| Valor |
Descrição |
|
Install
|
Instale o driver.
|
|
None
|
Ignorar a instalação do driver.
|
GPUInstanceProfile
Enumeração
GPUInstanceProfile a ser usado para especificar o perfil de instância MIG da GPU para GPU VM SKU suportado.
| Valor |
Descrição |
|
MIG1g
|
|
|
MIG2g
|
|
|
MIG3g
|
|
|
MIG4g
|
|
|
MIG7g
|
|
GPUProfile
Objetivo
Configurações de GPU para o pool de agentes.
| Nome |
Tipo |
Descrição |
|
driver
|
GPUDriver
|
Se deseja instalar drivers de GPU. Quando não é especificado, o padrão é Instalar.
|
Identity
Objetivo
Identidade do recurso.
| Nome |
Tipo |
Descrição |
|
principalId
|
string
(uuid)
|
A ID principal da identidade do recurso. O valor deve ser um UUID.
|
|
tenantId
|
string
(uuid)
|
A ID do locatário do recurso. O valor deve ser um UUID.
|
|
type
|
ResourceIdentityType
|
O tipo de identidade.
|
ipFamily
Enumeração
As famílias IP usadas para especificar as versões IP disponíveis para o cluster. As famílias IP são usadas para determinar clusters de pilha única ou de pilha dupla. Para pilha única, o valor esperado é IPv4. Para dual-stack, os valores esperados são IPv4 e IPv6.
| Valor |
Descrição |
|
IPv4
|
|
|
IPv6
|
|
IPTag
Objetivo
Contém o IPTag associado ao objeto.
| Nome |
Tipo |
Descrição |
|
ipTagType
|
string
|
O tipo de tag IP. Exemplo: RoutingPreference.
|
|
tag
|
string
|
O valor da tag IP associada ao IP público. Exemplo: Internet.
|
IstioCertificateAuthority
Objetivo
Configuração da Autoridade de Certificação (CA) Istio Service Mesh. Por enquanto, só suportamos certificados de plug-in conforme descrito aqui https://aka.ms/asm-plugin-ca
IstioComponents
Objetivo
Configuração de componentes Istio.
IstioEgressGateway
Objetivo
Configuração do gateway de saída do Istio.
| Nome |
Tipo |
Descrição |
|
enabled
|
boolean
|
Se o gateway de saída deve ser habilitado.
|
|
gatewayConfigurationName
|
string
|
Nome do recurso personalizado de configuração do gateway para o gateway de saída do complemento Istio. Deve ser especificado ao habilitar o gateway de saída do Istio. Deve ser implantado no mesmo namespace em que o gateway de saída do Istio será implantado.
|
|
name
|
string
pattern: [a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*
|
Nome do gateway de saída do complemento Istio.
|
|
namespace
|
string
|
Namespace no qual o gateway de saída do complemento Istio deve ser implantado. Se não especificado, o padrão é aks-istio-egress.
|
IstioIngressGateway
Objetivo
Configuração do gateway de ingresso do Istio. Por enquanto, suportamos até um gateway de entrada externo chamado aks-istio-ingressgateway-external e um gateway de entrada interno chamado aks-istio-ingressgateway-internal.
| Nome |
Tipo |
Descrição |
|
enabled
|
boolean
|
Se o gateway de entrada deve ser habilitado.
|
|
mode
|
IstioIngressGatewayMode
|
Modo de um gateway de entrada.
|
IstioIngressGatewayMode
Enumeração
Modo de um gateway de entrada.
| Valor |
Descrição |
|
External
|
O gateway de entrada recebe um endereço IP público e é acessível publicamente.
|
|
Internal
|
O gateway de entrada recebe um endereço IP interno e não pode ser acessado publicamente.
|
IstioPluginCertificateAuthority
Objetivo
Informações de certificados de plug-in para Service Mesh.
| Nome |
Tipo |
Descrição |
|
certChainObjectName
|
string
|
Nome do objeto da cadeia de certificados no Cofre da Chave do Azure.
|
|
certObjectName
|
string
|
Nome do objeto de certificado intermediário no Cofre da Chave do Azure.
|
|
keyObjectName
|
string
|
Nome do objeto de chave privada de certificado intermediário no Cofre de Chaves do Azure.
|
|
keyVaultId
|
string
(arm-id)
|
O ID do recurso do Cofre da Chave.
|
|
rootCertObjectName
|
string
|
Nome do objeto de certificado raiz no Cofre da Chave do Azure.
|
IstioServiceMesh
Objetivo
Configuração de malha de serviço Istio.
KeyVaultNetworkAccessTypes
Enumeração
Acesso à rede do cofre de chaves. Acesso à rede do cofre de chaves. Os valores possíveis são Public e Private.
Public significa que o cofre de chaves permite o acesso público a partir de todas as redes.
Private significa que o cofre de chaves desativa o acesso público e habilita o link privado. O valor predefinido é Public.
| Valor |
Descrição |
|
Public
|
|
|
Private
|
|
KubeletConfig
Objetivo
Configurações Kubelet de nós de agente. Consulte de configuração de nó personalizado do AKS para obter mais detalhes.
| Nome |
Tipo |
Descrição |
|
allowedUnsafeSysctls
|
string[]
|
Lista permitida de sysctls não seguros ou padrões de sysctl não seguros (terminando em *).
|
|
containerLogMaxFiles
|
integer
(int32)
minimum: 2
|
O número máximo de arquivos de log de contêiner que podem estar presentes para um contêiner. O número deve ser ≥ 2.
|
|
containerLogMaxSizeMB
|
integer
(int32)
|
O tamanho máximo (por exemplo, 10Mi) do arquivo de log do contêiner antes de ser girado.
|
|
cpuCfsQuota
|
boolean
|
Se a imposição de cota CFS da CPU estiver habilitada para contêineres que especificam limites de CPU. O padrão é verdadeiro.
|
|
cpuCfsQuotaPeriod
|
string
|
O valor do período de cota CFS da CPU. O padrão é '100ms'. Os valores válidos são uma sequência de números decimais com uma fração opcional e um sufixo unitário. Por exemplo: '300ms', '2h45m'. As unidades suportadas são 'ns', 'us', 'ms', 's', 'm' e 'h'.
|
|
cpuManagerPolicy
|
string
|
A política do CPU Manager a ser usada. O padrão é 'nenhum'. Consulte Políticas de gerenciamento de CPU do Kubernetes para obter mais informações. Os valores permitidos são 'nenhum' e 'estático'.
|
|
failSwapOn
|
boolean
|
Se definido como true, fará com que o Kubelet falhe ao iniciar se a troca estiver habilitada no nó.
|
|
imageGcHighThreshold
|
integer
(int32)
|
A porcentagem de uso do disco após a qual a coleta de lixo de imagem é sempre executada. Para desativar a coleta de lixo de imagem, defina como 100. O padrão é 85%
|
|
imageGcLowThreshold
|
integer
(int32)
|
A porcentagem de uso do disco antes da qual a coleta de lixo de imagem nunca é executada. Isso não pode ser definido acima de imageGcHighThreshold. O padrão é 80%
|
|
podMaxPids
|
integer
(int32)
|
O número máximo de processos por pod.
|
|
topologyManagerPolicy
|
string
|
A política do Gerenciador de Topologias a ser usada. Para obter mais informações, consulte Gerenciador de topologia do Kubernetes. O padrão é 'nenhum'. Os valores permitidos são 'none', 'best-effort', 'restricted' e 'single-numa-node'.
|
KubeletDiskType
Enumeração
Determina o posicionamento de volumes emptyDir, raiz de dados de tempo de execução do contêiner e armazenamento efêmero do Kubelet.
| Valor |
Descrição |
|
OS
|
Kubelet usará o disco do sistema operacional para seus dados.
|
|
Temporary
|
Kubelet usará o disco temporário para seus dados.
|
KubernetesSupportPlan
Enumeração
Diferentes níveis de suporte para clusters gerenciados pelo AKS
| Valor |
Descrição |
|
KubernetesOfficial
|
O suporte para a versão é o mesmo que para a oferta de código aberto do Kubernetes. Versões oficiais de suporte da comunidade de código aberto Kubernetes por 1 ano após o lançamento.
|
|
AKSLongTermSupport
|
Suporte para a versão estendida além do suporte KubernetesOfficial de 1 ano. O AKS continua a corrigir CVEs por mais 1 ano, para um total de 2 anos de suporte.
|
licenseType
Enumeração
O tipo de licença a ser usado para VMs do Windows. Consulte Benefícios do usuário híbrido do Azure para obter mais detalhes.
| Valor |
Descrição |
|
None
|
Nenhum licenciamento adicional é aplicado.
|
|
Windows_Server
|
Habilita os Benefícios de Usuário Híbrido do Azure para VMs do Windows.
|
LinuxOSConfig
Objetivo
Configurações de SO de nós de agente Linux. Consulte de configuração de nó personalizado do AKS para obter mais detalhes.
| Nome |
Tipo |
Descrição |
|
swapFileSizeMB
|
integer
(int32)
|
O tamanho em MB de um arquivo de permuta que será criado em cada nó.
|
|
sysctls
|
SysctlConfig
|
Configurações de sysctl para nós de agente Linux.
|
|
transparentHugePageDefrag
|
string
|
Se o kernel deve fazer uso agressivo da compactação de memória para disponibilizar mais páginas enormes. Os valores válidos são 'sempre', 'defer', 'defer+madvise', 'madvise' e 'never'. O padrão é 'madvise'. Para obter mais informações, consulte Transparent Hugepages.
|
|
transparentHugePageEnabled
|
string
|
Se as páginas enormes transparentes estão habilitadas. Os valores válidos são 'sempre', 'madvise' e 'nunca'. O padrão é 'sempre'. Para obter mais informações, consulte Transparent Hugepages.
|
loadBalancerSku
Enumeração
O sku do balanceador de carga para o cluster gerenciado. O padrão é 'padrão'. Consulte SKUs do Azure Load Balancer para obter mais informações sobre as diferenças entre SKUs do balanceador de carga.
| Valor |
Descrição |
|
standard
|
Use um balanceador de carga padrão. Este é o SKU do Load Balancer recomendado. Para obter mais informações sobre como trabalhar com o balanceador de carga no cluster gerenciado, consulte o artigo Load Balancer padrão.
|
|
basic
|
Use um Load Balancer básico com funcionalidade limitada.
|
LocalDNSForwardDestination
Enumeração
Servidor de destino para consultas DNS a serem encaminhadas do localDNS.
| Valor |
Descrição |
|
ClusterCoreDNS
|
Encaminhe consultas DNS de localDNS para cluster CoreDNS.
|
|
VnetDNS
|
Encaminhe consultas DNS de localDNS para o servidor DNS configurado na VNET. Uma VNET pode ter vários servidores DNS configurados.
|
LocalDNSForwardPolicy
Enumeração
Política de encaminhamento para selecionar o servidor DNS upstream. Consulte forward plugin para obter mais informações.
| Valor |
Descrição |
|
Sequential
|
Implementa a seleção sequencial de servidores DNS upstream. Consulte forward plugin para obter mais informações.
|
|
RoundRobin
|
Implementa a seleção de servidor DNS upstream round robin. Consulte forward plugin para obter mais informações.
|
|
Random
|
Implementa a seleção aleatória de servidor DNS upstream. Consulte forward plugin para obter mais informações.
|
LocalDNSMode
Enumeração
Modo de ativação para localDNS.
| Valor |
Descrição |
|
Preferred
|
Se a versão atual do orquestrador suportar esse recurso, prefira habilitar o localDNS.
|
|
Required
|
Habilite o localDNS.
|
|
Disabled
|
Desative localDNS.
|
LocalDNSOverride
Objetivo
Substitui o perfil localDNS.
| Nome |
Tipo |
Valor padrão |
Descrição |
|
cacheDurationInSeconds
|
integer
(int32)
|
3600
|
Cache máximo TTL em segundos. Consulte o plug-in de cache para obter mais informações.
