@azure/arm-containerservice 25.3.0 → 25.4.0-beta.1

package/dist/commonjs/models/models.d.ts

@@ -53,8 +53,14 @@ export interface AgentPool extends ProxyResource {
      * Only values from `recentlyUsedVersions` are allowed.
      */
     nodeImageVersion?: string;
+    /** Defines the upgrade strategy for the agent pool. The default is Rolling. */
+    upgradeStrategy?: UpgradeStrategy;
+    /** Whether to enable the full-cache ephemeral OS disk feature. When this feature is enabled, the entire operating system will be locally cached on the ephemeral OS disk, preventing E17 events caused by network failures. */
+    enableOSDiskFullCaching?: boolean;
     /** Settings for upgrading the agentpool */
     upgradeSettings?: AgentPoolUpgradeSettings;
+    /** Settings for Blue-Green upgrade on the agentpool. Applies when upgrade strategy is set to BlueGreen. */
+    upgradeSettingsBlueGreen?: AgentPoolBlueGreenUpgradeSettings;
     /** The current deployment or provisioning state. */
     readonly provisioningState?: string;
     /** Whether the Agent Pool is running or stopped. When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded */
@@ -77,6 +83,8 @@ export interface AgentPool extends ProxyResource {
     nodeLabels?: Record<string, string>;
     /** The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. */
     nodeTaints?: string[];
+    /** Taints added on the nodes during creation that will not be reconciled by AKS. These taints will not be reconciled by AKS and can be removed with a kubectl call. This field can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint nodes node1 key1=value1:NoSchedule-` */
+    nodeInitializationTaints?: string[];
     /** The ID for Proximity Placement Group. */
     proximityPlacementGroupID?: string;
     /** The Kubelet configuration on the agent pool nodes. */
@@ -117,6 +125,8 @@ export interface AgentPool extends ProxyResource {
     status?: AgentPoolStatus;
     /** Configures the per-node local DNS, with VnetDNS and KubeDNS overrides. LocalDNS helps improve performance and reliability of DNS resolution in an AKS cluster. For more details see aka.ms/aks/localdns. */
     localDNSProfile?: LocalDNSProfile;
+    /** Settings to determine the prepared image specification used to provision nodes in a pool. */
+    preparedImageSpecificationProfile?: PreparedImageSpecificationProfile;
 }
 export declare function agentPoolSerializer(item: AgentPool): any;
 export declare function agentPoolDeserializer(item: any): AgentPool;
@@ -171,8 +181,14 @@ export interface ManagedClusterAgentPoolProfileProperties {
      * Only values from `recentlyUsedVersions` are allowed.
      */
     nodeImageVersion?: string;
+    /** Defines the upgrade strategy for the agent pool. The default is Rolling. */
+    upgradeStrategy?: UpgradeStrategy;
+    /** Whether to enable the full-cache ephemeral OS disk feature. When this feature is enabled, the entire operating system will be locally cached on the ephemeral OS disk, preventing E17 events caused by network failures. */
+    enableOSDiskFullCaching?: boolean;
     /** Settings for upgrading the agentpool */
     upgradeSettings?: AgentPoolUpgradeSettings;
+    /** Settings for Blue-Green upgrade on the agentpool. Applies when upgrade strategy is set to BlueGreen. */
+    upgradeSettingsBlueGreen?: AgentPoolBlueGreenUpgradeSettings;
     /** The current deployment or provisioning state. */
     readonly provisioningState?: string;
     /** Whether the Agent Pool is running or stopped. When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded */
@@ -195,6 +211,8 @@ export interface ManagedClusterAgentPoolProfileProperties {
     nodeLabels?: Record<string, string>;
     /** The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. */
     nodeTaints?: string[];
+    /** Taints added on the nodes during creation that will not be reconciled by AKS. These taints will not be reconciled by AKS and can be removed with a kubectl call. This field can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint nodes node1 key1=value1:NoSchedule-` */
+    nodeInitializationTaints?: string[];
     /** The ID for Proximity Placement Group. */
     proximityPlacementGroupID?: string;
     /** The Kubelet configuration on the agent pool nodes. */
@@ -235,6 +253,8 @@ export interface ManagedClusterAgentPoolProfileProperties {
     status?: AgentPoolStatus;
     /** Configures the per-node local DNS, with VnetDNS and KubeDNS overrides. LocalDNS helps improve performance and reliability of DNS resolution in an AKS cluster. For more details see aka.ms/aks/localdns. */
     localDNSProfile?: LocalDNSProfile;
+    /** Settings to determine the prepared image specification used to provision nodes in a pool. */
+    preparedImageSpecificationProfile?: PreparedImageSpecificationProfile;
 }
 export declare function managedClusterAgentPoolProfilePropertiesSerializer(item: ManagedClusterAgentPoolProfileProperties): any;
 export declare function managedClusterAgentPoolProfilePropertiesDeserializer(item: any): ManagedClusterAgentPoolProfileProperties;
@@ -276,6 +296,8 @@ export declare enum KnownWorkloadRuntime {
     OCIContainer = "OCIContainer",
     /** Nodes will use Krustlet to run WASM workloads using the WASI provider (Preview). */
     WasmWasi = "WasmWasi",
+    /** Nodes can use (Kata + Cloud Hypervisor + Hyper-V) to enable Nested VM-based pods (Preview). Due to the use Hyper-V, AKS node OS itself is a nested VM (the root OS) of Hyper-V. Thus it can only be used with VM series that support Nested Virtualization such as Dv3 series. This naming convention will be deprecated in future releases in favor of KataVmIsolation. */
+    KataMshvVmIsolation = "KataMshvVmIsolation",
     /** Nodes can use (Kata + Cloud Hypervisor + Hyper-V) to enable Nested VM-based pods. Due to the use Hyper-V, AKS node OS itself is a nested VM (the root OS) of Hyper-V. Thus it can only be used with VM series that support Nested Virtualization such as Dv3 series. */
     KataVmIsolation = "KataVmIsolation"
 }
@@ -286,6 +308,7 @@ export declare enum KnownWorkloadRuntime {
  * ### Known values supported by the service
  * **OCIContainer**: Nodes will use Kubelet to run standard OCI container workloads. \
  * **WasmWasi**: Nodes will use Krustlet to run WASM workloads using the WASI provider (Preview). \
+ * **KataMshvVmIsolation**: Nodes can use (Kata + Cloud Hypervisor + Hyper-V) to enable Nested VM-based pods (Preview). Due to the use Hyper-V, AKS node OS itself is a nested VM (the root OS) of Hyper-V. Thus it can only be used with VM series that support Nested Virtualization such as Dv3 series. This naming convention will be deprecated in future releases in favor of KataVmIsolation. \
  * **KataVmIsolation**: Nodes can use (Kata + Cloud Hypervisor + Hyper-V) to enable Nested VM-based pods. Due to the use Hyper-V, AKS node OS itself is a nested VM (the root OS) of Hyper-V. Thus it can only be used with VM series that support Nested Virtualization such as Dv3 series.
