Adding OS Guard templates

quickstarts/microsoft.kubernetes/aks-azure-linux-os-guard/azuredeploy.json

@@ -0,0 +1,89 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+    "contentVersion": "1.0.0.1",
+    "parameters": {
+        "clusterName": {
+            "defaultValue": "osguardakscluster",
+            "type": "String",
+            "metadata": {
+                "description": "The name of the Managed Cluster resource."
+            }
+        },
+        "location": {
+            "defaultValue": "[resourceGroup().location]",
+            "type": "String",
+            "metadata": {
+                "description": "The location of the Managed Cluster resource."
+            }
+        },
+        "dnsPrefix": {
+            "type": "String",
+            "metadata": {
+                "description": "Optional DNS prefix to use with hosted Kubernetes API server FQDN."
+            }
+        },
+        "agentCount": {
+            "defaultValue": 3,
+            "minValue": 1,
+            "maxValue": 50,
+            "type": "Int",
+            "metadata": {
+                "description": "The number of nodes for the cluster."
+            }
+        },
+        "agentVMSize": {
+            "defaultValue": "Standard_DS2_v2",
+            "type": "String",
+            "metadata": {
+                "description": "The size of the Virtual Machine."
+            }
+        },
+        "osSKU": {
+            "defaultValue": "AzureLinuxOSGuard",
+            "allowedValues": [
+                "AzureLinuxOSGuard",
+                "AzureLinux3OSGuard"
+            ],
+            "type": "String",
+            "metadata": {
+                "description": "The Linux SKU to use."
+            }
+        }
+    },
+    "resources": [
+        {
+            "type": "Microsoft.ContainerService/managedClusters",
+            "apiVersion": "2025-05-01",
+            "name": "[parameters('clusterName')]",
+            "location": "[parameters('location')]",
+            "identity": {
+                "type": "SystemAssigned"
+            },
+            "properties": {
+                "dnsPrefix": "[parameters('dnsPrefix')]",
+                "agentPoolProfiles": [
+                    {
+                        "name": "agentpool",
+                        "mode": "System",
+                        "count": "[parameters('agentCount')]",
+                        "vmSize": "[parameters('agentVMSize')]",
+                        "osType": "Linux",
+                        "osSKU": "[parameters('osSKU')]",
+                        "osDiskType": "Managed",
+                        "enableFIPS": true,
+                        "securityProfile": {
+                            "enableSecureBoot": true,
+                            "enableVTPM": true
+                        },
+                    }
+                ]
+            }
+        }
+    ],
+    "outputs": {
+        "controlPlaneFQDN": {
+            "type": "String",
+            "value": "[reference(parameters('clusterName')).fqdn]"
+        }
+    }
+}

quickstarts/microsoft.kubernetes/aks-azure-linux-os-guard/azuredeploy.parameters.json

@@ -0,0 +1,12 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+      "clusterName": {
+        "value": "GEN-UNIQUE"
+      },
+      "dnsPrefix": {
+        "value": "GEN-UNIQUE"
+      }
+    }
+  }

quickstarts/microsoft.kubernetes/aks-azure-linux-os-guard/main.bicep

@@ -0,0 +1,56 @@
+@description('The name of the Managed Cluster resource.')
+param clusterName string = 'aks101cluster'
+
+@description('The location of the Managed Cluster resource.')
+param location string = resourceGroup().location
+
+@description('Optional DNS prefix to use with hosted Kubernetes API server FQDN.')
+param dnsPrefix string
+
+@description('Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 will apply the default disk size for that agentVMSize.')
+@minValue(0)
+@maxValue(1023)
+param osDiskSizeGB int = 0
+
+@description('The number of nodes for the cluster.')
+@minValue(1)
+@maxValue(50)
+param agentCount int = 3
+
+@description('The size of the Virtual Machine.')
+param agentVMSize string = 'standard_d2s_v3'
+
+@description('User name for the Linux Virtual Machines.')
+param linuxAdminUsername string
+
+@description('Configure all linux machines with the SSH RSA public key string. Your key should include three parts, for example \'ssh-rsa AAAAB...snip...UcyupgH azureuser@linuxvm\'')
+param sshRSAPublicKey string
+
+resource aks 'Microsoft.ContainerService/managedClusters@2022-05-02-preview' = {
+  name: clusterName
+  location: location
+  identity: {
+    type: 'SystemAssigned'
+  }
+  properties: {
+    dnsPrefix: dnsPrefix
+    agentPoolProfiles: [
+      {
+        name: 'agentpool'
+        count: agentCount
+        vmSize: agentVMSize
+        osType: 'Linux'
+        mode: 'System'
+        osSKU: 'AzureLinuxOSGuard'
+        osDiskType: 'Managed'
+        enableFIPS: true
+        securityProfile: {
+          enableSecureBoot: true
+          enableVTPM: true
+          }
+      }
+    ]
+  }
+}
+
+output controlPlaneFQDN string = aks.properties.fqdn

quickstarts/microsoft.kubernetes/aks-azure-linux-os-guard/metadata.json

@@ -0,0 +1,10 @@
+{
+    "$schema": "https://aka.ms/azure-quickstart-templates-metadata-schema#",
+    "type": "QuickStart",
+    "itemDisplayName": "Azure Kubernetes Service (AKS)",
+    "description": "Deploy a managed cluster with Azure Kubernetes Service (AKS) using Azure Linux with OS Guard",
+    "summary": "Deploy a managed cluster with Azure Kubernetes Service (AKS) using Azure Linux with OS Guard",
+    "githubUsername": "flora-taagen",
+    "docOwner": "mlearned",
+    "dateUpdated": "2025-09-24"
+  }