|
|
forwardDestination
|
LocalDNSForwardDestination
|
ClusterCoreDNS
|
Servidor de destino para consultas DNS a serem encaminhadas do localDNS.
|
|
forwardPolicy
|
LocalDNSForwardPolicy
|
Sequential
|
Política de encaminhamento para selecionar o servidor DNS upstream. Consulte forward plugin para obter mais informações.
|
|
maxConcurrent
|
integer
(int32)
|
1000
|
Número máximo de consultas simultâneas. Consulte forward plugin para obter mais informações.
|
|
protocol
|
LocalDNSProtocol
|
PreferUDP
|
Imponha TCP ou prefira o protocolo UDP para conexões de localDNS para servidor DNS upstream.
|
|
queryLogging
|
LocalDNSQueryLogging
|
Error
|
Nível de log para consultas DNS no localDNS.
|
|
serveStale
|
LocalDNSServeStale
|
Immediate
|
Política para servir dados obsoletos. Consulte o plug-in de cache para obter mais informações.
|
|
serveStaleDurationInSeconds
|
integer
(int32)
|
3600
|
Sirva a duração obsoleta em segundos. Consulte o plug-in de cache para obter mais informações.
|
LocalDNSProfile
Objetivo
Configura o DNS local por nó, com substituições de VnetDNS e KubeDNS. LocalDNS ajuda a melhorar o desempenho e a confiabilidade da resolução DNS em um cluster AKS. Para mais detalhes, ver aka.ms/aks/localdns.
| Nome |
Tipo |
Valor padrão |
Descrição |
|
kubeDNSOverrides
|
<string,
LocalDNSOverride>
|
|
As substituições do KubeDNS aplicam-se ao tráfego DNS de pods com dnsPolicy:ClusterFirst (referido como tráfego KubeDNS).
|
|
mode
|
LocalDNSMode
|
Preferred
|
Modo de ativação para localDNS.
|
|
state
|
LocalDNSState
|
|
Estado gerado pelo sistema de localDNS.
|
|
vnetDNSOverrides
|
<string,
LocalDNSOverride>
|
|
As substituições de VnetDNS aplicam-se ao tráfego DNS de pods com dnsPolicy:default ou kubelet (referido como tráfego VnetDNS).
|
LocalDNSProtocol
Enumeração
Imponha TCP ou prefira o protocolo UDP para conexões de localDNS para servidor DNS upstream.
| Valor |
Descrição |
|
PreferUDP
|
Prefira o protocolo UDP para conexões de localDNS para servidor DNS upstream.
|
|
ForceTCP
|
Aplique o protocolo TCP para conexões de localDNS para servidor DNS upstream.
|
LocalDNSQueryLogging
Enumeração
Nível de log para consultas DNS no localDNS.
| Valor |
Descrição |
|
Error
|
Permite o registo de erros no localDNS. Consulte o plugin de erros para obter mais informações.
|
|
Log
|
Permite o registo de consultas no localDNS. Consulte o plug-in de log para obter mais informações.
|
LocalDNSServeStale
Enumeração
Política para servir dados obsoletos. Consulte o plug-in de cache para obter mais informações.
| Valor |
Descrição |
|
Verify
|
Forneça dados obsoletos com verificação. Primeiro, verifique se uma entrada ainda não está disponível na fonte antes de enviar a entrada expirada para o cliente. Consulte o plug-in de cache para obter mais informações.
|
|
Immediate
|
Sirva dados obsoletos imediatamente. Envie a entrada expirada para o cliente antes de verificar se a entrada está disponível na fonte. Consulte o plug-in de cache para obter mais informações.
|
|
Disable
|
Desative o serviço de dados obsoletos.
|
LocalDNSState
Enumeração
Estado gerado pelo sistema de localDNS.
| Valor |
Descrição |
|
Enabled
|
localDNS está habilitado.
|
|
Disabled
|
localDNS está desativado.
|
ManagedCluster
Objetivo
Cluster gerenciado.
| Nome |
Tipo |
Descrição |
|
eTag
|
string
|
Cadeia de caracteres somente leitura exclusiva usada para implementar simultaneidade otimista. O valor eTag será alterado quando o recurso for atualizado. Especifique um cabeçalho if-match ou if-none-match com o valor eTag para uma solicitação subsequente para habilitar a simultaneidade otimista de acordo com a convenção eTag normal.
|
|
extendedLocation
|
ExtendedLocation
|
O local estendido da máquina virtual.
|
|
id
|
string
(arm-id)
|
ID de recurso totalmente qualificado para o recurso. Por exemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
|
|
identity
|
ManagedClusterIdentity
|
A identidade do cluster gerenciado, se configurado.
|
|
kind
|
string
|
Isso é usado principalmente para expor diferentes experiências de interface do usuário no portal para diferentes tipos
|
|
location
|
string
|
A geolocalização onde o recurso vive
|
|
name
|
string
|
O nome do recurso
|
|
properties.aadProfile
|
ManagedClusterAADProfile
|
A configuração do Azure Ative Directory.
|
|
properties.addonProfiles
|
<string,
ManagedClusterAddonProfile>
|
O perfil do complemento de cluster gerenciado.
|
|
properties.agentPoolProfiles
|
ManagedClusterAgentPoolProfile[]
|
As propriedades do pool de agentes.
|
|
properties.aiToolchainOperatorProfile
|
ManagedClusterAIToolchainOperatorProfile
|
Configurações do operador da cadeia de ferramentas de IA que se aplicam a todo o cluster.
|
|
properties.apiServerAccessProfile
|
ManagedClusterAPIServerAccessProfile
|
O perfil de acesso para o servidor de API de cluster gerenciado.
|
|
properties.autoScalerProfile
|
AutoScalerProfile
|
Parâmetros a serem aplicados ao autoscaler de cluster quando ativado
|
|
properties.autoUpgradeProfile
|
ManagedClusterAutoUpgradeProfile
|
A configuração de atualização automática.
|
|
properties.azureMonitorProfile
|
ManagedClusterAzureMonitorProfile
|
Perfis de complemento do Azure Monitor para monitorar o cluster gerenciado.
|
|
properties.azurePortalFQDN
|
string
|
O FQDN especial usado pelo Portal do Azure para acessar o Cluster Gerenciado. Esse FQDN é para uso somente pelo Portal do Azure e não deve ser usado por outros clientes. O Portal do Azure exige que determinados cabeçalhos CORS (Cross-Origin Resource Sharing) sejam enviados em algumas respostas, que o Kubernetes APIServer não manipula por padrão. Este FQDN especial suporta CORS, permitindo que o Portal do Azure funcione corretamente.
|
|
properties.bootstrapProfile
|
ManagedClusterBootstrapProfile
|
Perfil da configuração de bootstrap do cluster.
|
|
properties.currentKubernetesVersion
|
string
|
A versão do Kubernetes que o Cluster Gerenciado está executando. Se kubernetesVersion foi uma versão totalmente especificada <major.minor.patch>, este campo será exatamente igual a ele. Se kubernetesVersion foi <>major.minor , este campo conterá a versão completa <major.minor.patch> que está sendo usada.
|
|
properties.disableLocalAccounts
|
boolean
|
Se as contas locais devem ser desabilitadas no Cluster Gerenciado. Se definido como true, a obtenção de credenciais estáticas será desabilitada para esse cluster. Isso só deve ser usado em Clusters Gerenciados habilitados para AAD. Para obter mais detalhes, consulte desativar contas locais.
|
|
properties.diskEncryptionSetID
|
string
(arm-id)
|
A ID do recurso do conjunto de criptografia de disco a ser usado para habilitar a criptografia em repouso. Este é o formato: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}'
|
|
properties.dnsPrefix
|
string
|
O prefixo DNS do Cluster Gerenciado. Isso não pode ser atualizado depois que o Cluster Gerenciado tiver sido criado.
|
|
properties.enableRBAC
|
boolean
|
Se o Kubernetes deve ser ativado Role-Based Controle de Acesso.
|
|
properties.fqdn
|
string
|
O FQDN do pool mestre.
|
|
properties.fqdnSubdomain
|
string
|
O subdomínio FQDN do cluster privado com zona dns privada personalizada. Isso não pode ser atualizado depois que o Cluster Gerenciado tiver sido criado.
|
|
properties.httpProxyConfig
|
ManagedClusterHTTPProxyConfig
|
Configurações para provisionamento do cluster com servidores proxy HTTP.
|
|
properties.identityProfile
|
<string,
UserAssignedIdentity>
|
A identidade do usuário associada ao cluster gerenciado. Esta identidade será usada pelo kubelet. Apenas uma identidade atribuída ao usuário é permitida. A única chave aceita é "kubeletidentity", com valor de "resourceId": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}".
|
|
properties.ingressProfile
|
ManagedClusterIngressProfile
|
Perfil de ingresso para o cluster gerenciado.
|
|
properties.kubernetesVersion
|
string
|
A versão do Kubernetes especificada pelo usuário. A versão do patch <> major.minor.patch (por exemplo, 1.20.13) e <> major.minor (por exemplo, 1.20) são suportadas. Quando <> major.minor é especificado, a versão mais recente do patch GA suportada é escolhida automaticamente. Atualizar o cluster com o mesmo <> major.minor depois de criado (por exemplo, 1.14.x -> 1.14) não acionará uma atualização, mesmo que uma versão de patch mais recente esteja disponível. Quando você atualiza um cluster AKS suportado, as versões secundárias do Kubernetes não podem ser ignoradas. Todas as atualizações devem ser executadas sequencialmente pelo número da versão principal. Por exemplo, atualizações entre 1.14.x -> 1.15.x ou 1.15.x -> 1.16.x são permitidas, no entanto, 1.14.x -> 1.16.x não são permitidas. Consulte atualizar um cluster AKS para obter mais detalhes.
|
|
properties.linuxProfile
|
ContainerServiceLinuxProfile
|
O perfil para VMs Linux no cluster gerenciado.
|
|
properties.maxAgentPools
|
integer
(int32)
|
O número máximo de pools de agentes para o cluster gerenciado.
|
|
properties.metricsProfile
|
ManagedClusterMetricsProfile
|
Configuração opcional de métricas de cluster.
|
|
properties.networkProfile
|
ContainerServiceNetworkProfile
|
O perfil de configuração de rede.
|
|
properties.nodeProvisioningProfile
|
ManagedClusterNodeProvisioningProfile
|
Configurações de provisionamento de nó que se aplicam a todo o cluster.
|
|
properties.nodeResourceGroup
|
string
|
O nome do grupo de recursos que contém nós do pool de agentes.
|
|
properties.nodeResourceGroupProfile
|
ManagedClusterNodeResourceGroupProfile
|
Perfil da configuração do grupo de recursos do nó.
|
|
properties.oidcIssuerProfile
|
ManagedClusterOIDCIssuerProfile
|
O perfil do emissor OIDC do Cluster Gerenciado.
|
|
properties.podIdentityProfile
|
ManagedClusterPodIdentityProfile
|
O perfil de identidade do pod do Cluster Gerenciado. Consulte usar o de identidade do pod do AAD para obter mais detalhes sobre a integração da identidade do pod do AAD.
|
|
properties.powerState
|
PowerState
|
O estado de energia do cluster.
|
|
properties.privateFQDN
|
string
|
O FQDN do cluster privado.
|
|
properties.privateLinkResources
|
PrivateLinkResource[]
|
Recursos de link privado associados ao cluster.
|
|
properties.provisioningState
|
string
|
O estado de provisionamento atual.
|
|
properties.publicNetworkAccess
|
PublicNetworkAccess
|
PublicNetworkAccess do managedCluster. Permitir ou negar acesso à rede pública para o AKS
|
|
properties.resourceUID
|
string
|
O resourceUID identifica exclusivamente ManagedClusters que reutilizam ResourceIds ARM (ou seja: criar, excluir, criar sequência)
|
|
properties.securityProfile
|
ManagedClusterSecurityProfile
|
Perfil de segurança para o cluster gerenciado.