  */
 export type WorkloadRuntime = string;
@@ -330,6 +353,10 @@ export declare enum KnownOssku {
     /** Use AzureLinux3 as the OS for node images. Azure Linux is a container-optimized Linux distro built by Microsoft, visit https://aka.ms/azurelinux for more information. For limitations, visit https://aka.ms/aks/node-images. For OS migration guidance, see https://aka.ms/aks/upgrade-os-version. */
     AzureLinux3 = "AzureLinux3",
     /** Deprecated OSSKU. Microsoft recommends that new deployments choose 'AzureLinux' instead. */
+    Mariner = "Mariner",
+    /** Use Flatcar Container Linux as the OS for node images. Flatcar is a container-optimized, security-focused Linux OS, with an immutable filesystem and part of the Cloud Native Computing Foundation (CNCF). For more information about Flatcar Container Linux for AKS, see aka.ms/aks/flatcar-container-linux-for-aks */
+    Flatcar = "Flatcar",
+    /** Deprecated OSSKU. Microsoft recommends that new deployments choose 'AzureLinux' instead. */
     CBLMariner = "CBLMariner",
     /** Use Windows2019 as the OS for node images. Unsupported for system node pools. Windows2019 only supports Windows2019 containers; it cannot run Windows2022 containers and vice versa. */
     Windows2019 = "Windows2019",
@@ -339,6 +366,8 @@ export declare enum KnownOssku {
     Ubuntu2204 = "Ubuntu2204",
     /** Use Windows2025 as the OS for node images. Unsupported for system node pools. Windows2025 supports Windows2022 and Windows 2025 containers; it cannot run Windows2019 containers and vice versa. */
     Windows2025 = "Windows2025",
+    /** Use Windows Annual Channel version as the OS for node images. Unsupported for system node pools. Details about supported container images and kubernetes versions under different AKS Annual Channel versions could be seen in https://aka.ms/aks/windows-annual-channel-details. */
+    WindowsAnnual = "WindowsAnnual",
     /** Use Ubuntu2404 as the OS for node images, however, Ubuntu 24.04 may not be supported for all nodepools. For limitations and supported kubernetes versions, see see https://aka.ms/aks/supported-ubuntu-versions */
     Ubuntu2404 = "Ubuntu2404",
     /** Use Azure Container Linux as the OS for node images. Azure Container Linux is a container-optimized, security-focused Linux OS built on Azure Linux, with an immutable filesystem. ACL is derived from the Flatcar Container Linux project, building on Flatcar's proven container-first, immutable design, while adding Azure Linux packages, servicing, and deep integration with the Azure and AKS lifecycle. For more information, see https://aka.ms/azurecontainerlinux */
@@ -352,11 +381,14 @@ export declare enum KnownOssku {
  * **Ubuntu**: Use Ubuntu as the OS for node images. \
  * **AzureLinux**: Use AzureLinux as the OS for node images. Azure Linux is a container-optimized Linux distro built by Microsoft, visit https:\//aka.ms\/azurelinux for more information. \
  * **AzureLinux3**: Use AzureLinux3 as the OS for node images. Azure Linux is a container-optimized Linux distro built by Microsoft, visit https:\//aka.ms\/azurelinux for more information. For limitations, visit https:\//aka.ms\/aks\/node-images. For OS migration guidance, see https:\//aka.ms\/aks\/upgrade-os-version. \
+ * **Mariner**: Deprecated OSSKU. Microsoft recommends that new deployments choose 'AzureLinux' instead. \
+ * **Flatcar**: Use Flatcar Container Linux as the OS for node images. Flatcar is a container-optimized, security-focused Linux OS, with an immutable filesystem and part of the Cloud Native Computing Foundation (CNCF). For more information about Flatcar Container Linux for AKS, see aka.ms\/aks\/flatcar-container-linux-for-aks \
  * **CBLMariner**: Deprecated OSSKU. Microsoft recommends that new deployments choose 'AzureLinux' instead. \
  * **Windows2019**: Use Windows2019 as the OS for node images. Unsupported for system node pools. Windows2019 only supports Windows2019 containers; it cannot run Windows2022 containers and vice versa. \
  * **Windows2022**: Use Windows2022 as the OS for node images. Unsupported for system node pools. Windows2022 only supports Windows2022 containers; it cannot run Windows2019 containers and vice versa. \
  * **Ubuntu2204**: Use Ubuntu2204 as the OS for node images, however, Ubuntu 22.04 may not be supported for all nodepools. For limitations and supported kubernetes versions, see https:\//aka.ms\/aks\/supported-ubuntu-versions \
  * **Windows2025**: Use Windows2025 as the OS for node images. Unsupported for system node pools. Windows2025 supports Windows2022 and Windows 2025 containers; it cannot run Windows2019 containers and vice versa. \
+ * **WindowsAnnual**: Use Windows Annual Channel version as the OS for node images. Unsupported for system node pools. Details about supported container images and kubernetes versions under different AKS Annual Channel versions could be seen in https:\//aka.ms\/aks\/windows-annual-channel-details. \
  * **Ubuntu2404**: Use Ubuntu2404 as the OS for node images, however, Ubuntu 24.04 may not be supported for all nodepools. For limitations and supported kubernetes versions, see see https:\//aka.ms\/aks\/supported-ubuntu-versions \
  * **AzureContainerLinux**: Use Azure Container Linux as the OS for node images. Azure Container Linux is a container-optimized, security-focused Linux OS built on Azure Linux, with an immutable filesystem. ACL is derived from the Flatcar Container Linux project, building on Flatcar's proven container-first, immutable design, while adding Azure Linux packages, servicing, and deep integration with the Azure and AKS lifecycle. For more information, see https:\//aka.ms\/azurecontainerlinux
  */
@@ -403,7 +435,11 @@ export declare enum KnownAgentPoolMode {
     /** User agent pools are primarily for hosting your application pods. */
     User = "User",
     /** Gateway agent pools are dedicated to providing static egress IPs to pods. For more details, see https://aka.ms/aks/static-egress-gateway. */
-    Gateway = "Gateway"
+    Gateway = "Gateway",
+    /** ManagedSystem is a system pool managed by AKS. The pool scales dynamically according to cluster usage, and has additional automated monitoring and healing capabilities. There can only be one ManagedSystem pool, and it is recommended to delete all other system pools for the best experience. */
+    ManagedSystem = "ManagedSystem",
+    /** Machines agent pools are dedicated to hosting machines. Only limited operations, such as creation and deletion, are allowed at the pool level. Please use the machine APIs to manage the full machine lifecycle. */
+    Machines = "Machines"
 }
 /**
  * The mode of an agent pool. A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools \
@@ -412,15 +448,35 @@ export declare enum KnownAgentPoolMode {
  * ### Known values supported by the service
  * **System**: System agent pools are primarily for hosting critical system pods such as CoreDNS and metrics-server. System agent pools osType must be Linux. System agent pools VM SKU must have at least 2vCPUs and 4GB of memory. \
  * **User**: User agent pools are primarily for hosting your application pods. \
- * **Gateway**: Gateway agent pools are dedicated to providing static egress IPs to pods. For more details, see https:\//aka.ms\/aks\/static-egress-gateway.
+ * **Gateway**: Gateway agent pools are dedicated to providing static egress IPs to pods. For more details, see https:\//aka.ms\/aks\/static-egress-gateway. \
+ * **ManagedSystem**: ManagedSystem is a system pool managed by AKS. The pool scales dynamically according to cluster usage, and has additional automated monitoring and healing capabilities. There can only be one ManagedSystem pool, and it is recommended to delete all other system pools for the best experience. \
+ * **Machines**: Machines agent pools are dedicated to hosting machines. Only limited operations, such as creation and deletion, are allowed at the pool level. Please use the machine APIs to manage the full machine lifecycle.
  */
 export type AgentPoolMode = string;
+/** Defines the upgrade strategy for the agent pool. The default is Rolling. */
+export declare enum KnownUpgradeStrategy {
+    /** Specifies that the agent pool will conduct rolling upgrade. This is the default upgrade strategy. */
+    Rolling = "Rolling",
+    /** Specifies that the agent pool will conduct blue-green upgrade. */
+    BlueGreen = "BlueGreen"
+}
+/**
+ * Defines the upgrade strategy for the agent pool. The default is Rolling. \
+ * {@link KnownUpgradeStrategy} can be used interchangeably with UpgradeStrategy,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Rolling**: Specifies that the agent pool will conduct rolling upgrade. This is the default upgrade strategy. \
+ * **BlueGreen**: Specifies that the agent pool will conduct blue-green upgrade.
