Azure AKS

Scale node pools

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Adjust your AKS cluster’s capacity ensuring high availability during demand surges and cost savings during downtimes. This action can only be performed for the clusters with “Scale method” - “Manual”, disable “Autoscale” to use this action.

Inputs

Champ

Type

Description

clusterName [required]

string

Name of the cluster for which you would like to retrieve details

subscriptionId [required]

string

The unique identifier of your Azure subscription. This ID is used to specify under which Azure subscription the specified web app is located and managed. You can find your Subscription ID in the Azure portal under 'Subscriptions'.

resourceGroup [required]

string

The name of the resource group. The name is case-insensitive.

nodePoolName [required]

string

Name of the agent pool profile.

desiredNodeCount [required]

number

Specify the number of nodes /VMs in the node pool for container deployment. For user node pools, enter any value from 0 to 1000, and for system node pools, choose from 1 to 1000. The default setting is 1 VM if no value is provided.

Outputs

Expand All

Champ

Type

Description

id

string

Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} NOTE: This property will not be serialized. It can only be populated by the server.

name

string

The name of the resource NOTE: This property will not be serialized. It can only be populated by the server.

type

string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" NOTE: This property will not be serialized. It can only be populated by the server.

systemData

object

Azure Resource Manager metadata containing createdBy and modifiedBy information. NOTE: This property will not be serialized. It can only be populated by the server.

createdBy

string

The identity that created the resource.

createdByType

string

The type of identity that created the resource.

createdAt

date-time

The timestamp of resource creation (UTC).

lastModifiedBy

string

The identity that last modified the resource.

lastModifiedByType

string

The type of identity that last modified the resource.

lastModifiedAt

date-time

The timestamp of resource last modification (UTC)

tags

object

Resource tags.

location [required]

string

The geo-location where the resource lives

sku

object

The managed cluster SKU.

name

string

The name of a managed cluster SKU.

tier

string

If not specified, the default is 'Free'. See AKS Pricing Tier for more details.

extendedLocation

object

The extended location of the Virtual Machine.

name

string

The name of the extended location.

type

string

The type of the extended location.

identity

object

The identity of the managed cluster, if configured.

principalId

string

The principal id of the system assigned identity which is used by master components. NOTE: This property will not be serialized. It can only be populated by the server.

tenantId

string

The tenant id of the system assigned identity which is used by master components. NOTE: This property will not be serialized. It can only be populated by the server.

type

enum

For more information see use managed identities in AKS. Allowed enum values: SystemAssigned,UserAssigned,None

delegatedResources

object

The delegated identity resources assigned to this managed cluster. This can only be set by another Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only.

userAssignedIdentities

object

The keys must be ARM resource IDs in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

provisioningState

string

The current provisioning state. NOTE: This property will not be serialized. It can only be populated by the server.

powerState

object

The Power State of the cluster. NOTE: This property will not be serialized. It can only be populated by the server.

code

string

Tells whether the cluster is Running or Stopped

maxAgentPools

number

The max number of agent pools for the managed cluster. NOTE: This property will not be serialized. It can only be populated by the server.

kubernetesVersion

string

Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See upgrading an AKS cluster for more details.

currentKubernetesVersion

string

If kubernetesVersion was a fully specified version <major.minor.patch>, this field will be exactly equal to it. If kubernetesVersion was <major.minor>, this field will contain the full <major.minor.patch> version being used. NOTE: This property will not be serialized. It can only be populated by the server.

dnsPrefix

string

This cannot be updated once the Managed Cluster has been created.

fqdnSubdomain

string

This cannot be updated once the Managed Cluster has been created.

fqdn

string

The FQDN of the master pool. NOTE: This property will not be serialized. It can only be populated by the server.

privateFqdn

string

The FQDN of private cluster. NOTE: This property will not be serialized. It can only be populated by the server.

azurePortalFqdn

string

The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure Portal to function properly. NOTE: This property will not be serialized. It can only be populated by the server.

agentPoolProfiles

[object]

The agent pool properties.

count

number

Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1.

vmSize

string

VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions

osDiskSizeGB

number

OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified.

osDiskType

string

The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see Ephemeral OS.

kubeletDiskType

string

Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.

workloadRuntime

string

Determines the type of workload a node can run.

vnetSubnetID

string

If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}

podSubnetID

string

If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}

maxPods

number

The maximum number of pods that can run on a node.