|
|
properties.serviceMeshProfile
|
ServiceMeshProfile
|
Perfil de malha de serviço para um cluster gerenciado.
|
|
properties.servicePrincipalProfile
|
ManagedClusterServicePrincipalProfile
|
Informações sobre uma identidade de entidade de serviço para o cluster usar para manipular APIs do Azure.
|
|
properties.status
|
ManagedClusterStatus
|
Contém informações somente leitura sobre o Cluster Gerenciado.
|
|
properties.storageProfile
|
ManagedClusterStorageProfile
|
Perfil de armazenamento para o cluster gerenciado.
|
|
properties.supportPlan
|
KubernetesSupportPlan
|
O plano de suporte para o Cluster Gerenciado. Se não for especificado, o padrão é 'KubernetesOfficial'.
|
|
properties.upgradeSettings
|
ClusterUpgradeSettings
|
Configurações para atualizar um cluster.
|
|
properties.windowsProfile
|
ManagedClusterWindowsProfile
|
O perfil para VMs do Windows no Cluster Gerenciado.
|
|
properties.workloadAutoScalerProfile
|
ManagedClusterWorkloadAutoScalerProfile
|
Perfil do dimensionador automático da carga de trabalho para o cluster gerenciado.
|
|
sku
|
ManagedClusterSKU
|
A SKU do cluster gerenciado.
|
|
systemData
|
systemData
|
Metadados do Azure Resource Manager contendo informações createdBy e modifiedBy.
|
|
tags
|
object
|
Tags de recursos.
|
|
type
|
string
|
O tipo do recurso. Por exemplo, "Microsoft.Compute/virtualMachines" ou "Microsoft.Storage/storageAccounts"
|
ManagedClusterAADProfile
Objetivo
AADProfile especifica atributos para integração do Azure Ative Directory. Para obter mais detalhes, consulte AAD gerenciado no AKS.
| Nome |
Tipo |
Descrição |
|
adminGroupObjectIDs
|
string[]
|
A lista de IDs de objeto de grupo do AAD que terão a função de administrador do cluster.
|
|
clientAppID
|
string
|
(PRETERIDO) O ID do aplicativo AAD do cliente. Saiba mais em https://aka.ms/aks/aad-legacy.
|
|
enableAzureRBAC
|
boolean
|
Se a autorização do RBAC do Azure para Kubernetes deve ser habilitada.
|
|
managed
|
boolean
|
Se o AAD gerenciado deve ser habilitado.
|
|
serverAppID
|
string
|
(PRETERIDO) O ID do aplicativo AAD do servidor. Saiba mais em https://aka.ms/aks/aad-legacy.
|
|
serverAppSecret
|
string
|
(PRETERIDO) O segredo do aplicativo AAD do servidor. Saiba mais em https://aka.ms/aks/aad-legacy.
|
|
tenantID
|
string
|
O ID do locatário do AAD a ser usado para autenticação. Se não for especificado, usará o locatário da assinatura de implantação.
|
ManagedClusterAddonProfile
Objetivo
Um perfil de complemento do Kubernetes para um cluster gerenciado.
| Nome |
Tipo |
Descrição |
|
config
|
object
|
Pares chave-valor para configurar um complemento.
|
|
enabled
|
boolean
|
Se o complemento está habilitado ou não.
|
|
identity
|
Identity
|
Informações de identidade atribuída ao usuário usadas por este complemento.
|
ManagedClusterAgentPoolProfile
Objetivo
Perfil para o pool de agentes de serviço de contêiner.
| Nome |
Tipo |
Valor padrão |
Descrição |
|
availabilityZones
|
string[]
|
|
A lista de zonas de disponibilidade a serem usadas para nós. Isso só pode ser especificado se a propriedade AgentPoolType for 'VirtualMachineScaleSets'.
|
|
capacityReservationGroupID
|
string
(arm-id)
|
|
O AKS associará o pool de agentes especificado ao Grupo de Reserva de Capacidade.
|
|
count
|
integer
(int32)
|
|
Número de agentes (VMs) para hospedar contêineres do docker. Os valores permitidos devem estar no intervalo de 0 a 1000 (inclusive) para grupos de usuários e no intervalo de 1 a 1000 (inclusive) para pools de sistema. O valor padrão é 1.
|
|
creationData
|
CreationData
|
|
CreationData a ser usado para especificar o ID do instantâneo de origem se o pool de nós for criado/atualizado usando um instantâneo.
|
|
currentOrchestratorVersion
|
string
|
|
A versão do Kubernetes que o pool de agentes está executando. Se orchestratorVersion for uma versão totalmente especificada <>major.minor.patch, este campo será exatamente igual a ele. Se orchestratorVersion for <>major.minor , este campo conterá a versão completa <major.minor.patch> que está sendo usada.
|
|
eTag
|
string
|
|
Cadeia de caracteres somente leitura exclusiva usada para implementar simultaneidade otimista. O valor eTag será alterado quando o recurso for atualizado. Especifique um cabeçalho if-match ou if-none-match com o valor eTag para uma solicitação subsequente para habilitar a simultaneidade otimista de acordo com a convenção eTag normal.
|
|
enableAutoScaling
|
boolean
|
|
Se o dimensionador automático deve ser ativado
|
|
enableEncryptionAtHost
|
boolean
|
|
Se é necessário habilitar o sistema operacional baseado em host e a criptografia de unidade de dados. Isso só é suportado em determinados tamanhos de VM e em determinadas regiões do Azure. Para mais informações, consulte: https://docs.microsoft.com/azure/aks/enable-host-encryption
|
|
enableFIPS
|
boolean
|
|
Se deve usar um sistema operacional habilitado para FIPS. Consulte Adicionar um pool de nós habilitado para FIPS para obter mais detalhes.
|
|
enableNodePublicIP
|
boolean
|
|
Se cada nó recebe seu próprio IP público. Alguns cenários podem exigir que os nós em um pool de nós recebam seus próprios endereços IP públicos dedicados. Um cenário comum é para cargas de trabalho de jogos, onde um console precisa fazer uma conexão direta com uma máquina virtual em nuvem para minimizar saltos. Para obter mais informações, consulte atribuição de um IP público por nó. O padrão é "false".
|
|
enableUltraSSD
|
boolean
|
|
Se o UltraSSD deve ser ativado
|
|
gatewayProfile
|
AgentPoolGatewayProfile
|
|
Perfil específico para um pool de agentes gerenciados no modo Gateway. Este campo não pode ser definido se o modo de pool de agentes não for Gateway.
|
|
gpuInstanceProfile
|
GPUInstanceProfile
|
|
GPUInstanceProfile a ser usado para especificar o perfil de instância MIG da GPU para GPU VM SKU suportado.
|
|
gpuProfile
|
GPUProfile
|
|
Configurações de GPU para o pool de agentes.
|
|
hostGroupID
|
string
(arm-id)
|
|
O ID de recurso totalmente qualificado do Grupo de Hosts Dedicado para provisionar máquinas virtuais, usado somente no cenário de criação e não pode ser alterado uma vez definido. Este é o formato: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. Para obter mais informações, consulte hosts dedicados do Azure.
|
|
kubeletConfig
|
KubeletConfig
|
|
A configuração do Kubelet nos nós do pool de agentes.
|
|
kubeletDiskType
|
KubeletDiskType
|
|
Determina o posicionamento de volumes emptyDir, raiz de dados de tempo de execução do contêiner e armazenamento efêmero do Kubelet.
|
|
linuxOSConfig
|
LinuxOSConfig
|
|
A configuração do sistema operacional dos nós do agente Linux.
|
|
localDNSProfile
|
LocalDNSProfile
|
|
Configura o DNS local por nó, com substituições de VnetDNS e KubeDNS. LocalDNS ajuda a melhorar o desempenho e a confiabilidade da resolução DNS em um cluster AKS. Para mais detalhes, ver aka.ms/aks/localdns.
|
|
maxCount
|
integer
(int32)
|
|
O número máximo de nós para dimensionamento automático
|
|
maxPods
|
integer
(int32)
|
|
O número máximo de pods que podem ser executados em um nó.
|
|
messageOfTheDay
|
string
|
|
Mensagem do dia para nós Linux, codificada em base64. Uma string codificada em base64 que será gravada em /etc/motd após a decodificação. Isso permite a personalização da mensagem do dia para nós Linux. Ele não deve ser especificado para nós do Windows. Deve ser uma string estática (ou seja, será impressa crua e não será executada como um script).
|
|
minCount
|
integer
(int32)
|
|
O número mínimo de nós para dimensionamento automático
|
|
mode
|
AgentPoolMode
|
|
O modo de um pool de agentes. Um cluster deve ter pelo menos um Pool de Agentes do 'Sistema' o tempo todo. Para obter informações adicionais sobre restrições e práticas recomendadas do pool de agentes, consulte: https://docs.microsoft.com/azure/aks/use-system-pools
|
|
name
|
string
pattern: ^[a-z][a-z0-9]{0,11}$
|
|
Nome exclusivo do perfil do pool de agentes no contexto da assinatura e do grupo de recursos. Os nomes do pool de agentes do Windows devem ter 6 caracteres ou menos.
|
|
networkProfile
|
AgentPoolNetworkProfile
|
|
Configurações relacionadas à rede de um pool de agentes.
|
|
nodeImageVersion
|
string
|
|
A versão da imagem do nó
|
|
nodeLabels
|
object
|
|
Os rótulos de nó a serem persistidos em todos os nós no pool de agentes.
|
|
nodePublicIPPrefixID
|
string
(arm-id)
|
|
O ID de prefixo IP público do qual os nós de VM devem usar IPs. Este é o formato: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}
|
|
nodeTaints
|
string[]
|
|
As manchas adicionadas aos novos nós durante a criação e dimensionamento do pool de nós. Por exemplo, key=value:NoSchedule.
|
|
orchestratorVersion
|
string
|
|
A versão do Kubernetes especificada pelo usuário. A versão do patch <> major.minor.patch (por exemplo, 1.20.13) e <> major.minor (por exemplo, 1.20) são suportadas. Quando <> major.minor é especificado, a versão mais recente do patch GA suportada é escolhida automaticamente. Atualizar o cluster com o mesmo <> major.minor depois de criado (por exemplo, 1.14.x -> 1.14) não acionará uma atualização, mesmo que uma versão de patch mais recente esteja disponível. Como prática recomendada, você deve atualizar todos os pools de nós em um cluster AKS para a mesma versão do Kubernetes. A versão do pool de nós deve ter a mesma versão principal do plano de controle. A versão secundária do pool de nós deve estar dentro de duas versões secundárias da versão do plano de controle. A versão do pool de nós não pode ser maior do que a versão do plano de controle. Para obter mais informações, consulte atualizando um pool de nós.
|
|
osDiskSizeGB
|
integer
(int32)
minimum: 0
maximum: 2048
|
|
Tamanho do disco do SO em GB a ser usado para especificar o tamanho do disco para cada máquina no pool mestre/agente. Se você especificar 0, ele aplicará o tamanho osDisk padrão de acordo com o vmSize especificado.
|
|
osDiskType
|
OSDiskType
|
|
O tipo de disco do sistema operacional a ser usado para máquinas no pool de agentes. O padrão é 'Ephemeral' se a VM suportar e tiver um disco de cache maior do que o OSDiskSizeGB solicitado. Caso contrário, o padrão será 'Gerenciado'. Não pode ser alterado após a criação. Para obter mais informações, consulte Ephemeral OS.
|
|
osSKU
|
OSSKU
|
|
Especifica a SKU do sistema operacional usada pelo pool de agentes. O padrão é Ubuntu se OSType é Linux. O padrão é Windows2019 quando o Kubernetes <= 1.24 ou Windows2022 quando o Kubernetes >= 1.25 se OSType for Windows.
|
|
osType
|
OSType
|
Linux
|
O tipo de sistema operacional. O padrão é Linux.