+ */
+export type UpgradeStrategy = string;
 /** Settings for upgrading an agentpool */
 export interface AgentPoolUpgradeSettings {
     /** The maximum number or percentage of nodes that are surged during upgrade. This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 10%. For more information, including best practices, see: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster */
     maxSurge?: string;
     /** The maximum number or percentage of nodes that can be simultaneously unavailable during upgrade. This can either be set to an integer (e.g. '1') or a percentage (e.g. '5%'). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 0. For more information, including best practices, see: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster */
     maxUnavailable?: string;
+    /** The maximum number or percentage of extra nodes that are allowed to be blocked in the agent pool during an upgrade when undrainable node behavior is Cordon. This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is maxSurge. This must always be greater than or equal to maxSurge. For more information, including best practices, see: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster */
+    maxBlockedNodes?: string;
     /** The drain timeout for a node. The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not specified, the default is 30 minutes. */
     drainTimeoutInMinutes?: number;
     /** The soak duration for a node. The amount of time (in minutes) to wait after draining a node and before reimaging it and moving on to next node. If not specified, the default is 0 minutes. */
@@ -446,6 +502,19 @@ export declare enum KnownUndrainableNodeBehavior {
  * **Schedule**: AKS will mark the blocked nodes schedulable, but the blocked nodes are not upgraded. A best-effort attempt will be made to delete all surge nodes. The upgrade operation and the managed cluster will be in failed state if there are any blocked nodes.
  */
 export type UndrainableNodeBehavior = string;
+/** Settings for blue-green upgrade on an agentpool */
+export interface AgentPoolBlueGreenUpgradeSettings {
+    /** The number or percentage of nodes to drain in batch during blue-green upgrade. Must be a non-zero number. This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it is the percentage of the total number of blue nodes of the initial upgrade operation. For percentages, fractional nodes are rounded up. If not specified, the default is 10%. For more information, including best practices, see: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster */
+    drainBatchSize?: string;
+    /** The drain timeout for a node, i.e., the amount of time (in minutes) to wait on eviction of pods and graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not specified, the default is 30 minutes. */
+    drainTimeoutInMinutes?: number;
+    /** The soak duration after draining a batch of nodes, i.e., the amount of time (in minutes) to wait after draining a batch of nodes before moving on the next batch. If not specified, the default is 15 minutes. */
+    batchSoakDurationInMinutes?: number;
+    /** The soak duration for a node pool, i.e., the amount of time (in minutes) to wait after all old nodes are drained before we remove the old nodes. If not specified, the default is 60 minutes. Only applicable for blue-green upgrade strategy. */
+    finalSoakDurationInMinutes?: number;
+}
+export declare function agentPoolBlueGreenUpgradeSettingsSerializer(item: AgentPoolBlueGreenUpgradeSettings): any;
+export declare function agentPoolBlueGreenUpgradeSettingsDeserializer(item: any): AgentPoolBlueGreenUpgradeSettings;
 /** Describes the Power State of the cluster */
 export interface PowerState {
     /** Tells whether the cluster is Running or Stopped */
@@ -525,9 +594,51 @@ export interface KubeletConfig {
     containerLogMaxFiles?: number;
     /** The maximum number of processes per pod. */
     podMaxPids?: number;
+    /** Specifies the default seccomp profile applied to all workloads. If not specified, 'Unconfined' will be used by default. */
+    seccompDefault?: SeccompDefault;
+    /** Kube-reserved values for kubelet. When a value is not set, the system-computed default based on VM size is used. See [AKS node resource reservations](https://aka.ms/aks/nodereservations) for details on computed defaults. Only applicable for Linux nodepools. */
+    kubeReserved?: KubeReserved;
+    /** Hard eviction thresholds for kubelet. When a threshold is not set, the system default is used. See [AKS node resource reservations](https://aka.ms/aks/nodereservations) for details on computed defaults. Only applicable for Linux nodepools. */
+    hardEvictionThreshold?: HardEvictionThreshold;
 }
 export declare function kubeletConfigSerializer(item: KubeletConfig): any;
 export declare function kubeletConfigDeserializer(item: any): KubeletConfig;
+/** Specifies the default seccomp profile applied to all workloads. If not specified, 'Unconfined' will be used by default. */
+export declare enum KnownSeccompDefault {
+    /** No seccomp profile is applied, allowing all system calls. */
+    Unconfined = "Unconfined",
+    /** The default seccomp profile for container runtime is applied, which restricts certain system calls for enhanced security. */
+    RuntimeDefault = "RuntimeDefault"
+}
+/**
+ * Specifies the default seccomp profile applied to all workloads. If not specified, 'Unconfined' will be used by default. \
+ * {@link KnownSeccompDefault} can be used interchangeably with SeccompDefault,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Unconfined**: No seccomp profile is applied, allowing all system calls. \
+ * **RuntimeDefault**: The default seccomp profile for container runtime is applied, which restricts certain system calls for enhanced security.
+ */
+export type SeccompDefault = string;
+/** Kube-reserved values for kubelet. When a value is not set, the system-computed default based on VM size is used. See [AKS node resource reservations](https://aka.ms/aks/nodereservations) for details on computed defaults. Only applicable for Linux nodepools. */
+export interface KubeReserved {
+    /** The amount of CPU reserved for Kubernetes system daemons, in millicores. Must be greater than or equal to 140. For example, a value of 200 means 200m (0.2 CPU cores). */
+    cpuMillicores?: number;
+    /** The amount of memory reserved for Kubernetes system daemons, in MiB. Must be greater than or equal to 750. */
+    memoryMB?: number;
+}
+export declare function kubeReservedSerializer(item: KubeReserved): any;
+export declare function kubeReservedDeserializer(item: any): KubeReserved;
+/** Hard eviction thresholds for kubelet. These thresholds trigger pod eviction when node resources drop below the specified values. Values must be greater than or equal to the documented minimums for each signal. Supported formats are Ki, Mi, Gi, or percentages using %. */
+export interface HardEvictionThreshold {
+    /** The threshold for available memory below which pod eviction is triggered. Accepts absolute values (e.g. '500Mi') or percentage values (e.g. '5%'). Absolute values must be greater than or equal to 100Mi. Percentage values must be greater than or equal to 2%. */
+    memoryAvailable?: string;
+    /** The threshold for available node filesystem space below which pod eviction is triggered. Accepts absolute values (e.g. '1Gi') or percentage values (e.g. '10%'). Must be greater than or equal to the system default of 10%. */
+    nodeFsAvailable?: string;
+    /** The threshold for available inodes on the node filesystem below which pod eviction is triggered. Accepts absolute inode counts (e.g. '100000') or percentage values (e.g. '5%'). Percentage values must be greater than or equal to the system default of 5%. */
+    nodeFsInodesFree?: string;
+}
+export declare function hardEvictionThresholdSerializer(item: HardEvictionThreshold): any;
+export declare function hardEvictionThresholdDeserializer(item: any): HardEvictionThreshold;
 /** OS configurations of Linux agent nodes. See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. */
 export interface LinuxOSConfig {
     /** Sysctl settings for Linux agent nodes. */
@@ -638,10 +749,14 @@ export declare function creationDataDeserializer(item: any): CreationData;
 export interface AgentPoolNetworkProfile {
     /** IPTags of instance-level public IPs. */
     nodePublicIPTags?: IPTag[];
+    /** The resource IDs of public IP prefixes for node public IPs. At most one IPv4 and one IPv6 prefix may be specified. Order does not matter; the RP determines IP version from the referenced resource's publicIPAddressVersion. Requires enableNodePublicIP to be true on the agent pool. Mutually exclusive with the top-level nodePublicIPPrefixID property. Immutable after node pool creation. To change prefixes, delete and recreate the node pool. For more information, see https://aka.ms/aks/ipv6-ilpip */
+    nodePublicIPPrefixIDs?: string[];
     /** The port ranges that are allowed to access. The specified ranges are allowed to overlap. */
     allowedHostPorts?: PortRange[];
     /** The IDs of the application security groups which agent pool will associate when created. */
     applicationSecurityGroups?: string[];
+    /** Secondary network interface configurations for each VM in the agent pool. Each entry is a template: one physical NIC per entry is provisioned on every VM instance. These interfaces are created at agent pool creation time and are immutable. The length of the list must be less than the NIC capacity minus 1 for the VM size of the agent pool (AKS manages the primary NIC). For example, a Standard_D8a_v4 VM supports up to 4 NICs, so the maximum number of secondary interfaces allowed is 3. For mixed-SKU VM pools the effective capacity is the minimum across all SKUs: count(secondaryNetworkInterfaces) + 1 <= min(maxNICs). For more information, see https://aka.ms/aks/multi-nic */
+    secondaryNetworkInterfaces?: AgentPoolNetworkInterface[];
 }
 export declare function agentPoolNetworkProfileSerializer(item: AgentPoolNetworkProfile): any;
 export declare function agentPoolNetworkProfileDeserializer(item: any): AgentPoolNetworkProfile;
@@ -685,6 +800,35 @@ export declare enum KnownProtocol {
  * **UDP**: UDP protocol.