osType

string

The operating system type. The default is Linux.

osSKU

string

Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows.

maxCount

number

The maximum number of nodes for auto-scaling

minCount

number

The minimum number of nodes for auto-scaling

enableAutoScaling

boolean

Whether to enable auto-scaler

scaleDownMode

string

This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.

type

string

The type of Agent Pool.

mode

string

A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools

orchestratorVersion

string

Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool.

currentOrchestratorVersion

string

If orchestratorVersion is a fully specified version <major.minor.patch>, this field will be exactly equal to it. If orchestratorVersion is <major.minor>, this field will contain the full <major.minor.patch> version being used. NOTE: This property will not be serialized. It can only be populated by the server.

nodeImageVersion

string

The version of node image NOTE: This property will not be serialized. It can only be populated by the server.

upgradeSettings

object

Settings for upgrading the agentpool

maxSurge

string

This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 1. For more information, including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade

drainTimeoutInMinutes

number

The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not specified, the default is 30 minutes.

provisioningState

string

The current deployment or provisioning state. NOTE: This property will not be serialized. It can only be populated by the server.

powerState

object

When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded

code

string

Tells whether the cluster is Running or Stopped

availabilityZones

[string]

The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is 'VirtualMachineScaleSets'.

enableNodePublicIP

boolean

Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false.

nodePublicIPPrefixID

string

This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}

scaleSetPriority

string

The Virtual Machine Scale Set priority. If not specified, the default is 'Regular'.

scaleSetEvictionPolicy

string

This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is 'Delete'.

spotMaxPrice

number

Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing

tags

object

The tags to be persisted on the agent pool virtual machine scale set.

nodeLabels

object

The node labels to be persisted across all nodes in agent pool.

nodeTaints

[string]

The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.

proximityPlacementGroupID

string

The ID for Proximity Placement Group.

kubeletConfig

object

The Kubelet configuration on the agent pool nodes.

cpuManagerPolicy

string

The default is 'none'. See Kubernetes CPU management policies for more information. Allowed values are 'none' and 'static'.

cpuCfsQuota

boolean

The default is true.

cpuCfsQuotaPeriod

string

The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'.

imageGcHighThreshold

number

To disable image garbage collection, set to 100. The default is 85%

imageGcLowThreshold

number

This cannot be set higher than imageGcHighThreshold. The default is 80%

topologyManagerPolicy

string

For more information see Kubernetes Topology Manager. The default is 'none'. Allowed values are 'none', 'best-effort', 'restricted', and 'single-numa-node'.

allowedUnsafeSysctls

[string]

Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in *).

failSwapOn

boolean

If set to true it will make the Kubelet fail to start if swap is enabled on the node.

containerLogMaxSizeMB

number

The maximum size (e.g. 10Mi) of container log file before it is rotated.

containerLogMaxFiles

number

The maximum number of container log files that can be present for a container. The number must be ≥ 2.

podMaxPids

number

The maximum number of processes per pod.

linuxOSConfig

object

The OS configuration of Linux agent nodes.

sysctls

object

Sysctl settings for Linux agent nodes.

netCoreSomaxconn

number

Sysctl setting net.core.somaxconn.

netCoreNetdevMaxBacklog

number

Sysctl setting net.core.netdev_max_backlog.

netCoreRmemDefault

number

Sysctl setting net.core.rmem_default.

netCoreRmemMax

number

Sysctl setting net.core.rmem_max.

netCoreWmemDefault

number

Sysctl setting net.core.wmem_default.

netCoreWmemMax

number

Sysctl setting net.core.wmem_max.

netCoreOptmemMax

number

Sysctl setting net.core.optmem_max.

netIpv4TcpMaxSynBacklog

number

Sysctl setting net.ipv4.tcp_max_syn_backlog.

netIpv4TcpMaxTwBuckets

number

Sysctl setting net.ipv4.tcp_max_tw_buckets.

netIpv4TcpFinTimeout

number

Sysctl setting net.ipv4.tcp_fin_timeout.

netIpv4TcpKeepaliveTime

number

Sysctl setting net.ipv4.tcp_keepalive_time.

netIpv4TcpKeepaliveProbes

number

Sysctl setting net.ipv4.tcp_keepalive_probes.

netIpv4TcpkeepaliveIntvl

number

Sysctl setting net.ipv4.tcp_keepalive_intvl.