|
|
podIPAllocationMode
|
PodIPAllocationMode
|
|
Modo de alocação de IP do pod. O modo de alocação de IP para pods no pool de agentes. Deve ser usado com podSubnetId. O padrão é 'DynamicIndividual'.
|
|
podSubnetID
|
string
(arm-id)
|
|
A ID da sub-rede à qual os pods se juntarão quando iniciados. Se omitidos, os IPs pod são atribuídos estaticamente na sub-rede do nó (consulte vnetSubnetID para obter mais detalhes). Este é o formato: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}
|
|
powerState
|
PowerState
|
|
Se o Pool de Agentes está em execução ou parado. Quando um pool de agentes é criado pela primeira vez, ele é inicialmente em execução. O Pool de Agentes pode ser interrompido definindo este campo como Parado. Um Pool de Agentes interrompido interrompe todas as suas VMs e não acumula encargos de cobrança. Um pool de agentes só pode ser interrompido se estiver em execução e o estado de provisionamento for bem-sucedido
|
|
provisioningState
|
string
|
|
O estado atual de implantação ou provisionamento.
|
|
proximityPlacementGroupID
|
string
(arm-id)
|
|
A ID do Grupo de Posicionamento de Proximidade.
|
|
scaleDownMode
|
ScaleDownMode
|
|
O modo de redução de escala a ser usado ao dimensionar o pool de agentes. Isso também afeta o comportamento do autoscaler do cluster. Se não for especificado, o padrão será Excluir.
|
|
scaleSetEvictionPolicy
|
ScaleSetEvictionPolicy
|
Delete
|
A política de remoção do Conjunto de Dimensionamento de Máquina Virtual a ser usada. Isso não pode ser especificado, a menos que o scaleSetPriority seja 'Spot'. Se não for especificado, o padrão é 'Excluir'.
|
|
scaleSetPriority
|
ScaleSetPriority
|
Regular
|
A prioridade do Conjunto de Dimensionamento de Máquina Virtual. Se não for especificado, o padrão é 'Regular'.
|
|
securityProfile
|
AgentPoolSecurityProfile
|
|
As configurações de segurança de um pool de agentes.
|
|
spotMaxPrice
|
number
|
-1
|
O preço máximo (em dólares americanos) que você está disposto a pagar por instâncias à vista. Os valores possíveis são qualquer valor decimal maior que zero ou -1 que indica o preço padrão a ser up-to sob demanda. Os valores possíveis são qualquer valor decimal superior a zero ou -1 que indique a vontade de pagar qualquer preço sob demanda. Para obter mais detalhes sobre preços spot, consulte de preços de VMs spot
|
|
status
|
AgentPoolStatus
|
|
Contém informações somente leitura sobre o Pool de Agentes.
|
|
tags
|
object
|
|
As marcas a serem persistidas no conjunto de dimensionamento de máquina virtual do pool de agentes.
|
|
type
|
AgentPoolType
|
|
O tipo de pool de agentes.
|
|
upgradeSettings
|
AgentPoolUpgradeSettings
|
|
Configurações para atualizar o agentpool
|
|
virtualMachineNodesStatus
|
VirtualMachineNodes[]
|
|
O status dos nós em um pool de agentes VirtualMachines.
|
|
virtualMachinesProfile
|
VirtualMachinesProfile
|
|
Especificações no pool de agentes do VirtualMachines.
|
|
vmSize
|
string
|
|
O tamanho das VMs do pool de agentes. A disponibilidade do tamanho da VM varia de acordo com a região. Se um nó contiver recursos de computação insuficientes (memória, cpu, etc), os pods podem falhar ao funcionar corretamente. Para obter mais detalhes sobre tamanhos restritos de VM, consulte: https://docs.microsoft.com/azure/aks/quotas-skus-regions
|
|
vnetSubnetID
|
string
(arm-id)
|
|
A ID da sub-rede à qual os agentes, os nós do pool e, opcionalmente, os pods ingressarão na inicialização. Se isso não for especificado, uma VNET e uma sub-rede serão geradas e usadas. Se nenhum podSubnetID for especificado, isso se aplicará a nós e pods, caso contrário, se aplicará apenas a nós. Este é o formato: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}
|
|
windowsProfile
|
AgentPoolWindowsProfile
|
|
O perfil específico do pool de agentes do Windows.
|
|
workloadRuntime
|
WorkloadRuntime
|
|
Determina o tipo de carga de trabalho que um nó pode executar.
|
Objetivo
Ao habilitar o operador, um conjunto de CRDs e controladores gerenciados pelo AKS serão instalados no cluster. O operador automatiza a implantação de modelos OSS para fins de inferência e/ou treinamento. Ele fornece um conjunto de modelos predefinidos e permite a inferência distribuída em relação a eles.
| Nome |
Tipo |
Descrição |
|
enabled
|
boolean
|
Se o operador da cadeia de ferramentas de IA deve ser habilitado para o cluster. Indica se o operador da cadeia de ferramentas de IA habilitado ou não.
|
ManagedClusterAPIServerAccessProfile
Objetivo
Perfil de acesso para o servidor de API de cluster gerenciado.
| Nome |
Tipo |
Descrição |
|
authorizedIPRanges
|
string[]
|
Os intervalos de IP autorizados a acessar o servidor de API do Kubernetes. Os intervalos de IP são especificados no formato CIDR, por exemplo, 137.117.106.88/29. Esse recurso não é compatível com clusters que usam IP público por nó ou clusters que estão usando um balanceador de carga básico. Para obter mais informações, consulte Intervalos de IP autorizados pelo servidor de API.
|
|
disableRunCommand
|
boolean
|
Se o comando run deve ser desabilitado para o cluster ou não.
|
|
enablePrivateCluster
|
boolean
|
Se o cluster deve ser criado como um cluster privado ou não. Para obter mais detalhes, consulte Criando um cluster AKS privado.
|
|
enablePrivateClusterPublicFQDN
|
boolean
|
Criar FQDN público adicional para cluster privado ou não.
|
|
enableVnetIntegration
|
boolean
|
Se a integração vnet do apiserver deve ser habilitada para o cluster ou não. Consulte aka.ms/AksVnetIntegration para obter mais detalhes.
|
|
privateDNSZone
|
string
|
O modo de zona DNS privada para o cluster. O padrão é System. Para obter mais detalhes, consulte Configurar zona DNS privada. Os valores permitidos são 'sistema' e 'nenhum'.
|
|
subnetId
|
string
(arm-id)
|
A sub-rede a ser usada quando a integração apiserver vnet estiver habilitada. Ele é necessário ao criar um novo cluster com BYO Vnet ou ao atualizar um cluster existente para habilitar a integração apiserver vnet.
|
ManagedClusterAutoUpgradeProfile
Objetivo
Perfil de atualização automática para um cluster gerenciado.
ManagedClusterAzureMonitorProfile
Objetivo
Perfis de complemento do Azure Monitor para monitorar o cluster gerenciado.
| Nome |
Tipo |
Descrição |
|
metrics
|
ManagedClusterAzureMonitorProfileMetrics
|
Perfil de métricas para o serviço gerenciado do Azure Monitor para Prometheus addon. Colete métricas de infraestrutura do Kubernetes prontas para uso para enviar a um Espaço de Trabalho do Azure Monitor e configure a raspagem adicional para destinos personalizados. Consulte aka.ms/AzureManagedPrometheus para obter uma visão geral.
|
ManagedClusterAzureMonitorProfileKubeStateMetrics
Objetivo
Perfil Kube State Metrics para o addon Azure Managed Prometheus. Essas configurações opcionais são para o pod kube-state-metrics que é implantado com o addon. Consulte aka.ms/AzureManagedPrometheus-optional-parameters para obter detalhes.
| Nome |
Tipo |
Descrição |
|
metricAnnotationsAllowList
|
string
|
Lista separada por vírgulas de chaves de anotação do Kubernetes que serão usadas na métrica de rótulos do recurso (Exemplo: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). Por padrão, a métrica contém apenas nomes de recursos e rótulos de namespace.
|
|
metricLabelsAllowlist
|
string
|
Lista separada por vírgulas de chaves de rótulo adicionais do Kubernetes que serão usadas na métrica de rótulos do recurso (Exemplo: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). Por padrão, a métrica contém apenas nomes de recursos e rótulos de namespace.
|
ManagedClusterAzureMonitorProfileMetrics
Objetivo
Perfil de métricas para o serviço gerenciado do Azure Monitor para Prometheus addon. Colete métricas de infraestrutura do Kubernetes prontas para uso para enviar a um Espaço de Trabalho do Azure Monitor e configure a raspagem adicional para destinos personalizados. Consulte aka.ms/AzureManagedPrometheus para obter uma visão geral.
| Nome |
Tipo |
Descrição |
|
enabled
|
boolean
|
Se deseja habilitar ou desabilitar o complemento Azure Managed Prometheus para monitoramento do Prometheus. Consulte aka.ms/AzureManagedPrometheus-aks-enable para obter detalhes sobre como ativar e desativar.
|
|
kubeStateMetrics
|
ManagedClusterAzureMonitorProfileKubeStateMetrics
|
Perfil Kube State Metrics para o addon Azure Managed Prometheus. Essas configurações opcionais são para o pod kube-state-metrics que é implantado com o addon. Consulte aka.ms/AzureManagedPrometheus-optional-parameters para obter detalhes.
|
ManagedClusterBootstrapProfile
Objetivo
O perfil de bootstrap.
| Nome |
Tipo |
Valor padrão |
Descrição |
|
artifactSource
|
ArtifactSource
|
Direct
|
A fonte do artefato. A fonte de onde os artefatos são baixados.
|
|
containerRegistryId
|
string
(arm-id)
|
|
A ID do recurso do Registro de Contêiner do Azure. O registro deve ter acesso à rede privada, SKU premium e redundância de zona.
|
ManagedClusterCostAnalysis
Objetivo
A configuração de análise de custo para o cluster
| Nome |
Tipo |
Descrição |
|
enabled
|
boolean
|
Se a análise de custos deve ser ativada. O sku.tier do Managed Cluster deve ser definido como 'Standard' ou 'Premium' para habilitar esse recurso. Habilitar isso adicionará detalhes de Namespace e Implantação do Kubernetes às exibições de Análise de Custo no portal do Azure. Se não for especificado, o padrão será false. Para obter mais informações, consulte aka.ms/aks/docs/cost-analysis.
|
ManagedClusterHTTPProxyConfig
Objetivo
Configuração de proxy HTTP de cluster.
| Nome |
Tipo |
Descrição |
|
httpProxy
|
string
|
O ponto de extremidade do servidor proxy HTTP a ser usado.
|
|
httpsProxy
|
string
|
O ponto de extremidade do servidor proxy HTTPS a ser usado.
|
|
noProxy
|
string[]
|
Os pontos de extremidade que não devem passar por proxy.
|
|
trustedCa
|
string
|
Certificado de autoridade de certificação alternativo a ser usado para conexão com servidores proxy.
|
ManagedClusterIdentity
Objetivo
Identidade para o cluster gerenciado.
| Nome |
Tipo |
Descrição |
|
delegatedResources
|
<string,
DelegatedResource>
|
Os recursos de identidade delegados atribuídos a este cluster gerenciado. Isso só pode ser definido por outro Provedor de Recursos do Azure e o cluster gerenciado só aceita um recurso de identidade delegado. Apenas para uso interno.
|
|
principalId
|
string
|
A ID principal da identidade atribuída ao sistema que é usada pelos componentes mestres.
|
|
tenantId
|
string
|
A ID do locatário da identidade atribuída ao sistema que é usada pelos componentes mestres.
|
|
type
|
ResourceIdentityType
|
O tipo de identidade usado para o cluster gerenciado. Para obter mais informações, consulte Usar identidades gerenciadas no AKS.
|
|
userAssignedIdentities
|
UserAssignedIdentities
|
A identidade do usuário associada ao cluster gerenciado. Esta identidade será utilizada no plano de controlo. Apenas uma identidade atribuída ao usuário é permitida. As chaves devem ser IDs de recursos ARM no formato: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
|
ManagedClusterIngressProfile
Objetivo
Perfil de entrada para o cluster de serviço de contêiner.