  */
 export type Protocol = string;
+export declare function agentPoolNetworkInterfaceArraySerializer(result: Array<AgentPoolNetworkInterface>): any[];
+export declare function agentPoolNetworkInterfaceArrayDeserializer(result: Array<AgentPoolNetworkInterface>): any[];
+/** Configuration of a secondary network interface provisioned on each VM instance in the agent pool. For more information, see https://aka.ms/aks/multi-nic */
+export interface AgentPoolNetworkInterface {
+    /** Type of NIC to be provisioned on the VM. */
+    type?: AgentPoolNetworkInterfaceType;
+    /** The resource ID of the subnet which will be attached to the secondary network interface. Required when `type` is `Standard`; must be an empty string (`""`) or omitted when `type` is `Dynamic`. */
+    vnetSubnetId?: string;
+    /** Whether accelerated networking is enabled on this secondary NIC. If omitted, this defaults to true only when the agent pool VM SKU supports accelerated networking. Validation will fail if it is enabled on an unsupported SKU or NIC configuration. */
+    enableAcceleratedNetworking?: boolean;
+}
+export declare function agentPoolNetworkInterfaceSerializer(item: AgentPoolNetworkInterface): any;
+export declare function agentPoolNetworkInterfaceDeserializer(item: any): AgentPoolNetworkInterface;
+/** Type of network interface to be provisioned on each virtual machine instance. For more information, see https://aka.ms/aks/multi-nic */
+export declare enum KnownAgentPoolNetworkInterfaceType {
+    /** A standard network interface programmed with an IP from a specified VNet subnet. Must be used with `vnetSubnetId` set in the AgentPoolNetworkInterface. IP address family (IPv4/IPv6/Dual-stack) is determined by the subnet. */
+    Standard = "Standard",
+    /** A secondary network interface created without IP configuration or subnet attachment. The interface is provisioned in an uninitialized state and the subnet is attached during workload creation. `vnetSubnetId` must be set to an empty string (`""`) or omitted. */
+    Dynamic = "Dynamic"
+}
+/**
+ * Type of network interface to be provisioned on each virtual machine instance. For more information, see https://aka.ms/aks/multi-nic \
+ * {@link KnownAgentPoolNetworkInterfaceType} can be used interchangeably with AgentPoolNetworkInterfaceType,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Standard**: A standard network interface programmed with an IP from a specified VNet subnet. Must be used with `vnetSubnetId` set in the AgentPoolNetworkInterface. IP address family (IPv4\/IPv6\/Dual-stack) is determined by the subnet. \
+ * **Dynamic**: A secondary network interface created without IP configuration or subnet attachment. The interface is provisioned in an uninitialized state and the subnet is attached during workload creation. `vnetSubnetId` must be set to an empty string (`""`) or omitted.
+ */
+export type AgentPoolNetworkInterfaceType = string;
 /** The Windows agent pool's specific profile. */
 export interface AgentPoolWindowsProfile {
     /** Whether to disable OutboundNAT in windows nodes. The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT Gateway and the Windows agent pool does not have node public IP enabled. */
@@ -708,7 +852,9 @@ export declare enum KnownAgentPoolSSHAccess {
     /** Can SSH onto the node as a local user using private key. */
     LocalUser = "LocalUser",
     /** SSH service will be turned off on the node. */
-    Disabled = "Disabled"
+    Disabled = "Disabled",
+    /** SSH to node with EntraId integration. More information can be found under https://aka.ms/aks/ssh/aad */
+    EntraId = "EntraId"
 }
 /**
  * SSH access method of an agent pool. \
@@ -716,13 +862,18 @@ export declare enum KnownAgentPoolSSHAccess {
  *  this enum contains the known values that the service supports.
  * ### Known values supported by the service
  * **LocalUser**: Can SSH onto the node as a local user using private key. \
- * **Disabled**: SSH service will be turned off on the node.
+ * **Disabled**: SSH service will be turned off on the node. \
+ * **EntraId**: SSH to node with EntraId integration. More information can be found under https:\//aka.ms\/aks\/ssh\/aad
  */
 export type AgentPoolSSHAccess = string;
 /** GPU settings for the Agent Pool. */
 export interface GPUProfile {
     /** Whether to install GPU drivers. When it's not specified, default is Install. */
     driver?: GPUDriver;
+    /** Specify the type of GPU driver to install when creating Windows agent pools. If not provided, AKS selects the driver based on system compatibility. This cannot be changed once the AgentPool has been created. This cannot be set on Linux AgentPools. For Linux AgentPools, the driver is selected based on system compatibility. */
+    driverType?: DriverType;
+    /** NVIDIA-specific GPU settings. */
+    nvidia?: NvidiaGPUProfile;
 }
 export declare function gpuProfileSerializer(item: GPUProfile): any;
 export declare function gpuProfileDeserializer(item: any): GPUProfile;
@@ -742,6 +893,66 @@ export declare enum KnownGPUDriver {
  * **None**: Skip driver install.
  */
 export type GPUDriver = string;
+/** Specify the type of GPU driver to install when creating Windows agent pools. If not provided, AKS selects the driver based on system compatibility. This cannot be changed once the AgentPool has been created. This cannot be set on Linux AgentPools. For Linux AgentPools, the driver is selected based on system compatibility. */
+export declare enum KnownDriverType {
+    /** Install the GRID driver for the GPU, suitable for applications requiring virtualization support. */
+    Grid = "GRID",
+    /** Install the CUDA driver for the GPU, optimized for computational tasks in scientific computing and data-intensive applications. */
+    Cuda = "CUDA"
+}
+/**
+ * Specify the type of GPU driver to install when creating Windows agent pools. If not provided, AKS selects the driver based on system compatibility. This cannot be changed once the AgentPool has been created. This cannot be set on Linux AgentPools. For Linux AgentPools, the driver is selected based on system compatibility. \
+ * {@link KnownDriverType} can be used interchangeably with DriverType,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **GRID**: Install the GRID driver for the GPU, suitable for applications requiring virtualization support. \
+ * **CUDA**: Install the CUDA driver for the GPU, optimized for computational tasks in scientific computing and data-intensive applications.
+ */
+export type DriverType = string;
+/** NVIDIA-specific GPU settings */
+export interface NvidiaGPUProfile {
+    /** The Managed GPU experience installs additional components, such as the Data Center GPU Manager (DCGM) metrics for monitoring, on top of the GPU driver for you. For more details of what is installed, check out aka.ms/aks/managed-gpu. */
+    managementMode?: ManagementMode;
+    /** Sets the MIG (Multi-Instance GPU) strategy that will be used for managed MIG support. For more information about the different strategies, visit aka.ms/aks/managed-gpu. When not specified, the default is None. */
+    migStrategy?: MigStrategy;
+}
+export declare function nvidiaGPUProfileSerializer(item: NvidiaGPUProfile): any;
+export declare function nvidiaGPUProfileDeserializer(item: any): NvidiaGPUProfile;
+/** The Managed GPU experience installs additional components, such as the Data Center GPU Manager (DCGM) metrics for monitoring, on top of the GPU driver for you. For more details of what is installed, check out aka.ms/aks/managed-gpu. */
+export declare enum KnownManagementMode {
+    /** Managed GPU experience is disabled for NVIDIA GPUs. */
+    Unmanaged = "Unmanaged",
+    /** Managed GPU experience is enabled for NVIDIA GPUs. */
+    Managed = "Managed"
+}
+/**
+ * The Managed GPU experience installs additional components, such as the Data Center GPU Manager (DCGM) metrics for monitoring, on top of the GPU driver for you. For more details of what is installed, check out aka.ms/aks/managed-gpu. \
+ * {@link KnownManagementMode} can be used interchangeably with ManagementMode,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Unmanaged**: Managed GPU experience is disabled for NVIDIA GPUs. \
+ * **Managed**: Managed GPU experience is enabled for NVIDIA GPUs.
