{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://schema.api.gov/microsoft-azure/managed-cluster", "title": "Azure Kubernetes Service Managed Cluster", "description": "An AKS managed cluster represents a Kubernetes cluster in Azure Kubernetes Service. It defines the cluster configuration including Kubernetes version, node pools, networking, identity, and add-on profiles. AKS manages the Kubernetes control plane while customers manage the worker nodes.", "type": "object", "properties": { "id": { "type": "string", "description": "Resource ID.", "readOnly": true }, "name": { "type": "string", "description": "The name of the managed cluster resource.", "readOnly": true, "minLength": 1, "maxLength": 63, "pattern": "^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$" }, "type": { "type": "string", "description": "Resource type.", "readOnly": true, "const": "Microsoft.ContainerService/managedClusters" }, "location": { "type": "string", "description": "The geo-location where the resource lives." }, "tags": { "type": "object", "description": "Resource tags.", "additionalProperties": { "type": "string" } }, "sku": { "type": "object", "description": "The managed cluster SKU.", "properties": { "name": { "type": "string", "description": "The name of the managed cluster SKU.", "enum": [ "Base" ] }, "tier": { "type": "string", "description": "The pricing tier. Free provides no SLA, Standard provides 99.95% uptime SLA, Premium provides 99.99%.", "enum": [ "Premium", "Standard", "Free" ] } } }, "identity": { "type": "object", "description": "The identity of the managed cluster.", "properties": { "principalId": { "type": "string", "readOnly": true }, "tenantId": { "type": "string", "readOnly": true }, "type": { "type": "string", "enum": [ "SystemAssigned", "UserAssigned", "None" ] } } }, "properties": { "type": "object", "description": "Properties of a managed cluster.", "properties": { "provisioningState": { "type": "string", "description": "The current provisioning state.", "readOnly": true }, "powerState": { "type": "object", "description": "The power state of the cluster.", "readOnly": true, "properties": { "code": { "type": "string", "enum": [ "Running", "Stopped" ] } } }, "kubernetesVersion": { "type": "string", "description": "The version of Kubernetes to deploy. When not specified, the default version is used.", "examples": [ "1.29.2", "1.28.5", "1.27.9" ] }, "currentKubernetesVersion": { "type": "string", "description": "The version of Kubernetes the managed cluster is running.", "readOnly": true }, "dnsPrefix": { "type": "string", "description": "The DNS prefix specified when creating the managed cluster." }, "fqdn": { "type": "string", "description": "The FQDN of the master pool.", "readOnly": true }, "agentPoolProfiles": { "type": "array", "description": "The agent pool profiles for the managed cluster.", "items": { "$ref": "#/$defs/AgentPoolProfile" } }, "networkProfile": { "$ref": "#/$defs/NetworkProfile" }, "aadProfile": { "$ref": "#/$defs/AADProfile" }, "enableRBAC": { "type": "boolean", "description": "Whether to enable Kubernetes Role-Based Access Control." }, "nodeResourceGroup": { "type": "string", "description": "The name of the resource group containing agent pool nodes." }, "apiServerAccessProfile": { "type": "object", "description": "Access profile for managed cluster API server.", "properties": { "authorizedIPRanges": { "type": "array", "items": { "type": "string" }, "description": "IP ranges authorized to access the Kubernetes API server." }, "enablePrivateCluster": { "type": "boolean", "description": "Whether to create the cluster as a private cluster." } } } } } }, "required": [ "location" ], "$defs": { "AgentPoolProfile": { "type": "object", "description": "Profile for the container service agent pool.", "properties": { "name": { "type": "string", "description": "Unique name of the agent pool profile.", "pattern": "^[a-z][a-z0-9]{0,11}$", "maxLength": 12 }, "count": { "type": "integer", "description": "Number of agents (VMs) to host docker containers.", "minimum": 0, "maximum": 1000 }, "vmSize": { "type": "string", "description": "The size of the agent VMs.", "examples": [ "Standard_DS2_v2", "Standard_D4s_v3", "Standard_D8s_v3" ] }, "osType": { "type": "string", "enum": [ "Linux", "Windows" ], "default": "Linux" }, "osSKU": { "type": "string", "enum": [ "Ubuntu", "AzureLinux", "CBLMariner", "Windows2019", "Windows2022" ] }, "mode": { "type": "string", "enum": [ "System", "User" ], "description": "The mode of an agent pool. System pools serve control plane components, User pools serve workloads." }, "maxPods": { "type": "integer", "description": "The maximum number of pods that can run on a node." }, "enableAutoScaling": { "type": "boolean", "description": "Whether to enable auto-scaler." }, "minCount": { "type": "integer", "description": "The minimum number of nodes for auto-scaling." }, "maxCount": { "type": "integer", "description": "The maximum number of nodes for auto-scaling." }, "availabilityZones": { "type": "array", "items": { "type": "string" }, "description": "The list of availability zones to use for nodes." }, "nodeLabels": { "type": "object", "additionalProperties": { "type": "string" }, "description": "The node labels to persist across all nodes." }, "nodeTaints": { "type": "array", "items": { "type": "string" }, "description": "The taints added to new nodes." } }, "required": [ "name" ] }, "NetworkProfile": { "type": "object", "description": "Profile of network configuration.", "properties": { "networkPlugin": { "type": "string", "enum": [ "azure", "kubenet", "none" ], "default": "kubenet", "description": "Network plugin used for building the Kubernetes network." }, "networkPolicy": { "type": "string", "enum": [ "calico", "azure", "cilium" ], "description": "Network policy used for building the Kubernetes network." }, "podCidr": { "type": "string", "default": "10.244.0.0/16", "description": "A CIDR notation IP range from which to assign pod IPs." }, "serviceCidr": { "type": "string", "default": "10.0.0.0/16", "description": "A CIDR notation IP range from which to assign service cluster IPs." }, "dnsServiceIP": { "type": "string", "default": "10.0.0.10", "description": "An IP address assigned to the Kubernetes DNS service." }, "loadBalancerSku": { "type": "string", "enum": [ "standard", "basic" ], "default": "standard" }, "outboundType": { "type": "string", "enum": [ "loadBalancer", "userDefinedRouting", "managedNATGateway", "userAssignedNATGateway" ], "default": "loadBalancer" } } }, "AADProfile": { "type": "object", "description": "Azure Active Directory profile for the managed cluster.", "properties": { "managed": { "type": "boolean", "description": "Whether to enable managed AAD." }, "enableAzureRBAC": { "type": "boolean", "description": "Whether to enable Azure RBAC for Kubernetes authorization." }, "adminGroupObjectIDs": { "type": "array", "items": { "type": "string" }, "description": "The list of AAD group object IDs that will have admin role of the cluster." }, "tenantID": { "type": "string", "format": "uuid", "description": "The AAD tenant ID to use for authentication." } } } } }