ManagedClusterIngressProfileNginx
Objetivo
| Nome |
Tipo |
Descrição |
|
defaultIngressControllerType
|
NginxIngressControllerType
|
Tipo de ingresso para o recurso personalizado padrão NginxIngressController
|
ManagedClusterIngressProfileWebAppRouting
Objetivo
Configurações do complemento Roteamento de Aplicativo para o perfil de entrada.
| Nome |
Tipo |
Descrição |
|
dnsZoneResourceIds
|
string[]
(arm-id)
|
IDs de recursos das zonas DNS a serem associadas ao complemento Roteamento de Aplicativos. Usado somente quando o complemento Roteamento de Aplicativos está habilitado. As zonas DNS públicas e privadas podem estar em grupos de recursos diferentes, mas todas as zonas DNS públicas devem estar no mesmo grupo de recursos e todas as zonas DNS privadas devem estar no mesmo grupo de recursos.
|
|
enabled
|
boolean
|
Se o complemento Roteamento de Aplicativos deve ser habilitado.
|
|
identity
|
UserAssignedIdentity
|
Identidade gerenciada do complemento Roteamento de Aplicativos. Essa é a identidade à qual devem ser concedidas permissões, por exemplo, para gerenciar o recurso DNS do Azure associado e obter certificados do Cofre de Chaves do Azure. Consulte esta visão geral do complemento para obter mais instruções.
|
|
nginx
|
ManagedClusterIngressProfileNginx
|
Configuração para o padrão NginxIngressController. Veja mais em https://learn.microsoft.com/en-us/azure/aks/app-routing-nginx-configuration#the-default-nginx-ingress-controller.
|
ManagedClusterLoadBalancerProfile
Objetivo
Perfil do balanceador de carga de cluster gerenciado.
| Nome |
Tipo |
Valor padrão |
Descrição |
|
allocatedOutboundPorts
|
integer
(int32)
minimum: 0
maximum: 64000
|
0
|
O número desejado de portas SNAT alocadas por VM. Os valores permitidos estão no intervalo de 0 a 64000 (inclusive). O valor padrão é 0, o que resulta na alocação dinâmica de portas do Azure.
|
|
backendPoolType
|
BackendPoolType
|
NodeIPConfiguration
|
O tipo do BackendPool do Balanceador de Carga de entrada gerenciado.
|
|
effectiveOutboundIPs
|
ResourceReference[]
|
|
Os recursos IP de saída efetivos do balanceador de carga do cluster.
|
|
enableMultipleStandardLoadBalancers
|
boolean
|
|
Habilite vários balanceadores de carga padrão por cluster AKS ou não.
|
|
idleTimeoutInMinutes
|
integer
(int32)
minimum: 4
maximum: 120
|
30
|
Tempo limite desejado de fluxo de saída ocioso em minutos. Os valores permitidos estão no intervalo de 4 a 120 (inclusive). O valor predefinido é 30 minutos.
|
|
managedOutboundIPs
|
ManagedOutboundIPs
|
|
IPs de saída gerenciados desejados para o balanceador de carga de cluster.
|
|
outboundIPPrefixes
|
OutboundIPPrefixes
|
|
Recursos de prefixo IP de saída desejados para o balanceador de carga de cluster.
|
|
outboundIPs
|
OutboundIPs
|
|
Recursos IP de saída desejados para o balanceador de carga do cluster.
|
ManagedClusterManagedOutboundIPProfile
Objetivo
Perfil dos recursos IP de saída gerenciados do cluster gerenciado.
| Nome |
Tipo |
Valor padrão |
Descrição |
|
count
|
integer
(int32)
minimum: 1
maximum: 16
|
1
|
O número desejado de IPs de saída criados/gerenciados pelo Azure. Os valores permitidos devem estar no intervalo de 1 a 16 (inclusive). O valor padrão é 1.
|
ManagedClusterMetricsProfile
Objetivo
O perfil de métricas para o ManagedCluster.
| Nome |
Tipo |
Descrição |
|
costAnalysis
|
ManagedClusterCostAnalysis
|
A configuração para análise detalhada de custos de recursos por Kubernetes.
|
ManagedClusterNATGatewayProfile
Objetivo
Perfil do gateway NAT do cluster gerenciado.
| Nome |
Tipo |
Valor padrão |
Descrição |
|
effectiveOutboundIPs
|
ResourceReference[]
|
|
Os recursos IP de saída efetivos do gateway NAT do cluster.
|
|
idleTimeoutInMinutes
|
integer
(int32)
minimum: 4
maximum: 120
|
4
|
Tempo limite desejado de fluxo de saída ocioso em minutos. Os valores permitidos estão no intervalo de 4 a 120 (inclusive). O valor padrão é 4 minutos.
|
|
managedOutboundIPProfile
|
ManagedClusterManagedOutboundIPProfile
|
|
Perfil dos recursos IP de saída gerenciados do gateway NAT do cluster.
|
ManagedClusterNodeProvisioningProfile
Objetivo
| Nome |
Tipo |
Valor padrão |
Descrição |
|
defaultNodePools
|
NodeProvisioningDefaultNodePools
|
Auto
|
O conjunto de NodePools Karpenter (CRDs) padrão configurado para provisionamento de nós. Este campo não tem efeito a menos que o modo seja 'Auto'. Aviso: Alterar isso de Auto para Nenhum em um cluster existente fará com que os NodePools Karpenter padrão sejam excluídos, o que drenará e excluirá os nós associados a esses pools. É altamente recomendável não fazer isso, a menos que haja nós ociosos prontos para levar os pods removidos por essa ação. Se não for especificado, o padrão será Auto. Para obter mais informações, consulte aka.ms/aks/nap#node-pools.
|
|
mode
|
NodeProvisioningMode
|
|
O modo de provisionamento do nó. Se não for especificado, o padrão é Manual.
|
ManagedClusterNodeResourceGroupProfile
Objetivo
Perfil de bloqueio do grupo de recursos do nó para um cluster gerenciado.
| Nome |
Tipo |
Descrição |
|
restrictionLevel
|
RestrictionLevel
|
O nível de restrição aplicado ao grupo de recursos do nó do cluster. Se não for especificado, o padrão será 'Sem restrições'
|
ManagedClusterOIDCIssuerProfile
Objetivo
O perfil do emissor OIDC do Cluster Gerenciado.
| Nome |
Tipo |
Descrição |
|
enabled
|
boolean
|
Se o emissor OIDC está habilitado.
|
|
issuerURL
|
string
|
A url do emissor OIDC do Cluster Gerenciado.
|
ManagedClusterPodIdentity
Objetivo
Detalhes sobre a identidade do pod atribuída ao Cluster Gerenciado.
| Nome |
Tipo |
Descrição |
|
bindingSelector
|
string
|
O seletor de associação a ser usado para o recurso AzureIdentityBinding.
|
|
identity
|
UserAssignedIdentity
|
O usuário atribuiu detalhes de identidade.
|
|
name
|
string
|
O nome da identidade do pod.
|
|
namespace
|
string
|
O namespace da identidade do pod.
|
|
provisioningInfo
|
ProvisioningInfo
|
|
|
provisioningState
|
ManagedClusterPodIdentityProvisioningState
|
O estado de provisionamento atual da identidade do pod.
|
ManagedClusterPodIdentityException
Objetivo
Uma exceção de identidade de pod, que permite que pods com determinados rótulos acessem o ponto de extremidade IMDS (Serviço de Metadados de Instância do Azure) sem serem intercetados pelo servidor de identidade gerenciada pelo nó (NMI). Consulte desativar o AAD Pod Identity para um específico de Pod/Aplicativo para obter mais detalhes.
| Nome |
Tipo |
Descrição |
|
name
|
string
|
O nome da exceção de identidade do pod.
|
|
namespace
|
string
|
O namespace da exceção de identidade do pod.
|
|
podLabels
|
object
|
Os rótulos do pod para combinar.
|
ManagedClusterPodIdentityProfile
Objetivo
O perfil de identidade do pod do Cluster Gerenciado. Consulte usar o de identidade do pod do AAD para obter mais detalhes sobre a integração da identidade do pod.
| Nome |
Tipo |
Descrição |
|
allowNetworkPluginKubenet
|
boolean
|
Se a identidade do pod pode ser executada em clusters com rede Kubenet. A execução no Kubenet é desativada por padrão devido à natureza relacionada à segurança do AAD Pod Identity e aos riscos de falsificação de IP. Consulte o uso do plug-in de rede Kubenet com o AAD Pod Identity para obter mais informações.
|
|
enabled
|
boolean
|
Se o complemento de identidade do pod está habilitado.
|
|
userAssignedIdentities
|
ManagedClusterPodIdentity[]
|
As identidades de pod a serem usadas no cluster.
|
|
userAssignedIdentityExceptions
|
ManagedClusterPodIdentityException[]
|
As exceções de identidade do pod a permitir.
|
ManagedClusterPodIdentityProvisioningError
Objetivo
Uma resposta de erro do provisionamento de identidade do pod.
ManagedClusterPodIdentityProvisioningErrorBody
Objetivo
Uma resposta de erro do provisionamento de identidade do pod.
| Nome |
Tipo |
Descrição |
|
code
|
string
|
Um identificador para o erro. Os códigos são invariantes e destinam-se a ser consumidos programaticamente.
|
|
details
|
ManagedClusterPodIdentityProvisioningErrorBody[]
|
Uma lista de detalhes adicionais sobre o erro.
|
|
message
|
string
|
Uma mensagem descrevendo o erro, destinada a ser adequada para exibição em uma interface do usuário.
|
|
target
|
string
|
O alvo do erro específico. Por exemplo, o nome da propriedade em erro.
|
ManagedClusterPodIdentityProvisioningState
Enumeração
O estado de provisionamento atual da identidade do pod.
| Valor |
Descrição |
|
Assigned
|
|
|
Canceled
|
|
|
Deleting
|
|
|
Failed
|
|
|
Succeeded
|
|
|
Updating
|
|
ManagedClusterSecurityProfile
Objetivo
Perfil de segurança para o cluster de serviço de contêiner.
ManagedClusterSecurityProfileDefender
Objetivo
Configurações do Microsoft Defender para o perfil de segurança.
| Nome |
Tipo |
Descrição |
|
logAnalyticsWorkspaceResourceId
|
string
(arm-id)
|
ID do recurso do espaço de trabalho do Log Analytics a ser associado ao Microsoft Defender. Quando o Microsoft Defender está habilitado, esse campo é obrigatório e deve ser uma ID de recurso de espaço de trabalho válida. Quando o Microsoft Defender estiver desativado, deixe o campo vazio.
|
|
securityMonitoring
|
ManagedClusterSecurityProfileDefenderSecurityMonitoring
|
Deteção de ameaças do Microsoft Defender para configurações de nuvem para o perfil de segurança.
|
ManagedClusterSecurityProfileDefenderSecurityMonitoring
Objetivo
Configurações do Microsoft Defender para a deteção de ameaças ao perfil de segurança.
| Nome |
Tipo |
Descrição |
|
enabled
|
boolean
|
Se a deteção de ameaças do Defender deve ser ativada
|
ManagedClusterSecurityProfileImageCleaner
Objetivo
O Image Cleaner remove imagens não utilizadas dos nós, libertando espaço em disco e ajudando a reduzir a área da superfície de ataque. Aqui estão as configurações para o perfil de segurança.
| Nome |
Tipo |
Descrição |
|
enabled
|
boolean
|
Se o Image Cleaner deve ser ativado no cluster AKS.
|
|
intervalHours
|
integer
(int32)
|
Intervalo de digitalização do Image Cleaner em horas.
|
ManagedClusterSecurityProfileWorkloadIdentity
Objetivo
Configurações de identidade de carga de trabalho para o perfil de segurança.
| Nome |
Tipo |
Descrição |
|
enabled
|
boolean
|
Se a identidade da carga de trabalho deve ser habilitada.
|
ManagedClusterServicePrincipalProfile
Objetivo
Informações sobre uma identidade de entidade de serviço para o cluster usar para manipular APIs do Azure.
| Nome |
Tipo |
Descrição |
|
clientId
|
string
|
A ID da entidade de serviço.
|
|
secret
|
string
|
A senha secreta associada à entidade de serviço em texto sem formatação.
|
ManagedClusterSKU
Objetivo
A SKU de um cluster gerenciado.