+ */
+export type ManagementMode = string;
+/** Sets the MIG (Multi-Instance GPU) strategy that will be used for managed MIG support. For more information about the different strategies, visit aka.ms/aks/managed-gpu. When not specified, the default is None. */
+export declare enum KnownMigStrategy {
+    /** Don't set a MIG strategy. If you previously had one set, this will override it and set remove the set MIG strategy. */
+    None = "None",
+    /** Set the MIG strategy for managed MIG as single. */
+    Single = "Single",
+    /** Set the MIG strategy for managed MIG as mixed. */
+    Mixed = "Mixed"
+}
+/**
+ * Sets the MIG (Multi-Instance GPU) strategy that will be used for managed MIG support. For more information about the different strategies, visit aka.ms/aks/managed-gpu. When not specified, the default is None. \
+ * {@link KnownMigStrategy} can be used interchangeably with MigStrategy,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **None**: Don't set a MIG strategy. If you previously had one set, this will override it and set remove the set MIG strategy. \
+ * **Single**: Set the MIG strategy for managed MIG as single. \
+ * **Mixed**: Set the MIG strategy for managed MIG as mixed.
+ */
+export type MigStrategy = string;
 /** Profile of the managed cluster gateway agent pool. */
 export interface AgentPoolGatewayProfile {
     /** The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. */
@@ -767,6 +978,13 @@ export declare function virtualMachinesProfileDeserializer(item: any): VirtualMa
 export interface ScaleProfile {
     /** Specifications on how to scale the VirtualMachines agent pool to a fixed size. */
     manual?: ManualScaleProfile[];
+    /**
+     * Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range.
+     * Each profile targets a specific VM SKU and is evaluated independently.
+     * Scaling decisions across profiles are governed by the cluster autoscaler expander,
+     * configurable via `ManagedCluster.properties.autoScalerProfile.expander`.
+     */
+    autoscale?: AutoScaleProfile[];
 }
 export declare function scaleProfileSerializer(item: ScaleProfile): any;
 export declare function scaleProfileDeserializer(item: any): ScaleProfile;
@@ -781,6 +999,19 @@ export interface ManualScaleProfile {
 }
 export declare function manualScaleProfileSerializer(item: ManualScaleProfile): any;
 export declare function manualScaleProfileDeserializer(item: any): ManualScaleProfile;
+export declare function autoScaleProfileArraySerializer(result: Array<AutoScaleProfile>): any[];
+export declare function autoScaleProfileArrayDeserializer(result: Array<AutoScaleProfile>): any[];
+/** Specifications on auto-scaling. */
+export interface AutoScaleProfile {
+    /** VM size that AKS will use when creating and scaling e.g. 'Standard_E4s_v3', 'Standard_E16s_v3' or 'Standard_D16s_v5'. */
+    size?: string;
+    /** The minimum number of nodes of the specified sizes. */
+    minCount?: number;
+    /** The maximum number of nodes of the specified sizes. */
+    maxCount?: number;
+}
+export declare function autoScaleProfileSerializer(item: AutoScaleProfile): any;
+export declare function autoScaleProfileDeserializer(item: any): AutoScaleProfile;
 export declare function virtualMachineNodesArraySerializer(result: Array<VirtualMachineNodes>): any[];
 export declare function virtualMachineNodesArrayDeserializer(result: Array<VirtualMachineNodes>): any[];
 /** Current status on a group of nodes of the same vm size. */
@@ -980,6 +1211,13 @@ export declare enum KnownLocalDNSServeStale {
  * **Disable**: Disable serving stale data.
  */
 export type LocalDNSServeStale = string;
+/** Settings to determine the prepared image specification used to provision nodes in a pool. */
+export interface PreparedImageSpecificationProfile {
+    /** The resource ID of the prepared image specification resource to use. This can include a version. Omitting the version will use the latest version of the prepared image specification. */
+    preparedImageSpecificationId?: string;
+}
+export declare function preparedImageSpecificationProfileSerializer(item: PreparedImageSpecificationProfile): any;
+export declare function preparedImageSpecificationProfileDeserializer(item: any): PreparedImageSpecificationProfile;
 /** The resource model definition for a Azure Resource Manager proxy resource. It will not have tags and a location */
 export interface ProxyResource extends Resource {
 }
@@ -1042,6 +1280,25 @@ export interface ErrorResponse {
     error?: ErrorDetail;
 }
 export declare function errorResponseDeserializer(item: any): ErrorResponse;
+/** The provisioning state of a resource type. */
+export declare enum KnownResourceProvisioningState {
+    /** Resource has been created. */
+    Succeeded = "Succeeded",
+    /** Resource creation failed. */
+    Failed = "Failed",
+    /** Resource creation was canceled. */
+    Canceled = "Canceled"
+}
+/**
+ * The provisioning state of a resource type. \
+ * {@link KnownResourceProvisioningState} can be used interchangeably with ResourceProvisioningState,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Succeeded**: Resource has been created. \
+ * **Failed**: Resource creation failed. \
+ * **Canceled**: Resource creation was canceled.
+ */
+export type ResourceProvisioningState = string;
 /** The response of a AgentPool list operation. */
 export interface _AgentPoolListResult {
     /** The AgentPool items on this page */
@@ -1095,6 +1352,8 @@ export interface AgentPoolUpgradeProfile extends ProxyResource {
     osType: OSType;
     /** List of orchestrator types and versions available for upgrade. */
     upgrades?: AgentPoolUpgradeProfilePropertiesUpgradesItem[];
+    /** List of components grouped by kubernetes major.minor version. */
+    componentsByReleases?: ComponentsByRelease[];
     /** List of historical good versions for rollback operations. */
     readonly recentlyUsedVersions?: AgentPoolRecentlyUsedVersion[];
     /** The latest AKS supported node image version. */
@@ -1109,6 +1368,8 @@ export interface AgentPoolUpgradeProfileProperties {
     osType: OSType;
     /** List of orchestrator types and versions available for upgrade. */
     upgrades?: AgentPoolUpgradeProfilePropertiesUpgradesItem[];
+    /** List of components grouped by kubernetes major.minor version. */
+    componentsByReleases?: ComponentsByRelease[];
     /** List of historical good versions for rollback operations. */
     readonly recentlyUsedVersions?: AgentPoolRecentlyUsedVersion[];
     /** The latest AKS supported node image version. */
@@ -1122,8 +1383,30 @@ export interface AgentPoolUpgradeProfilePropertiesUpgradesItem {
     kubernetesVersion?: string;
     /** Whether the Kubernetes version is currently in preview. */
     isPreview?: boolean;
+    /** Whether the Kubernetes version is out of support. */
+    isOutOfSupport?: boolean;
 }
 export declare function agentPoolUpgradeProfilePropertiesUpgradesItemDeserializer(item: any): AgentPoolUpgradeProfilePropertiesUpgradesItem;
+export declare function componentsByReleaseArrayDeserializer(result: Array<ComponentsByRelease>): any[];
+/** components of given Kubernetes version. */
+export interface ComponentsByRelease {
+    /** The Kubernetes version (major.minor). */
+    kubernetesVersion?: string;
+    /** components of current or upgraded Kubernetes version in the cluster. */
+    components?: Component[];
+}
+export declare function componentsByReleaseDeserializer(item: any): ComponentsByRelease;
+export declare function componentArrayDeserializer(result: Array<Component>): any[];
+/** Component information for a Kubernetes version. */
+export interface Component {
+    /** Component name. */
+    name?: string;
+    /** Component version. */
+    version?: string;
+    /** If upgraded component version contains breaking changes from the current version. To see a detailed description of what the breaking changes are, visit https://learn.microsoft.com/azure/aks/supported-kubernetes-versions?tabs=azure-cli#aks-components-breaking-changes-by-version. */
+    hasBreakingChanges?: boolean;
+}
+export declare function componentDeserializer(item: any): Component;
 export declare function agentPoolRecentlyUsedVersionArrayDeserializer(result: Array<AgentPoolRecentlyUsedVersion>): any[];