netIpv4TcpTwReuse

boolean

Sysctl setting net.ipv4.tcp_tw_reuse.

netIpv4IpLocalPortRange

string

Sysctl setting net.ipv4.ip_local_port_range.

netIpv4NeighDefaultGcThresh1

number

Sysctl setting net.ipv4.neigh.default.gc_thresh1.

netIpv4NeighDefaultGcThresh2

number

Sysctl setting net.ipv4.neigh.default.gc_thresh2.

netIpv4NeighDefaultGcThresh3

number

Sysctl setting net.ipv4.neigh.default.gc_thresh3.

netNetfilterNfConntrackMax

number

Sysctl setting net.netfilter.nf_conntrack_max.

netNetfilterNfConntrackBuckets

number

Sysctl setting net.netfilter.nf_conntrack_buckets.

fsInotifyMaxUserWatches

number

Sysctl setting fs.inotify.max_user_watches.

fsFileMax

number

Sysctl setting fs.file-max.

fsAioMaxNr

number

Sysctl setting fs.aio-max-nr.

fsNrOpen

number

Sysctl setting fs.nr_open.

kernelThreadsMax

number

Sysctl setting kernel.threads-max.

vmMaxMapCount

number

Sysctl setting vm.max_map_count.

vmSwappiness

number

Sysctl setting vm.swappiness.

vmVfsCachePressure

number

Sysctl setting vm.vfs_cache_pressure.

transparentHugePageEnabled

string

Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more information see Transparent Hugepages.

transparentHugePageDefrag

string

Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is 'madvise'. For more information see Transparent Hugepages.

swapFileSizeMB

number

The size in MB of a swap file that will be created on each node.

enableEncryptionAtHost

boolean

This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption

enableUltraSSD

boolean

Whether to enable UltraSSD

enableFips

boolean

See Add a FIPS-enabled node pool for more details.

gpuInstanceProfile

string

GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.

creationData

object

CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot.

sourceResourceId

string

This is the ARM ID of the source object to be used to create the target object.

hostGroupID

string

This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. For more information see Azure dedicated hosts.

name [required]

string

Windows agent pool names must be 6 characters or less.

linuxProfile

object

The profile for Linux VMs in the Managed Cluster.

adminUsername [required]

string

The administrator username to use for Linux VMs.

ssh [required]

object

The SSH configuration for Linux-based VMs running on Azure.

publicKeys [required]

[object]

The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.

keyData [required]

string

Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or without headers.

windowsProfile

object

The profile for Windows VMs in the Managed Cluster.

adminUsername [required]

string

Specifies the name of the administrator account.

Restriction: Cannot end in "."

Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5".

Minimum-length: 1 character

Max-length: 20 characters

adminPassword

string

Specifies the password of the administrator account.

Minimum-length: 8 characters

Max-length: 123 characters

Complexity requirements: 3 out of 4 conditions below need to be fulfilled
Has lower characters
Has upper characters
Has a digit
Has a special character (Regex match [\W_])

Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1", "Password22", "iloveyou!"

licenseType

string

The license type to use for Windows VMs. See Azure Hybrid User Benefits for more details.

enableCSIProxy

boolean

For more details on CSI proxy, see the CSI proxy GitHub repo.

gmsaProfile

object

The Windows gMSA Profile in the Managed Cluster.

enabled

boolean

Specifies whether to enable Windows gMSA in the managed cluster.

dnsServer

string

Specifies the DNS server for Windows gMSA.

Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster.

rootDomainName

string

Specifies the root domain name for Windows gMSA.

Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster.

servicePrincipalProfile

object

Information about a service principal identity for the cluster to use for manipulating Azure APIs.

clientId [required]

string

The ID for the service principal.

secret

string

The secret password associated with the service principal in plain text.

addonProfiles

object

The profile of managed cluster add-on.

podIdentityProfile

object

See use AAD pod identity for more details on AAD pod identity integration.

enabled

boolean

Whether the pod identity addon is enabled.

allowNetworkPluginKubenet

boolean

Running in Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. See using Kubenet network plugin with AAD Pod Identity for more information.

userAssignedIdentities

[object]

The pod identities to use in the cluster.

name [required]

string

The name of the pod identity.

namespace [required]

string

The namespace of the pod identity.

bindingSelector

string

The binding selector to use for the AzureIdentityBinding resource.

identity [required]

object

The user assigned identity details.

resourceId

string

The resource ID of the user assigned identity.