ManagedClusterSKUName
Enumeração
O nome de uma SKU de cluster gerenciado.
| Valor |
Descrição |
|
Base
|
Opção de base para o plano de controle AKS.
|
|
Automatic
|
Os clusters automáticos são otimizados para executar a maioria das cargas de trabalho de produção com uma configuração que segue as práticas recomendadas e recomendações do AKS para configuração, escalabilidade e segurança de cluster e carga de trabalho. Para obter mais detalhes sobre clusters automáticos, consulte aka.ms/aks/automatic.
|
ManagedClusterSKUTier
Enumeração
A camada de uma SKU de cluster gerenciado. Se não for especificado, o padrão é 'Livre'. Consulte AKS Pricing Tier para obter mais detalhes.
| Valor |
Descrição |
|
Standard
|
Recomendado para cargas de trabalho de missão crítica e produção. Inclui dimensionamento automático do plano de controle do Kubernetes, testes intensivos de carga de trabalho e até 5.000 nós por cluster. Garante 99,95% de disponibilidade do ponto de extremidade do servidor da API do Kubernetes para clusters que usam zonas de disponibilidade e 99,9% de disponibilidade para clusters que não usam zonas de disponibilidade.
|
|
Free
|
O gerenciamento de cluster é gratuito, mas cobrado pelo uso de VM, armazenamento e rede. Ideal para experimentar, aprender, testar simples ou cargas de trabalho com menos de 10 nós. Não recomendado para casos de uso de produção.
|
|
Premium
|
O Cluster tem recursos premium, além de todos os recursos incluídos no 'Padrão'. Premium permite a seleção de LongTermSupport (aka.ms/aks/lts) para determinadas versões do Kubernetes.
|
ManagedClusterStaticEgressGatewayProfile
Objetivo
A configuração do complemento Static Egress Gateway para o cluster.
| Nome |
Tipo |
Descrição |
|
enabled
|
boolean
|
Habilite o addon Static Egress Gateway. Indica se o addon Static Egress Gateway está habilitado ou não.
|
ManagedClusterStatus
Objetivo
Contém informações somente leitura sobre o Cluster Gerenciado.
| Nome |
Tipo |
Descrição |
|
provisioningError
|
ErrorDetail
|
O erro detalha as informações do cluster gerenciado. Preserva as informações detalhadas da falha. Se não houve erro, este campo é omitido.
|
ManagedClusterStorageProfile
Objetivo
Perfil de armazenamento para o cluster de serviço de contêiner.
ManagedClusterStorageProfileBlobCSIDriver
Objetivo
Configurações do AzureBlob CSI Driver para o perfil de armazenamento.
| Nome |
Tipo |
Descrição |
|
enabled
|
boolean
|
Se deseja habilitar o AzureBlob CSI Driver. O valor predefinido é false.
|
ManagedClusterStorageProfileDiskCSIDriver
Objetivo
Configurações do driver CSI do AzureDisk para o perfil de armazenamento.
| Nome |
Tipo |
Descrição |
|
enabled
|
boolean
|
Se o AzureDisk CSI Driver deve ser habilitado. O valor padrão é true.
|
ManagedClusterStorageProfileFileCSIDriver
Objetivo
Configurações do AzureFile CSI Driver para o perfil de armazenamento.
| Nome |
Tipo |
Descrição |
|
enabled
|
boolean
|
Se deseja habilitar o AzureFile CSI Driver. O valor padrão é true.
|
ManagedClusterStorageProfileSnapshotController
Objetivo
Configurações do Snapshot Controller para o perfil de armazenamento.
| Nome |
Tipo |
Descrição |
|
enabled
|
boolean
|
Se o Snapshot Controller deve ser habilitado. O valor padrão é true.
|
ManagedClusterWindowsProfile
Objetivo
Perfil para VMs do Windows no cluster gerenciado.
| Nome |
Tipo |
Descrição |
|
adminPassword
|
string
|
Especifica a senha da conta de administrador.
Comprimento mínimo: 8 caracteres
Comprimento máximo: 123 caracteres
Requisitos de complexidade: 3 das 4 condições abaixo precisam ser cumpridas
Tem caracteres mais baixos
Tem caracteres superiores
Tem um dígito
Tem um caractere especial (Regex match [\W_])
Valores não permitidos: "abc@123", "P@$$w 0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!"
|
|
adminUsername
|
string
|
Especifica o nome da conta de administrador.
Restrição: Não pode terminar em "."
Valores não permitidos: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5".
Comprimento mínimo: 1 caractere
Comprimento máximo: 20 caracteres
|
|
enableCSIProxy
|
boolean
|
Se o proxy CSI deve ser habilitado. Para obter mais detalhes sobre o proxy CSI, consulte o repositório GitHub do proxy CSI.
|
|
gmsaProfile
|
WindowsGmsaProfile
|
O perfil gMSA do Windows no cluster gerenciado.
|
|
licenseType
|
licenseType
|
O tipo de licença a ser usado para VMs do Windows. Consulte Benefícios do usuário híbrido do Azure para obter mais detalhes.
|
ManagedClusterWorkloadAutoScalerProfile
Objetivo
Perfil do dimensionador automático da carga de trabalho para o cluster gerenciado.
ManagedClusterWorkloadAutoScalerProfileKeda
Objetivo
Configurações KEDA (Kubernetes Event-driven Autoscaling) para o perfil de dimensionamento automático da carga de trabalho.
| Nome |
Tipo |
Descrição |
|
enabled
|
boolean
|
Se o KEDA deve ser ativado.
|
ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler
Objetivo
Configurações de VPA (Vertical Pod Autoscaler) para o perfil de dimensionamento automático da carga de trabalho.
| Nome |
Tipo |
Valor padrão |
Descrição |
|
enabled
|
boolean
|
False
|
Se o VPA deve ser habilitado. O valor predefinido é falso.
|
ManagedOutboundIPs
Objetivo
IPs de saída gerenciados desejados para o balanceador de carga de cluster.
| Nome |
Tipo |
Valor padrão |
Descrição |
|
count
|
integer
(int32)
minimum: 1
maximum: 100
|
1
|
O número desejado de IPs de saída IPv4 criados/gerenciados pelo Azure para o balanceador de carga de cluster. Os valores permitidos devem estar no intervalo de 1 a 100 (inclusive). O valor padrão é 1.
|
|
countIPv6
|
integer
(int32)
minimum: 0
maximum: 100
|
0
|
O número desejado de IPs de saída IPv6 criados/gerenciados pelo Azure para o balanceador de carga de cluster. Os valores permitidos devem estar no intervalo de 1 a 100 (inclusive). O valor padrão é 0 para pilha única e 1 para pilha dupla.
|
ManualScaleProfile
Objetivo
Especificações sobre o número de máquinas.
| Nome |
Tipo |
Descrição |
|
count
|
integer
(int32)
|
Número de nós.
|
|
size
|
string
|
Tamanho da VM que o AKS usará ao criar e dimensionar, por exemplo, 'Standard_E4s_v3', 'Standard_E16s_v3' ou 'Standard_D16s_v5'.
|
networkDataplane
Enumeração
Dataplane de rede usado no cluster Kubernetes.
| Valor |
Descrição |
|
azure
|
Use o plano de dados de rede do Azure.
|
|
cilium
|
Use o plano de dados da rede Cilium. Consulte Azure CNI Powered by Cilium para obter mais informações.
|
networkMode
Enumeração
O modo de rede Azure CNI está configurado com. Isso não pode ser especificado se networkPlugin for algo diferente de 'azure'.
| Valor |
Descrição |
|
transparent
|
Nenhuma ponte é criada. Intra-VM comunicação Pod to Pod é através de rotas IP criadas pelo Azure CNI. Consulte Modo Transparente para obter mais informações.
|
|
bridge
|
Isso não é mais suportado
|
NetworkPlugin
Enumeração
Plug-in de rede usado para construir a rede Kubernetes.
| Valor |
Descrição |
|
azure
|
Use o plug-in de rede CNI do Azure. Consulte de rede CNI (avançado) do Azure para obter mais informações.
|
|
kubenet
|
Use o plug-in de rede Kubenet. Consulte de rede Kubenet (básico) para obter mais informações.
|
|
none
|
Nenhum plugin CNI está pré-instalado. Consulte BYO CNI para obter mais informações.
|
NetworkPluginMode
Enumeração
O modo que o plugin de rede deve usar.
| Valor |
Descrição |
|
overlay
|
Usados com networkPlugin=azure, os pods recebem IPs do espaço de endereço PodCIDR, mas usam Domínios de Roteamento do Azure em vez do método Kubenet de tabelas de rotas. Para mais informações, visite https://aka.ms/aks/azure-cni-overlay.
|
NetworkPolicy
Enumeração
Política de rede usada para criar a rede Kubernetes.
NginxIngressControllerType
Enumeração
Tipo de ingresso para o recurso personalizado padrão NginxIngressController
| Valor |
Descrição |
|
AnnotationControlled
|
O padrão NginxIngressController será criado. Os usuários podem editar o recurso personalizado padrão NginxIngressController para configurar anotações do balanceador de carga.
|
|
External
|
O padrão NginxIngressController será criado e o operador provisionará um balanceador de carga externo com ele. Qualquer anotação para tornar o balanceador de carga padrão interno será substituída.
|
|
Internal
|
O padrão NginxIngressController será criado e o operador provisionará um balanceador de carga interno com ele. Qualquer anotação para tornar o balanceador de carga padrão externo será substituída.
|
|
None
|
O Controlador de Ingresso padrão não será criado. Ele não será excluído pelo sistema, se existir. Os usuários devem excluir o recurso personalizado padrão NginxIngressController manualmente, se desejado.
|
nodeOSUpgradeChannel
Enumeração
Canal de atualização do sistema operacional do nó. Maneira como o sistema operacional em seus nós é atualizado. O padrão é NodeImage.
| Valor |
Descrição |
|
Unmanaged
|
As atualizações do SO serão aplicadas automaticamente através da infraestrutura de aplicação de patches integrada do SO. As máquinas recém-dimensionadas não serão corrigidas inicialmente e serão corrigidas em algum momento pela infraestrutura do sistema operacional. O comportamento desta opção depende do SO em questão. Ubuntu e Mariner aplicam patches de segurança através de atualização autônoma aproximadamente uma vez por dia por volta das 06:00 UTC. O Windows não aplica patches de segurança automaticamente e, portanto, para eles, esta opção é equivalente a Nenhum até novo aviso
|
|
None
|
Nenhuma tentativa de atualizar o sistema operacional de suas máquinas será feita pelo sistema operacional ou por VHDs rolantes. Isto significa que é responsável pelas suas atualizações de segurança
|
|
NodeImage
|
O AKS atualizará os nós com um VHD recém-corrigido contendo correções de segurança e correções de bugs em uma cadência semanal. Com a atualização do VHD, as máquinas serão recriadas para esse VHD seguindo as janelas de manutenção e as configurações de surto. Nenhum custo VHD extra é incorrido ao escolher esta opção, pois o AKS hospeda as imagens.
|
|
SecurityPatch
|
O AKS baixa e atualiza os nós com atualizações de segurança testadas. Essas atualizações respeitam as configurações da janela de manutenção e produzem um novo VHD que é usado em novos nós. Em algumas ocasiões não é possível aplicar as atualizações em vigor, nesses casos os nós existentes também serão re-imageados para o VHD recém-produzido, a fim de aplicar as alterações. Esta opção incorre em um custo extra de hospedagem dos novos VHDs do Patch de Segurança em seu grupo de recursos para consumo de tempo justo.