 /** A historical version that can be used for rollback operations. */
 export interface AgentPoolRecentlyUsedVersion {
@@ -1151,6 +1434,8 @@ export interface ManagedCluster extends TrackedResource {
     readonly provisioningState?: string;
     /** The Power State of the cluster. */
     readonly powerState?: PowerState;
+    /** CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a snapshot. */
+    creationData?: CreationData;
     /** The max number of agent pools for the managed cluster. */
     readonly maxAgentPools?: number;
     /** The version of Kubernetes specified by the user. Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. */
@@ -1189,6 +1474,10 @@ export interface ManagedCluster extends TrackedResource {
     enableRbac?: boolean;
     /** The support plan for the Managed Cluster. If unspecified, the default is 'KubernetesOfficial'. */
     supportPlan?: KubernetesSupportPlan;
+    /** Whether to enable FIPS mode at the cluster level. When enabled, this setting enforces FIPS compliance for all AKS-managed components, such as the node operating system, addons, and [managed containerized components](https://aka.ms/aks/components/docs). See [Enable cluster-wide FIPS](https://aka.ms/aks/fips) for more details. When this property is enabled, all node pools in the cluster must also be FIPS-enabled. */
+    enableFips?: boolean;
+    /** Enable namespace as Azure resource. The default value is false. It can be enabled/disabled on creation and updating of the managed cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as a ARM Resource. */
+    enableNamespaceResources?: boolean;
     /** The network configuration profile. */
     networkProfile?: ContainerServiceNetworkProfile;
     /** The Azure Active Directory configuration. */
@@ -1235,8 +1524,16 @@ export interface ManagedCluster extends TrackedResource {
     bootstrapProfile?: ManagedClusterBootstrapProfile;
     /** AI toolchain operator settings that apply to the whole cluster. */
     aiToolchainOperatorProfile?: ManagedClusterAIToolchainOperatorProfile;
+    /** Profile of the pod scheduler configuration. */
+    schedulerProfile?: SchedulerProfile;
     /** Settings for hosted system addons. For more information, see https://aka.ms/aks/automatic/systemcomponents. */
     hostedSystemProfile?: ManagedClusterHostedSystemProfile;
+    /** Health monitor profile for the managed cluster. */
+    healthMonitorProfile?: ManagedClusterHealthMonitorProfile;
+    /** Profile for providing scaled and performance guaranteed control plane capacity to deliver consistent performance under high workload. Requires Kubernetes version 1.33.0 or later. */
+    controlPlaneScalingProfile?: ManagedClusterControlPlaneScalingProfile;
+    /** Node disruption profile for a managed cluster. */
+    nodeDisruptionProfile?: NodeDisruptionProfile;
     /** Contains read-only information about the Managed Cluster. */
     status?: ManagedClusterStatus;
 }
@@ -1248,6 +1545,8 @@ export interface ManagedClusterProperties {
     readonly provisioningState?: string;
     /** The Power State of the cluster. */
     readonly powerState?: PowerState;
+    /** CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a snapshot. */
+    creationData?: CreationData;
     /** The max number of agent pools for the managed cluster. */
     readonly maxAgentPools?: number;
     /** The version of Kubernetes specified by the user. Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. */
@@ -1286,6 +1585,10 @@ export interface ManagedClusterProperties {
     enableRbac?: boolean;
     /** The support plan for the Managed Cluster. If unspecified, the default is 'KubernetesOfficial'. */
     supportPlan?: KubernetesSupportPlan;
+    /** Whether to enable FIPS mode at the cluster level. When enabled, this setting enforces FIPS compliance for all AKS-managed components, such as the node operating system, addons, and [managed containerized components](https://aka.ms/aks/components/docs). See [Enable cluster-wide FIPS](https://aka.ms/aks/fips) for more details. When this property is enabled, all node pools in the cluster must also be FIPS-enabled. */
+    enableFips?: boolean;
+    /** Enable namespace as Azure resource. The default value is false. It can be enabled/disabled on creation and updating of the managed cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as a ARM Resource. */
+    enableNamespaceResources?: boolean;
     /** The network configuration profile. */
     networkProfile?: ContainerServiceNetworkProfile;
     /** The Azure Active Directory configuration. */
@@ -1332,8 +1635,16 @@ export interface ManagedClusterProperties {
     bootstrapProfile?: ManagedClusterBootstrapProfile;
     /** AI toolchain operator settings that apply to the whole cluster. */
     aiToolchainOperatorProfile?: ManagedClusterAIToolchainOperatorProfile;
+    /** Profile of the pod scheduler configuration. */
+    schedulerProfile?: SchedulerProfile;
     /** Settings for hosted system addons. For more information, see https://aka.ms/aks/automatic/systemcomponents. */
     hostedSystemProfile?: ManagedClusterHostedSystemProfile;
+    /** Health monitor profile for the managed cluster. */
+    healthMonitorProfile?: ManagedClusterHealthMonitorProfile;
+    /** Profile for providing scaled and performance guaranteed control plane capacity to deliver consistent performance under high workload. Requires Kubernetes version 1.33.0 or later. */
+    controlPlaneScalingProfile?: ManagedClusterControlPlaneScalingProfile;
+    /** Node disruption profile for a managed cluster. */
+    nodeDisruptionProfile?: NodeDisruptionProfile;
     /** Contains read-only information about the Managed Cluster. */
     status?: ManagedClusterStatus;
 }
@@ -1624,6 +1935,11 @@ export interface ContainerServiceNetworkProfile {
     loadBalancerSku?: LoadBalancerSku;
     /** Profile of the cluster load balancer. */
     loadBalancerProfile?: ManagedClusterLoadBalancerProfile;
+    /**
+     * Profile of the Bastion Host associated with the managed cluster.
+     * See https://aka.ms/aks/BastionConnect for more details.
+     */
+    bastionProfile?: BastionProfile;
     /** Profile of the cluster NAT gateway. */
     natGatewayProfile?: ManagedClusterNATGatewayProfile;
     /** The profile for Static Egress Gateway addon. For more details about Static Egress Gateway, see https://aka.ms/aks/static-egress-gateway. */
@@ -1634,6 +1950,10 @@ export interface ContainerServiceNetworkProfile {
     serviceCidrs?: string[];
     /** The IP families used to specify IP versions available to the cluster. IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value is IPv4. For dual-stack, the expected values are IPv4 and IPv6. */
     ipFamilies?: IpFamily[];
+    /** Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods with hostNetwork=false. if not specified, the default is 'IMDS'. */
+    podLinkLocalAccess?: PodLinkLocalAccess;
+    /** Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy defaulting behavior. See https://v<version>.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ where <version> is represented by a <major version>-<minor version> string. Kubernetes version 1.23 would be '1-23'. */
+    kubeProxyConfig?: ContainerServiceNetworkProfileKubeProxyConfig;
 }
 export declare function containerServiceNetworkProfileSerializer(item: ContainerServiceNetworkProfile): any;
 export declare function containerServiceNetworkProfileDeserializer(item: any): ContainerServiceNetworkProfile;
@@ -1784,6 +2104,8 @@ export declare function advancedNetworkingSecurityTransitEncryptionDeserializer(
 export declare enum KnownTransitEncryptionType {
     /** Enable WireGuard encryption. Refer to https://docs.cilium.io/en/latest/security/network/encryption-wireguard/ on use cases and implementation details */
     WireGuard = "WireGuard",
+    /** Enables mTLS authentication and encryption for pod-to-pod traffic within the cluster. Refer to https://aka.ms/acnsciliummtls for relevant documentation. */
+    MTLS = "mTLS",
     /** Disable Transit encryption */
     None = "None"
 }
@@ -1793,6 +2115,7 @@ export declare enum KnownTransitEncryptionType {
  *  this enum contains the known values that the service supports.