clientId

string

The client ID of the user assigned identity.

objectId

string

The object ID of the user assigned identity.

provisioningState

string

The current provisioning state of the pod identity. NOTE: This property will not be serialized. It can only be populated by the server.

provisioningInfo

object

NOTE: This property will not be serialized. It can only be populated by the server.

error

object

Pod identity assignment error (if any).

error

object

Details about the error.

code

string

An identifier for the error. Codes are invariant and are intended to be consumed programmatically.

message

string

A message describing the error, intended to be suitable for display in a user interface.

target

string

The target of the particular error. For example, the name of the property in error.

details

[object]

A list of additional details about the error.

code

string

An identifier for the error. Codes are invariant and are intended to be consumed programmatically.

message

string

A message describing the error, intended to be suitable for display in a user interface.

target

string

The target of the particular error. For example, the name of the property in error.

details

[object]

A list of additional details about the error.

code

string

An identifier for the error. Codes are invariant and are intended to be consumed programmatically.

message

string

A message describing the error, intended to be suitable for display in a user interface.

target

string

The target of the particular error. For example, the name of the property in error.

details

[object]

A list of additional details about the error.

code

string

An identifier for the error. Codes are invariant and are intended to be consumed programmatically.

message

string

A message describing the error, intended to be suitable for display in a user interface.

target

string

The target of the particular error. For example, the name of the property in error.

details

[object]

A list of additional details about the error.

code

string

An identifier for the error. Codes are invariant and are intended to be consumed programmatically.

message

string

A message describing the error, intended to be suitable for display in a user interface.

target

string

The target of the particular error. For example, the name of the property in error.

details

[object]

A list of additional details about the error.

code

string

An identifier for the error. Codes are invariant and are intended to be consumed programmatically.

message

string

A message describing the error, intended to be suitable for display in a user interface.

target

string

The target of the particular error. For example, the name of the property in error.

details

[object]

A list of additional details about the error.

userAssignedIdentityExceptions

[object]

The pod identity exceptions to allow.

name [required]

string

The name of the pod identity exception.

namespace [required]

string

The namespace of the pod identity exception.

podLabels [required]

object

The pod labels to match.

oidcIssuerProfile

object

The OIDC issuer profile of the Managed Cluster.

issuerURL

string

The OIDC issuer url of the Managed Cluster. NOTE: This property will not be serialized. It can only be populated by the server.

enabled

boolean

Whether the OIDC issuer is enabled.

nodeResourceGroup

string

The name of the resource group containing agent pool nodes.

enableRbac

boolean

Whether to enable Kubernetes Role-Based Access Control.

supportPlan

string

The support plan for the Managed Cluster. If unspecified, the default is 'KubernetesOfficial'.

enablePodSecurityPolicy

boolean

(DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.

networkProfile

object

The network configuration profile.

networkPlugin

string

Network plugin used for building the Kubernetes network.

networkPluginMode

string

The mode the network plugin should use.

networkPolicy

string

Network policy used for building the Kubernetes network.

networkMode

string

This cannot be specified if networkPlugin is anything other than 'azure'.

networkDataplane

string

Network dataplane used in the Kubernetes cluster.

podCidr

string

A CIDR notation IP range from which to assign pod IPs when kubenet is used.

serviceCidr

string

A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges.

dnsServiceIP

string

An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr.

outboundType

string

This can only be set at cluster creation time and cannot be changed later. For more information see egress outbound type.

loadBalancerSku

string

The default is 'standard'. See Azure Load Balancer SKUs for more information about the differences between load balancer SKUs.

loadBalancerProfile

object

Profile of the cluster load balancer.

managedOutboundIPs

object

Desired managed outbound IPs for the cluster load balancer.

count

number

The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 1.

countIPv6

number

The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack.

outboundIPPrefixes

object

Desired outbound IP Prefix resources for the cluster load balancer.

publicIPPrefixes

[object]

A list of public IP prefix resources.

id

string

The fully qualified Azure resource id.

outboundIPs

object

Desired outbound IP resources for the cluster load balancer.

publicIPs

[object]

A list of public IP resources.

id

string

The fully qualified Azure resource id.

effectiveOutboundIPs

[object]

The effective outbound IP resources of the cluster load balancer.

id

string

The fully qualified Azure resource id.

allocatedOutboundPorts

number

The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 (inclusive). The default value is 0 which results in Azure dynamically allocating ports.