|
NodeProvisioningDefaultNodePools
Enumeração
O conjunto de NodePools Karpenter (CRDs) padrão configurado para provisionamento de nós. Este campo não tem efeito a menos que o modo seja 'Auto'. Aviso: Alterar isso de Auto para Nenhum em um cluster existente fará com que os NodePools Karpenter padrão sejam excluídos, o que drenará e excluirá os nós associados a esses pools. É altamente recomendável não fazer isso, a menos que haja nós ociosos prontos para levar os pods removidos por essa ação. Se não for especificado, o padrão será Auto. Para obter mais informações, consulte aka.ms/aks/nap#node-pools.
| Valor |
Descrição |
|
None
|
Nenhum Karpenter NodePools é provisionado automaticamente. O dimensionamento automático não acontecerá a menos que o usuário crie uma ou mais instâncias CRD do NodePool.
|
|
Auto
|
Um conjunto padrão de NodePools Karpenter é provisionado
|
NodeProvisioningMode
Enumeração
O modo de provisionamento do nó. Se não for especificado, o padrão é Manual.
| Valor |
Descrição |
|
Manual
|
Os nós são provisionados manualmente pelo usuário
|
|
Auto
|
Os nós são provisionados automaticamente pelo AKS usando o Karpenter (Consulte aka.ms/aks/nap para obter mais detalhes). Pools de nós de tamanho fixo ainda podem ser criados, mas o dimensionamento automático de pools de nós não pode ser. (Consulte aka.ms/aks/nap para mais detalhes).
|
OSDiskType
Enumeração
O tipo de disco do sistema operacional a ser usado para máquinas no pool de agentes. O padrão é 'Ephemeral' se a VM suportar e tiver um disco de cache maior do que o OSDiskSizeGB solicitado. Caso contrário, o padrão será 'Gerenciado'. Não pode ser alterado após a criação. Para obter mais informações, consulte Ephemeral OS.
| Valor |
Descrição |
|
Managed
|
O Azure replica o disco do sistema operacional de uma máquina virtual para o armazenamento do Azure para evitar perda de dados caso a VM precise ser realocada para outro host. Como os contêineres não foram projetados para que o estado local persista, esse comportamento oferece valor limitado enquanto fornece algumas desvantagens, incluindo provisionamento de nó mais lento e latência de leitura/gravação mais alta.
|
|
Ephemeral
|
Os discos efêmeros do sistema operacional são armazenados apenas na máquina host, assim como um disco temporário. Isso proporciona menor latência de leitura/gravação, juntamente com escalonamento de nó mais rápido e atualizações de cluster.
|
OSSKU
Enumeração
Especifica a SKU do sistema operacional usada pelo pool de agentes. O padrão é Ubuntu se OSType é Linux. O padrão é Windows2019 quando o Kubernetes <= 1.24 ou Windows2022 quando o Kubernetes >= 1.25 se OSType for Windows.
| Valor |
Descrição |
|
AzureLinux
|
Use AzureLinux como o sistema operacional para imagens de nó. O Azure Linux é uma distro Linux otimizada para contêiner criada pela Microsoft, visite https://aka.ms/azurelinux para obter mais informações.
|
|
AzureLinux3
|
Use AzureLinux3 como o sistema operacional para imagens de nó. O Azure Linux é uma distro Linux otimizada para contêiner criada pela Microsoft, visite https://aka.ms/azurelinux para obter mais informações. Para limitações, visite https://aka.ms/aks/node-images. Para obter orientações sobre migração de SO, consulte https://aka.ms/aks/upgrade-os-version.
|
|
CBLMariner
|
OSSKU preterido. A Microsoft recomenda que as novas implantações escolham 'AzureLinux' em vez disso.
|
|
Ubuntu
|
Use o Ubuntu como o sistema operacional para imagens de nós.
|
|
Ubuntu2204
|
Use o Ubuntu2204 como o sistema operacional para imagens de nós, no entanto, o Ubuntu 22.04 pode não ser suportado para todos os nodepools. Para limitações e versões kubernetes suportadas, consulte https://aka.ms/aks/supported-ubuntu-versions
|
|
Ubuntu2404
|
Use o Ubuntu2404 como o sistema operacional para imagens de nós, no entanto, o Ubuntu 24.04 pode não ser suportado para todos os nodepools. Para limitações e versões kubernetes suportadas, consulte https://aka.ms/aks/supported-ubuntu-versions
|
|
Windows2019
|
Use o Windows2019 como o sistema operacional para imagens de nó. Não suportado para pools de nós do sistema. Windows2019 suporta apenas contêineres do Windows2019; ele não pode executar contêineres do Windows2022 e vice-versa.
|
|
Windows2022
|
Use o Windows2022 como o sistema operacional para imagens de nó. Não suportado para pools de nós do sistema. O Windows2022 suporta apenas contêineres do Windows2022; ele não pode executar contêineres do Windows2019 e vice-versa.
|
OSType
Enumeração
O tipo de sistema operacional. O padrão é Linux.
| Valor |
Descrição |
|
Linux
|
Usa Linux.
|
|
Windows
|
Usa o Windows.
|
OutboundIPPrefixes
Objetivo
Recursos de prefixo IP de saída desejados para o balanceador de carga de cluster.
| Nome |
Tipo |
Descrição |
|
publicIPPrefixes
|
ResourceReference[]
|
Uma lista de recursos de prefixo IP público.
|
OutboundIPs
Objetivo
Recursos IP de saída desejados para o balanceador de carga do cluster.
| Nome |
Tipo |
Descrição |
|
publicIPs
|
ResourceReference[]
|
Uma lista de recursos públicos de IP.
|
outboundType
Enumeração
O método de roteamento de saída (saída). Isso só pode ser definido no momento da criação do cluster e não pode ser alterado posteriormente. Para obter mais informações, consulte Tipo de saída de saída.
PodIPAllocationMode
Enumeração
Modo de alocação de IP do pod. O modo de alocação de IP para pods no pool de agentes. Deve ser usado com podSubnetId. O padrão é 'DynamicIndividual'.
| Valor |
Descrição |
|
DynamicIndividual
|
Cada nó é alocado com uma lista não contígua de endereços IP atribuíveis a pods. Isso é melhor para maximizar uma sub-rede pequena a média de tamanho /16 ou menor. O cluster CNI do Azure com alocação de IP dinâmica assume como padrão esse modo se o cliente não especificar explicitamente um podIPAllocationMode
|
|
StaticBlock
|
Cada nó é alocado estaticamente bloco(s) CIDR de tamanho /28 = 16 IPs por bloco para satisfazer os maxPods por nó. Número de blocos CIDR >= (maxPods / 16). O bloco, em vez de um único IP, conta contra o limite de IP privado do Azure Vnet de 65K. Portanto, o modo de bloco é adequado para executar cargas de trabalho maiores com mais do que o limite atual de 65K pods em um cluster. Este modo é mais adequado para escalar com sub-redes maiores de /15 ou maiores
|
PortRange
Objetivo
O intervalo de portas.
| Nome |
Tipo |
Descrição |
|
portEnd
|
integer
(int32)
minimum: 1
maximum: 65535
|
A porta máxima incluída no intervalo. Deve ser variado de 1 a 65535, e ser maior ou igual a portStart.
|
|
portStart
|
integer
(int32)
minimum: 1
maximum: 65535
|
A porta mínima incluída no intervalo. Deve ser variado de 1 a 65535, e ser menor ou igual a portEnd.
|
|
protocol
|
Protocol
|
O protocolo de rede da porta.
|
PowerState
Objetivo
Descreve o estado de energia do cluster
| Nome |
Tipo |
Descrição |
|
code
|
code
|
Informa se o cluster está em execução ou interrompido
|
PrivateLinkResource
Objetivo
Um recurso de link privado
| Nome |
Tipo |
Descrição |
|
groupId
|
string
|
A ID do grupo do recurso.
|
|
id
|
string
|
A ID do recurso de link privado.
|
|
name
|
string
|
O nome do recurso de link privado.
|
|
privateLinkServiceID
|
string
(arm-id)
|
O ID do serviço de link privado do recurso, este campo é exposto apenas ao NRP internamente.
|
|
requiredMembers
|
string[]
|
Os RequiredMembers do recurso
|
|
type
|
string
|
O tipo do recurso.
|
Protocol
Enumeração
O protocolo de rede da porta.
| Valor |
Descrição |
|
TCP
|
Protocolo TCP.
|
|
UDP
|
Protocolo UDP.
|
ProvisioningInfo
Objetivo
PublicNetworkAccess
Enumeração
PublicNetworkAccess do managedCluster. Permitir ou negar acesso à rede pública para o AKS
| Valor |
Descrição |
|
Enabled
|
|
|
Disabled
|
|
ResourceIdentityType
Enumeração
O tipo de identidade usado para o cluster gerenciado. Para obter mais informações, consulte Usar identidades gerenciadas no AKS.
| Valor |
Descrição |
|
SystemAssigned
|
Use uma identidade gerenciada atribuída ao sistema criada implicitamente para gerenciar recursos de cluster. Os componentes mestres no plano de controle, como kube-controller-manager, usarão a identidade gerenciada atribuída ao sistema para manipular os recursos do Azure.
|
|
UserAssigned
|
Use uma identidade especificada pelo usuário para gerenciar recursos de cluster. Os componentes mestres no plano de controle, como kube-controller-manager, usarão a identidade gerenciada atribuída ao usuário especificado para manipular os recursos do Azure.
|
|
None
|
Não use uma identidade gerenciada para o Cluster Gerenciado, a entidade de serviço será usada.
|
ResourceReference
Objetivo
Uma referência a um recurso do Azure.
| Nome |
Tipo |
Descrição |
|
id
|
string
(arm-id)
|
A ID de recurso do Azure totalmente qualificada.
|
RestrictionLevel
Enumeração
O nível de restrição aplicado ao grupo de recursos do nó do cluster. Se não for especificado, o padrão será 'Sem restrições'
| Valor |
Descrição |
|
Unrestricted
|
Todas as permissões RBAC são permitidas no grupo de recursos do nó gerenciado
|
|
ReadOnly
|
Somente permissões RBAC */read permitidas no grupo de recursos do nó gerenciado
|
ScaleDownMode
Enumeração
Descreve como as VMs são adicionadas ou removidas dos Pools de Agentes. Consulte os estados de faturação.
| Valor |
Descrição |
|
Delete
|
Crie novas instâncias durante o aumento de escala e remova instâncias durante a redução de escala.
|
|
Deallocate
|
Tente iniciar instâncias desalocadas (se existirem) durante o aumento de escala e desalocar instâncias durante a redução de escala.
|
ScaleProfile
Objetivo
Especificações sobre como dimensionar um pool de agentes VirtualMachines.
| Nome |
Tipo |
Descrição |
|
manual
|
ManualScaleProfile[]
|
Especificações sobre como dimensionar o pool de agentes do VirtualMachines para um tamanho fixo.
|
ScaleSetEvictionPolicy
Enumeração
A política de remoção do Conjunto de Dimensionamento de Máquina Virtual. A política de remoção especifica o que fazer com a VM quando ela é removida. O padrão é Excluir. Para obter mais informações sobre remoção, consulte VMs spot
| Valor |
Descrição |
|
Delete
|
Os nós no Conjunto de Escala subjacente do pool de nós são excluídos quando são removidos.
|
|
Deallocate
|
Os nós no Conjunto de Escala subjacente do pool de nós são definidos para o estado de desalocação interrompida após a remoção. Os nós no estado de desalocação interrompida contam em relação à sua cota de computação e podem causar problemas com o dimensionamento ou atualização do cluster.
|
ScaleSetPriority
Enumeração
A prioridade do Conjunto de Dimensionamento de Máquina Virtual.
| Valor |
Descrição |
|
Spot
|
Serão utilizadas VMs com prioridade pontual. Não há SLA para nós spot. Consulte local no AKS para obter mais informações.
|
|
Regular
|
Serão utilizadas VMs regulares.
|
ServiceMeshMode
Enumeração
Modo da malha de serviço.
| Valor |
Descrição |
|
Istio
|
Istio implantado como um addon AKS.
|
|
Disabled
|
A malha está desativada.
|
ServiceMeshProfile
Objetivo
Perfil de malha de serviço para um cluster gerenciado.