  * ### Known values supported by the service
  * **WireGuard**: Enable WireGuard encryption. Refer to https:\//docs.cilium.io\/en\/latest\/security\/network\/encryption-wireguard\/ on use cases and implementation details \
+ * **mTLS**: Enables mTLS authentication and encryption for pod-to-pod traffic within the cluster. Refer to https:\//aka.ms\/acnsciliummtls for relevant documentation. \
  * **None**: Disable Transit encryption
  */
 export type TransitEncryptionType = string;
@@ -1827,6 +2150,8 @@ export declare enum KnownOutboundType {
     UserDefinedRouting = "userDefinedRouting",
     /** The AKS-managed NAT gateway is used for egress. */
     ManagedNATGateway = "managedNATGateway",
+    /** The AKS-managed NAT gateway V2 is used for egress. */
+    ManagedNATGatewayV2 = "managedNATGatewayV2",
     /** The user-assigned NAT gateway associated to the cluster subnet is used for egress. This is an advanced scenario and requires proper network configuration. */
     UserAssignedNATGateway = "userAssignedNATGateway",
     /** The AKS cluster is not set with any outbound-type. All AKS nodes follows Azure VM default outbound behavior. Please refer to https://azure.microsoft.com/en-us/updates/default-outbound-access-for-vms-in-azure-will-be-retired-transition-to-a-new-method-of-internet-access/ */
@@ -1840,6 +2165,7 @@ export declare enum KnownOutboundType {
  * **loadBalancer**: The load balancer is used for egress through an AKS assigned public IP. This supports Kubernetes services of type 'loadBalancer'. For more information see [outbound type loadbalancer](https:\//docs.microsoft.com\/azure\/aks\/egress-outboundtype#outbound-type-of-loadbalancer). \
  * **userDefinedRouting**: Egress paths must be defined by the user. This is an advanced scenario and requires proper network configuration. For more information see [outbound type userDefinedRouting](https:\//docs.microsoft.com\/azure\/aks\/egress-outboundtype#outbound-type-of-userdefinedrouting). \
  * **managedNATGateway**: The AKS-managed NAT gateway is used for egress. \
+ * **managedNATGatewayV2**: The AKS-managed NAT gateway V2 is used for egress. \
  * **userAssignedNATGateway**: The user-assigned NAT gateway associated to the cluster subnet is used for egress. This is an advanced scenario and requires proper network configuration. \
  * **none**: The AKS cluster is not set with any outbound-type. All AKS nodes follows Azure VM default outbound behavior. Please refer to https:\//azure.microsoft.com\/en-us\/updates\/default-outbound-access-for-vms-in-azure-will-be-retired-transition-to-a-new-method-of-internet-access\/
  */
@@ -1878,6 +2204,8 @@ export interface ManagedClusterLoadBalancerProfile {
     enableMultipleStandardLoadBalancers?: boolean;
     /** The type of the managed inbound Load Balancer BackendPool. */
     backendPoolType?: BackendPoolType;
+    /** The health probing behavior for External Traffic Policy Cluster services. */
+    clusterServiceLoadBalancerHealthProbeMode?: ClusterServiceLoadBalancerHealthProbeMode;
 }
 export declare function managedClusterLoadBalancerProfileSerializer(item: ManagedClusterLoadBalancerProfile): any;
 export declare function managedClusterLoadBalancerProfileDeserializer(item: any): ManagedClusterLoadBalancerProfile;
@@ -1929,12 +2257,86 @@ export declare enum KnownBackendPoolType {
  * **NodeIP**: The type of the managed inbound Load Balancer BackendPool. https:\//cloud-provider-azure.sigs.k8s.io\/topics\/loadbalancer\/#configure-load-balancer-backend.
  */
 export type BackendPoolType = string;
+/** The health probing behavior for External Traffic Policy Cluster services. */
+export declare enum KnownClusterServiceLoadBalancerHealthProbeMode {
+    /** Each External Traffic Policy Cluster service will have its own health probe targeting service nodePort. */
+    ServiceNodePort = "ServiceNodePort",
+    /** All External Traffic Policy Cluster services in a Standard Load Balancer will have a dedicated health probe targeting the backend nodes' kube-proxy health check port 10256. */
+    Shared = "Shared"
+}
+/**
+ * The health probing behavior for External Traffic Policy Cluster services. \
+ * {@link KnownClusterServiceLoadBalancerHealthProbeMode} can be used interchangeably with ClusterServiceLoadBalancerHealthProbeMode,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **ServiceNodePort**: Each External Traffic Policy Cluster service will have its own health probe targeting service nodePort. \
+ * **Shared**: All External Traffic Policy Cluster services in a Standard Load Balancer will have a dedicated health probe targeting the backend nodes' kube-proxy health check port 10256.
+ */
+export type ClusterServiceLoadBalancerHealthProbeMode = string;
+/**
+ * Profile to enable managed Azure Bastion or reference to an existing Bastion for the managed cluster.
+ * See https://aka.ms/aks/BastionConnect for more details.
+ */
+export interface BastionProfile {
+    /** Indicates whether managed bastion is enabled. */
+    enabled?: boolean;
+    /** The resource ID of the managed bastion associated with the managed cluster. */
+    readonly bastionId?: string;
+    /**
+     * The SKU of the managed bastion.
+     *
+     * Only Standard and Premium SKUs are supported.
+     * SKU downgrading is not allowed. To downgrade SKU, please disable then re-enable the managed bastion with new SKU.
+     *
+     * See https://aka.ms/aks/BastionSKUs for more details.
+     */
+    sku?: BastionSku;
+    /** The scale units of the managed bastion. Default value is 2. */
+    scaleUnits?: number;
+    /**
+     * The resource ID of the public IP address associated with the managed bastion.
+     *
+     * When provided during creation, the managed bastion will reference this existing public IP address instead of creating a new one.
+     * The referenced public IP address must be in the same subscription and region as the managed cluster.
+     *
+     * When not provided during creation, AKS will automatically create a new public IP address.
+     *
+     * This field cannot be updated. To change IP address after creation, please disable and re-enable the managed bastion with the new public IP address.
+     */
+    publicIpAddressId?: string;
+}
+export declare function bastionProfileSerializer(item: BastionProfile): any;
+export declare function bastionProfileDeserializer(item: any): BastionProfile;
+/** The SKU of the managed Azure Bastion. The default is 'Standard'. See https://aka.ms/aks/BastionSKUs for more information about the differences between Azure Bastion SKUs. */
+export declare enum KnownBastionSku {
+    /** Use the standard SKU of Azure Bastion. */
+    Standard = "Standard",
+    /** Use the premium SKU of Azure Bastion. */
+    Premium = "Premium"
+}
+/**
+ * The SKU of the managed Azure Bastion. The default is 'Standard'. See https://aka.ms/aks/BastionSKUs for more information about the differences between Azure Bastion SKUs. \
+ * {@link KnownBastionSku} can be used interchangeably with BastionSku,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Standard**: Use the standard SKU of Azure Bastion. \
+ * **Premium**: Use the premium SKU of Azure Bastion.