idleTimeoutInMinutes

number

Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 30 minutes.

enableMultipleStandardLoadBalancers

boolean

Enable multiple standard load balancers per AKS cluster or not.

natGatewayProfile

object

Profile of the cluster NAT gateway.

managedOutboundIPProfile

object

Profile of the managed outbound IP resources of the cluster NAT gateway.

count

number

The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 (inclusive). The default value is 1.

effectiveOutboundIPs

[object]

The effective outbound IP resources of the cluster NAT gateway.

id

string

The fully qualified Azure resource id.

idleTimeoutInMinutes

number

Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 4 minutes.

podCidrs

[string]

One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking.

serviceCidrs

[string]

One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. They must not overlap with any Subnet IP ranges.

ipFamilies

[string]

IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value is IPv4. For dual-stack, the expected values are IPv4 and IPv6.

aadProfile

object

The Azure Active Directory configuration.

managed

boolean

Whether to enable managed AAD.

enableAzureRbac

boolean

Whether to enable Azure RBAC for Kubernetes authorization.

adminGroupObjectIDs

[string]

The list of AAD group object IDs that will have admin role of the cluster.

clientAppID

string

(DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.

serverAppID

string

(DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.

serverAppSecret

string

(DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.

tenantID

string

The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment subscription.

autoUpgradeProfile

object

The auto upgrade configuration.

upgradeChannel

string

For more information see setting the AKS cluster auto-upgrade channel.

nodeOSUpgradeChannel

string

Manner in which the OS on your nodes is updated. The default is NodeImage.

upgradeSettings

object

Settings for upgrading a cluster.

overrideSettings

object

Settings for overrides.

forceUpgrade

boolean

Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade protections such as checking for deprecated API usage. Enable this option only with caution.

until

date-time

Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the effectiveness won't change once an upgrade starts even if the until expires as upgrade proceeds. This field is not set by default. It must be set for the overrides to take effect.

autoScalerProfile

object

Parameters to be applied to the cluster-autoscaler when enabled

balanceSimilarNodeGroups

string

Valid values are 'true' and 'false'

expander

string

If not specified, the default is 'random'. See expanders for more information.

maxEmptyBulkDelete

string

The default is 10.

maxGracefulTerminationSec

string

The default is 600.

maxNodeProvisionTime

string

The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.

maxTotalUnreadyPercentage

string

The default is 45. The maximum is 100 and the minimum is 0.

newPodScaleUpDelay

string

For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc).

okTotalUnreadyCount

string

This must be an integer. The default is 3.

scanInterval

string

The default is '10'. Values must be an integer number of seconds.

scaleDownDelayAfterAdd

string

The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.

scaleDownDelayAfterDelete

string

The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.

scaleDownDelayAfterFailure

string

The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.

scaleDownUnneededTime

string

The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.

scaleDownUnreadyTime

string

The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.

scaleDownUtilizationThreshold

string

The default is '0.5'.

skipNodesWithLocalStorage

string

The default is true.

skipNodesWithSystemPods

string

The default is true.

apiServerAccessProfile

object

The access profile for managed cluster API server.

authorizedIPRanges

[string]

IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see API server authorized IP ranges.

enablePrivateCluster

boolean

For more details, see Creating a private AKS cluster.

privateDNSZone

string

The default is System. For more details see configure private DNS zone. Allowed values are 'system' and 'none'.

enablePrivateClusterPublicFqdn

boolean

Whether to create additional public FQDN for private cluster or not.

disableRunCommand

boolean

Whether to disable run command for the cluster or not.

diskEncryptionSetID

string

This is of the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}'

identityProfile

object

Identities associated with the cluster.

privateLinkResources

[object]

Private link resources associated with the cluster.

id

string

The ID of the private link resource.

name

string

The name of the private link resource.

type

string

The resource type.

groupId

string

The group ID of the resource.

requiredMembers

[string]

The RequiredMembers of the resource

privateLinkServiceID

string

The private link service ID of the resource, this field is exposed only to NRP internally. NOTE: This property will not be serialized. It can only be populated by the server.

disableLocalAccounts

boolean

If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. For more details see disable local accounts.

httpProxyConfig

object

Configurations for provisioning the cluster with HTTP proxy servers.

httpProxy

string

The HTTP proxy server endpoint to use.

httpsProxy

string

The HTTPS proxy server endpoint to use.