SysctlConfig
Objetivo
Configurações de sysctl para nós de agente Linux.
| Nome |
Tipo |
Descrição |
|
fsAioMaxNr
|
integer
(int32)
|
Configuração do Sysctl fs.aio-max-nr.
|
|
fsFileMax
|
integer
(int32)
|
Configuração do Sysctl fs.file-max.
|
|
fsInotifyMaxUserWatches
|
integer
(int32)
|
Configuração do Sysctl fs.inotify.max_user_watches.
|
|
fsNrOpen
|
integer
(int32)
|
Configuração do Sysctl fs.nr_open.
|
|
kernelThreadsMax
|
integer
(int32)
|
Configuração do Sysctl kernel.threads-max.
|
|
netCoreNetdevMaxBacklog
|
integer
(int32)
|
Configuração do Sysctl net.core.netdev_max_backlog.
|
|
netCoreOptmemMax
|
integer
(int32)
|
Configuração do Sysctl net.core.optmem_max.
|
|
netCoreRmemDefault
|
integer
(int32)
|
Configuração do Sysctl net.core.rmem_default.
|
|
netCoreRmemMax
|
integer
(int32)
|
Configuração do Sysctl net.core.rmem_max.
|
|
netCoreSomaxconn
|
integer
(int32)
|
Configuração de sysctl net.core.somaxconn.
|
|
netCoreWmemDefault
|
integer
(int32)
|
Configuração do Sysctl net.core.wmem_default.
|
|
netCoreWmemMax
|
integer
(int32)
|
Configuração do Sysctl net.core.wmem_max.
|
|
netIpv4IpLocalPortRange
|
string
|
Configuração do Sysctl net.ipv4.ip_local_port_range.
|
|
netIpv4NeighDefaultGcThresh1
|
integer
(int32)
|
Configuração do Sysctl net.ipv4.neigh.default.gc_thresh1.
|
|
netIpv4NeighDefaultGcThresh2
|
integer
(int32)
|
Configuração do Sysctl net.ipv4.neigh.default.gc_thresh2.
|
|
netIpv4NeighDefaultGcThresh3
|
integer
(int32)
|
Configuração do Sysctl net.ipv4.neigh.default.gc_thresh3.
|
|
netIpv4TcpFinTimeout
|
integer
(int32)
|
Configuração do Sysctl net.ipv4.tcp_fin_timeout.
|
|
netIpv4TcpKeepaliveProbes
|
integer
(int32)
|
Configuração do Sysctl net.ipv4.tcp_keepalive_probes.
|
|
netIpv4TcpKeepaliveTime
|
integer
(int32)
|
Configuração do Sysctl net.ipv4.tcp_keepalive_time.
|
|
netIpv4TcpMaxSynBacklog
|
integer
(int32)
|
Configuração do Sysctl net.ipv4.tcp_max_syn_backlog.
|
|
netIpv4TcpMaxTwBuckets
|
integer
(int32)
|
Configuração do Sysctl net.ipv4.tcp_max_tw_buckets.
|
|
netIpv4TcpTwReuse
|
boolean
|
Configuração do Sysctl net.ipv4.tcp_tw_reuse.
|
|
netIpv4TcpkeepaliveIntvl
|
integer
(int32)
minimum: 10
maximum: 90
|
Configuração do Sysctl net.ipv4.tcp_keepalive_intvl.
|
|
netNetfilterNfConntrackBuckets
|
integer
(int32)
minimum: 65536
maximum: 524288
|
Configuração do Sysctl net.netfilter.nf_conntrack_buckets.
|
|
netNetfilterNfConntrackMax
|
integer
(int32)
minimum: 131072
maximum: 2097152
|
Configuração do Sysctl net.netfilter.nf_conntrack_max.
|
|
vmMaxMapCount
|
integer
(int32)
|
Configuração do Sysctl vm.max_map_count.
|
|
vmSwappiness
|
integer
(int32)
|
Configuração do Sysctl vm.swappiness.
|
|
vmVfsCachePressure
|
integer
(int32)
|
Configuração do Sysctl vm.vfs_cache_pressure.
|
systemData
Objetivo
Metadados referentes à criação e última modificação do recurso.
| Nome |
Tipo |
Descrição |
|
createdAt
|
string
(date-time)
|
O carimbo de data/hora da criação de recursos (UTC).
|
|
createdBy
|
string
|
A identidade que criou o recurso.
|
|
createdByType
|
createdByType
|
O tipo de identidade que criou o recurso.
|
|
lastModifiedAt
|
string
(date-time)
|
O carimbo de data/hora da última modificação do recurso (UTC)
|
|
lastModifiedBy
|
string
|
A identidade que modificou o recurso pela última vez.
|
|
lastModifiedByType
|
createdByType
|
O tipo de identidade que modificou o recurso pela última vez.
|
UndrainableNodeBehavior
Enumeração
Define o comportamento para nós não drenáveis durante a atualização. A causa mais comum de nós não drenáveis é Pod Disruption Budgets (PDBs), mas outros problemas, como o período de carência de término do pod está excedendo o tempo limite de drenagem por nó restante ou o pod ainda está em um estado de execução, também podem causar nós não drenáveis.
| Valor |
Descrição |
|
Schedule
|
O AKS marcará os nós bloqueados como escalonáveis, mas os nós bloqueados não serão atualizados. Será feita uma tentativa de melhor esforço para excluir todos os nós de surto. A operação de atualização e o cluster gerenciado estarão em estado de falha se houver nós bloqueados.
|
|
Cordon
|
O AKS fará o cordão dos nós bloqueados e os substituirá por nós de surto durante a atualização. Os nós bloqueados serão isolados e substituídos por nós de surto. Os nós bloqueados terão o rótulo 'kubernetes.azure.com/upgrade-status:Quarantined'. Um nó de surto será mantido para cada nó bloqueado. Será feita uma tentativa de melhor esforço para excluir todos os outros nós de surto. Se houver nós de aumento suficientes para substituir os nós bloqueados, a operação de atualização e o cluster gerenciado estarão em estado de falha. Caso contrário, a operação de atualização e o cluster gerenciado estarão em estado cancelado.
|
upgradeChannel
Enumeração
O canal de atualização para atualização automática. O padrão é 'nenhum'. Para obter mais informações, consulte a configuração do canal de atualização automática do cluster AKS.
| Valor |
Descrição |
|
rapid
|
Atualize automaticamente o cluster para a versão de patch suportada mais recente na versão secundária suportada mais recente. Nos casos em que o cluster está em uma versão do Kubernetes que está em uma versão secundária N-2 onde N é a versão secundária suportada mais recente, o cluster primeiro atualiza para a versão de patch suportada mais recente na versão secundária N-1. Por exemplo, se um cluster estiver executando a versão 1.17.7 e as versões 1.17.9, 1.18.4, 1.18.6 e 1.19.1 estiverem disponíveis, o cluster primeiro será atualizado para 1.18.6 e, em seguida, será atualizado para 1.19.1.
|
|
stable
|
Atualize automaticamente o cluster para a versão de patch suportada mais recente na versão secundária N-1, onde N é a versão secundária suportada mais recente. Por exemplo, se um cluster estiver executando a versão 1.17.7 e as versões 1.17.9, 1.18.4, 1.18.6 e 1.19.1 estiverem disponíveis, o cluster será atualizado para 1.18.6.
|
|
patch
|
Atualize automaticamente o cluster para a versão de patch suportada mais recente quando ele estiver disponível, mantendo a versão secundária a mesma. Por exemplo, se um cluster estiver executando a versão 1.17.7 e as versões 1.17.9, 1.18.4, 1.18.6 e 1.19.1 estiverem disponíveis, o cluster será atualizado para 1.17.9.
|
|
node-image
|
Atualize automaticamente a imagem do nó para a versão mais recente disponível. Considere usar nodeOSUpgradeChannel em vez disso, pois isso permite que você configure o patch do sistema operacional do nó separadamente do patch de versão do Kubernetes
|
|
none
|
Desabilita as atualizações automáticas e mantém o cluster em sua versão atual do Kubernetes.
|
UpgradeOverrideSettings
Objetivo
Configurações para substituições ao atualizar um cluster.
| Nome |
Tipo |
Descrição |
|
forceUpgrade
|
boolean
|
Se é necessário forçar a atualização do cluster. Observe que essa opção instrui a operação de atualização a ignorar as proteções de atualização, como a verificação do uso preterido da API. Habilite essa opção apenas com cuidado.
|
|
until
|
string
(date-time)
|
Até quando as substituições são efetivas. Observe que isso corresponde apenas à hora de início de uma atualização, e a eficácia não mudará quando uma atualização for iniciada, mesmo que a expirar à medida que a until atualização prosseguir. Este campo não está definido por padrão. Deve ser definido para que as substituições entrem em vigor.
|
UserAssignedIdentities
Objetivo
A identidade do usuário associada ao cluster gerenciado. Esta identidade será utilizada no plano de controlo. Apenas uma identidade atribuída ao usuário é permitida. As chaves devem ser IDs de recursos ARM no formato: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
UserAssignedIdentity
Objetivo
Detalhes sobre uma identidade atribuída ao usuário.
| Nome |
Tipo |
Descrição |
|
clientId
|
string
|
O ID do cliente da identidade atribuída ao usuário.
|
|
objectId
|
string
|
O ID do objeto da identidade atribuída ao usuário.
|
|
resourceId
|
string
(arm-id)
|
A ID do recurso da identidade atribuída ao usuário.
|
VirtualMachineNodes
Objetivo
Status atual em um grupo de nós do mesmo tamanho vm.
| Nome |
Tipo |
Descrição |
|
count
|
integer
(int32)
|
Número de nós.
|
|
size
|
string
|
O tamanho da VM dos agentes usados para hospedar esse grupo de nós.
|
VirtualMachinesProfile
Objetivo
Especificações no pool de agentes do VirtualMachines.
| Nome |
Tipo |
Descrição |
|
scale
|
ScaleProfile
|
Especificações sobre como dimensionar um pool de agentes VirtualMachines.
|
WindowsGmsaProfile
Objetivo
Perfil gMSA do Windows no cluster gerenciado.
| Nome |
Tipo |
Descrição |
|
dnsServer
|
string
|
Especifica o servidor DNS para Windows gMSA.
Defina-o como vazio se você tiver configurado o servidor DNS na rede virtual que é usado para criar o cluster gerenciado.
|
|
enabled
|
boolean
|
Se o Windows gMSA deve ser habilitado. Especifica se o Windows gMSA deve ser habilitado no cluster gerenciado.
|
|
rootDomainName
|
string
|
Especifica o nome de domínio raiz para o Windows gMSA.
Defina-o como vazio se você tiver configurado o servidor DNS na rede virtual que é usado para criar o cluster gerenciado.
|
WorkloadRuntime
Enumeração
Determina o tipo de carga de trabalho que um nó pode executar.
| Valor |
Descrição |
|
OCIContainer
|
Os nós usarão o Kubelet para executar cargas de trabalho de contêiner OCI padrão.
|
|
WasmWasi
|
Os nós usarão o Krustlet para executar cargas de trabalho WASM usando o provedor WASI (Visualização).
|
|
KataVmIsolation
|
Os nós podem usar (Kata + Cloud Hypervisor + Hyper-V) para habilitar pods baseados em VM aninhados. Devido ao uso do Hyper-V, o próprio sistema operacional do nó AKS é uma VM aninhada (o sistema operacional raiz) do Hyper-V. Assim, ele só pode ser usado com séries de VM que suportam virtualização aninhada, como a série Dv3.
|