Loading source
Pulling the file list, source metadata, and syntax-aware rendering for this listing.
Source from repo
Prepare Azure environments for new workloads—subscriptions, networking, identity, and landing zones
Files
Skill
Size
Entrypoint
Format
Open file
Syntax-highlighted preview of this file as included in the skill package.
references/services/aks/bicep.md
1# AKS - Bicep Patterns2## Cluster Resource4```bicep6resource aks 'Microsoft.ContainerService/managedClusters@2023-07-01' = {7name: '${resourcePrefix}-aks-${uniqueHash}'8location: location9identity: {10type: 'SystemAssigned'11}12properties: {13dnsPrefix: '${resourcePrefix}-aks'14kubernetesVersion: '1.28'15agentPoolProfiles: [16{17name: 'default'18count: 319vmSize: 'Standard_DS2_v2'20mode: 'System'21osType: 'Linux'22enableAutoScaling: true23minCount: 124maxCount: 525}26]27networkProfile: {28networkPlugin: 'azure'29serviceCidr: '10.0.0.0/16'30dnsServiceIP: '10.0.0.10'31}32}33}34```35## ACR Pull Role Assignment37```bicep39resource acrPullRole 'Microsoft.Authorization/roleAssignments@2022-04-01' = {40name: guid(aks.id, containerRegistry.id, 'acrpull')41scope: containerRegistry42properties: {43roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f951dda-4ed3-4680-a7ca-43fe172d538d')44principalId: aks.properties.identityProfile.kubeletidentity.objectId45principalType: 'ServicePrincipal'46}47}48```49## Node Pool Configuration51### System Pool (Required)53```bicep55{56name: 'system'57count: 358vmSize: 'Standard_DS2_v2'59mode: 'System'60osType: 'Linux'61}62```63### User Pool (Workloads)65```bicep67{68name: 'workload'69count: 270vmSize: 'Standard_DS4_v2'71mode: 'User'72osType: 'Linux'73enableAutoScaling: true74minCount: 175maxCount: 1076}77```78## Workload Identity80```bicep82properties: {83oidcIssuerProfile: {84enabled: true85}86securityProfile: {87workloadIdentity: {88enabled: true89}90}91}92```93