diff --git a/quickstarts/microsoft.kubernetes/aks-azure-linux-os-guard/azuredeploy.json b/quickstarts/microsoft.kubernetes/aks-azure-linux-os-guard/azuredeploy.json new file mode 100644 index 000000000000..08306ecd3d53 --- /dev/null +++ b/quickstarts/microsoft.kubernetes/aks-azure-linux-os-guard/azuredeploy.json @@ -0,0 +1,89 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.1", + "parameters": { + "clusterName": { + "defaultValue": "osguardakscluster", + "type": "String", + "metadata": { + "description": "The name of the Managed Cluster resource." + } + }, + "location": { + "defaultValue": "[resourceGroup().location]", + "type": "String", + "metadata": { + "description": "The location of the Managed Cluster resource." + } + }, + "dnsPrefix": { + "type": "String", + "metadata": { + "description": "Optional DNS prefix to use with hosted Kubernetes API server FQDN." + } + }, + "agentCount": { + "defaultValue": 3, + "minValue": 1, + "maxValue": 50, + "type": "Int", + "metadata": { + "description": "The number of nodes for the cluster." + } + }, + "agentVMSize": { + "defaultValue": "Standard_DS2_v2", + "type": "String", + "metadata": { + "description": "The size of the Virtual Machine." + } + }, + "osSKU": { + "defaultValue": "AzureLinuxOSGuard", + "allowedValues": [ + "AzureLinuxOSGuard", + "AzureLinux3OSGuard" + ], + "type": "String", + "metadata": { + "description": "The Linux SKU to use." + } + } + }, + "resources": [ + { + "type": "Microsoft.ContainerService/managedClusters", + "apiVersion": "2025-05-01", + "name": "[parameters('clusterName')]", + "location": "[parameters('location')]", + "identity": { + "type": "SystemAssigned" + }, + "properties": { + "dnsPrefix": "[parameters('dnsPrefix')]", + "agentPoolProfiles": [ + { + "name": "agentpool", + "mode": "System", + "count": "[parameters('agentCount')]", + "vmSize": "[parameters('agentVMSize')]", + "osType": "Linux", + "osSKU": "[parameters('osSKU')]", + "osDiskType": "Managed", + "enableFIPS": true, + "securityProfile": { + "enableSecureBoot": true, + "enableVTPM": true + }, + } + ] + } + } + ], + "outputs": { + "controlPlaneFQDN": { + "type": "String", + "value": "[reference(parameters('clusterName')).fqdn]" + } + } +} diff --git a/quickstarts/microsoft.kubernetes/aks-azure-linux-os-guard/azuredeploy.parameters.json b/quickstarts/microsoft.kubernetes/aks-azure-linux-os-guard/azuredeploy.parameters.json new file mode 100644 index 000000000000..191a14a5ce25 --- /dev/null +++ b/quickstarts/microsoft.kubernetes/aks-azure-linux-os-guard/azuredeploy.parameters.json @@ -0,0 +1,12 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "clusterName": { + "value": "GEN-UNIQUE" + }, + "dnsPrefix": { + "value": "GEN-UNIQUE" + } + } + } diff --git a/quickstarts/microsoft.kubernetes/aks-azure-linux-os-guard/main.bicep b/quickstarts/microsoft.kubernetes/aks-azure-linux-os-guard/main.bicep new file mode 100644 index 000000000000..aee7bf7f6134 --- /dev/null +++ b/quickstarts/microsoft.kubernetes/aks-azure-linux-os-guard/main.bicep @@ -0,0 +1,56 @@ +@description('The name of the Managed Cluster resource.') +param clusterName string = 'aks101cluster' + +@description('The location of the Managed Cluster resource.') +param location string = resourceGroup().location + +@description('Optional DNS prefix to use with hosted Kubernetes API server FQDN.') +param dnsPrefix string + +@description('Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 will apply the default disk size for that agentVMSize.') +@minValue(0) +@maxValue(1023) +param osDiskSizeGB int = 0 + +@description('The number of nodes for the cluster.') +@minValue(1) +@maxValue(50) +param agentCount int = 3 + +@description('The size of the Virtual Machine.') +param agentVMSize string = 'standard_d2s_v3' + +@description('User name for the Linux Virtual Machines.') +param linuxAdminUsername string + +@description('Configure all linux machines with the SSH RSA public key string. Your key should include three parts, for example \'ssh-rsa AAAAB...snip...UcyupgH azureuser@linuxvm\'') +param sshRSAPublicKey string + +resource aks 'Microsoft.ContainerService/managedClusters@2022-05-02-preview' = { + name: clusterName + location: location + identity: { + type: 'SystemAssigned' + } + properties: { + dnsPrefix: dnsPrefix + agentPoolProfiles: [ + { + name: 'agentpool' + count: agentCount + vmSize: agentVMSize + osType: 'Linux' + mode: 'System' + osSKU: 'AzureLinuxOSGuard' + osDiskType: 'Managed' + enableFIPS: true + securityProfile: { + enableSecureBoot: true + enableVTPM: true + } + } + ] + } +} + +output controlPlaneFQDN string = aks.properties.fqdn diff --git a/quickstarts/microsoft.kubernetes/aks-azure-linux-os-guard/metadata.json b/quickstarts/microsoft.kubernetes/aks-azure-linux-os-guard/metadata.json new file mode 100644 index 000000000000..ca7f56bf01de --- /dev/null +++ b/quickstarts/microsoft.kubernetes/aks-azure-linux-os-guard/metadata.json @@ -0,0 +1,10 @@ +{ + "$schema": "https://aka.ms/azure-quickstart-templates-metadata-schema#", + "type": "QuickStart", + "itemDisplayName": "Azure Kubernetes Service (AKS)", + "description": "Deploy a managed cluster with Azure Kubernetes Service (AKS) using Azure Linux with OS Guard", + "summary": "Deploy a managed cluster with Azure Kubernetes Service (AKS) using Azure Linux with OS Guard", + "githubUsername": "flora-taagen", + "docOwner": "mlearned", + "dateUpdated": "2025-09-24" + }