noProxy

[string]

The endpoints that should not go through proxy.

trustedCa

string

Alternative CA cert to use for connecting to proxy servers.

securityProfile

object

Security profile for the managed cluster.

defender

object

Microsoft Defender settings for the security profile.

logAnalyticsWorkspaceResourceId

string

Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft Defender is disabled, leave the field empty.

securityMonitoring

object

Microsoft Defender threat detection for Cloud settings for the security profile.

enabled

boolean

Whether to enable Defender threat detection

azureKeyVaultKms

object

Azure Key Vault key management service settings for the security profile.

enabled

boolean

Whether to enable Azure Key Vault key management service. The default is false.

keyId

string

Identifier of Azure Key Vault key. See key identifier format for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key identifier. When Azure Key Vault key management service is disabled, leave the field empty.

keyVaultNetworkAccess

string

Network access of key vault. The possible values are Public and Private. Public means the key vault allows public access from all networks. Private means the key vault disables public access and enables private link. The default value is Public.

keyVaultResourceId

string

Resource ID of key vault. When keyVaultNetworkAccess is Private, this field is required and must be a valid resource ID. When keyVaultNetworkAccess is Public, leave the field empty.

workloadIdentity

object

Workload identity settings for the security profile. Workload identity enables Kubernetes applications to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details.

enabled

boolean

Whether to enable workload identity.

imageCleaner

object

Image Cleaner settings for the security profile.

enabled

boolean

Whether to enable Image Cleaner on AKS cluster.

intervalHours

number

Image Cleaner scanning interval in hours.

storageProfile

object

Storage profile for the managed cluster.

diskCSIDriver

object

AzureDisk CSI Driver settings for the storage profile.

enabled

boolean

Whether to enable AzureDisk CSI Driver. The default value is true.

fileCSIDriver

object

AzureFile CSI Driver settings for the storage profile.

enabled

boolean

Whether to enable AzureFile CSI Driver. The default value is true.

snapshotController

object

Snapshot Controller settings for the storage profile.

enabled

boolean

Whether to enable Snapshot Controller. The default value is true.

blobCSIDriver

object

AzureBlob CSI Driver settings for the storage profile.

enabled

boolean

Whether to enable AzureBlob CSI Driver. The default value is false.

publicNetworkAccess

string

Allow or deny public network access for AKS

workloadAutoScalerProfile

object

Workload Auto-scaler profile for the managed cluster.

keda

object

KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.

enabled [required]

boolean

Whether to enable KEDA.

verticalPodAutoscaler

object

VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.

enabled [required]

boolean

Whether to enable VPA. Default value is false.

azureMonitorProfile

object

Azure Monitor addon profiles for monitoring the managed cluster.

metrics

object

Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus for an overview.

enabled [required]

boolean

Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling.

kubeStateMetrics

object

Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for details.

metricLabelsAllowlist

string

Comma-separated list of additional Kubernetes label keys that will be used in the resource's labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only resource name and namespace labels.

metricAnnotationsAllowList

string

Comma-separated list of Kubernetes annotation keys that will be used in the resource's labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric contains only resource name and namespace labels.

serviceMeshProfile

object

Service mesh profile for a managed cluster.

mode [required]

string

Mode of the service mesh.

istio

object

Istio service mesh configuration.

components

object

Istio components configuration.

ingressGateways

[object]

Istio ingress gateways.

mode [required]

string

Mode of an ingress gateway.

enabled [required]

boolean

Whether to enable the ingress gateway.

egressGateways

[object]

Istio egress gateways.

enabled [required]

boolean

Whether to enable the egress gateway.

nodeSelector

object

NodeSelector for scheduling the egress gateway.

certificateAuthority

object

Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described here https://aka.ms/asm-plugin-ca

plugin

object

Plugin certificates information for Service Mesh.

keyVaultId

string

The resource ID of the Key Vault.

certObjectName

string

Intermediate certificate object name in Azure Key Vault.

keyObjectName

string

Intermediate certificate private key object name in Azure Key Vault.

rootCertObjectName

string

Root certificate object name in Azure Key Vault.

certChainObjectName

string

Certificate chain object name in Azure Key Vault.

revisions

[string]

The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: https://learn.microsoft.com/en-us/azure/aks/istio-upgrade

resourceUID

string

The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create sequence) NOTE: This property will not be serialized. It can only be populated by the server.