+ */
+export type BastionSku = string;
 /** Profile of the managed cluster NAT gateway. */
 export interface ManagedClusterNATGatewayProfile {
     /** Profile of the managed outbound IP resources of the cluster NAT gateway. */
     managedOutboundIPProfile?: ManagedClusterManagedOutboundIPProfile;
     /** The effective outbound IP resources of the cluster NAT gateway. */
     readonly effectiveOutboundIPs?: ResourceReference[];
+    /** Desired outbound IP Prefix resources for the managed NAT Gateway. Only compatible with NAT Gateway V2. */
+    outboundIPPrefixes?: {
+        publicIPPrefixes?: string[];
+    };
+    /** Desired outbound IP resources for the managed NAT Gateway. */
+    outboundIPs?: {
+        publicIPs?: string[];
+    };
     /** Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 4 minutes. */
     idleTimeoutInMinutes?: number;
 }
@@ -1944,9 +2346,25 @@ export declare function managedClusterNATGatewayProfileDeserializer(item: any):
 export interface ManagedClusterManagedOutboundIPProfile {
     /** The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 (inclusive). The default value is 1. */
     count?: number;
+    /** The desired number of IPv6 outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 (inclusive). */
+    countIPv6?: number;
 }
 export declare function managedClusterManagedOutboundIPProfileSerializer(item: ManagedClusterManagedOutboundIPProfile): any;
 export declare function managedClusterManagedOutboundIPProfileDeserializer(item: any): ManagedClusterManagedOutboundIPProfile;
+/** model interface _ManagedClusterNATGatewayProfileOutboundIpPrefixes */
+export interface _ManagedClusterNATGatewayProfileOutboundIpPrefixes {
+    /** A list of public IP prefix resources. */
+    publicIPPrefixes?: string[];
+}
+export declare function _managedClusterNATGatewayProfileOutboundIpPrefixesSerializer(item: _ManagedClusterNATGatewayProfileOutboundIpPrefixes): any;
+export declare function _managedClusterNATGatewayProfileOutboundIpPrefixesDeserializer(item: any): _ManagedClusterNATGatewayProfileOutboundIpPrefixes;
+/** model interface _ManagedClusterNATGatewayProfileOutboundIPs */
+export interface _ManagedClusterNATGatewayProfileOutboundIPs {
+    /** A list of public IP resources. */
+    publicIPs?: string[];
+}
+export declare function _managedClusterNATGatewayProfileOutboundIPsSerializer(item: _ManagedClusterNATGatewayProfileOutboundIPs): any;
+export declare function _managedClusterNATGatewayProfileOutboundIPsDeserializer(item: any): _ManagedClusterNATGatewayProfileOutboundIPs;
 /** The Static Egress Gateway addon configuration for the cluster. */
 export interface ManagedClusterStaticEgressGatewayProfile {
     /** Enable Static Egress Gateway addon. Indicates if Static Egress Gateway addon is enabled or not. */
@@ -1970,6 +2388,81 @@ export declare enum KnownIpFamily {
  * **IPv6**: IPv6 family
  */
 export type IpFamily = string;
+/** Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods with hostNetwork=false. If not specified, the default is 'IMDS'. */
+export declare enum KnownPodLinkLocalAccess {
+    /** Pods with hostNetwork=false can access Azure Instance Metadata Service (IMDS) without restriction. */
+    Imds = "IMDS",
+    /** Pods with hostNetwork=false cannot access Azure Instance Metadata Service (IMDS). */
+    None = "None"
+}
+/**
+ * Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods with hostNetwork=false. If not specified, the default is 'IMDS'. \
+ * {@link KnownPodLinkLocalAccess} can be used interchangeably with PodLinkLocalAccess,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **IMDS**: Pods with hostNetwork=false can access Azure Instance Metadata Service (IMDS) without restriction. \
+ * **None**: Pods with hostNetwork=false cannot access Azure Instance Metadata Service (IMDS).
+ */
+export type PodLinkLocalAccess = string;
+/** Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy defaulting behavior. See https://v<version>.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ where <version> is represented by a <major version>-<minor version> string. Kubernetes version 1.23 would be '1-23'. */
+export interface ContainerServiceNetworkProfileKubeProxyConfig {
+    /** Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by default without these customizations). */
+    enabled?: boolean;
+    /** Specify which proxy mode to use ('IPTABLES', 'IPVS' or 'NFTABLES') */
+    mode?: Mode;
+    /** Holds configuration customizations for IPVS. May only be specified if 'mode' is set to 'IPVS'. */
+    ipvsConfig?: ContainerServiceNetworkProfileKubeProxyConfigIpvsConfig;
+}
+export declare function containerServiceNetworkProfileKubeProxyConfigSerializer(item: ContainerServiceNetworkProfileKubeProxyConfig): any;
+export declare function containerServiceNetworkProfileKubeProxyConfigDeserializer(item: any): ContainerServiceNetworkProfileKubeProxyConfig;
+/** Specify which proxy mode to use ('IPTABLES', 'IPVS' or 'NFTABLES') */
+export declare enum KnownMode {
+    /** IPTables proxy mode */
+    Iptables = "IPTABLES",
+    /** IPVS proxy mode. Must be using Kubernetes version >= 1.22. */
+    Ipvs = "IPVS",
+    /** NFTables proxy mode. Must be using Kubernetes version >= 1.33. */
+    Nftables = "NFTABLES"
+}
+/**
+ * Specify which proxy mode to use ('IPTABLES', 'IPVS' or 'NFTABLES') \
+ * {@link KnownMode} can be used interchangeably with Mode,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **IPTABLES**: IPTables proxy mode \
+ * **IPVS**: IPVS proxy mode. Must be using Kubernetes version >= 1.22. \
+ * **NFTABLES**: NFTables proxy mode. Must be using Kubernetes version >= 1.33.
+ */
+export type Mode = string;
+/** Holds configuration customizations for IPVS. May only be specified if 'mode' is set to 'IPVS'. */
+export interface ContainerServiceNetworkProfileKubeProxyConfigIpvsConfig {
+    /** IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html. */
+    scheduler?: IpvsScheduler;
+    /** The timeout value used for idle IPVS TCP sessions in seconds. Must be a positive integer value. */
+    tcpTimeoutSeconds?: number;
+    /** The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive integer value. */
+    tcpFinTimeoutSeconds?: number;
+    /** The timeout value used for IPVS UDP packets in seconds. Must be a positive integer value. */
+    udpTimeoutSeconds?: number;
+}
+export declare function containerServiceNetworkProfileKubeProxyConfigIpvsConfigSerializer(item: ContainerServiceNetworkProfileKubeProxyConfigIpvsConfig): any;
+export declare function containerServiceNetworkProfileKubeProxyConfigIpvsConfigDeserializer(item: any): ContainerServiceNetworkProfileKubeProxyConfigIpvsConfig;
+/** IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html. */
+export declare enum KnownIpvsScheduler {
+    /** Round Robin */
+    RoundRobin = "RoundRobin",
+    /** Least Connection */
+    LeastConnection = "LeastConnection"
+}
+/**
+ * IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html. \
+ * {@link KnownIpvsScheduler} can be used interchangeably with IpvsScheduler,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **RoundRobin**: Round Robin \
+ * **LeastConnection**: Least Connection
+ */
+export type IpvsScheduler = string;
 /** AADProfile specifies attributes for Azure Active Directory integration. For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). */
 export interface ManagedClusterAADProfile {
     /** Whether to enable managed AAD. */
@@ -2176,6 +2669,8 @@ export interface ManagedClusterHttpProxyConfig {
     httpsProxy?: string;
     /** The endpoints that should not go through proxy. */
     noProxy?: string[];
+    /** A read-only list of all endpoints for which traffic should not be sent to the proxy. This list is a superset of noProxy and values injected by AKS. */
+    readonly effectiveNoProxy?: string[];
     /** Alternative CA cert to use for connecting to proxy servers. */
     trustedCa?: string;
     /** Whether to enable HTTP proxy. If disabled, the specified proxy configuration will be not be set on pods and nodes. If not specified, the default is true. */
@@ -2189,12 +2684,20 @@ export interface ManagedClusterSecurityProfile {
     defender?: ManagedClusterSecurityProfileDefender;
     /** Azure Key Vault [key management service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. */
     azureKeyVaultKms?: AzureKeyVaultKms;
+    /** Encryption at rest of Kubernetes resource objects. More information on this can be found under https://aka.ms/aks/kubernetesResourceObjectEncryption */
+    kubernetesResourceObjectEncryptionProfile?: KubernetesResourceObjectEncryptionProfile;
     /** Workload identity settings for the security profile. Workload identity enables Kubernetes applications to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. */
     workloadIdentity?: ManagedClusterSecurityProfileWorkloadIdentity;
     /** Image Cleaner settings for the security profile. */
     imageCleaner?: ManagedClusterSecurityProfileImageCleaner;
+    /** Image integrity is a feature that works with Azure Policy to verify image integrity by signature. This will not have any effect unless Azure Policy is applied to enforce image signatures. See https://aka.ms/aks/image-integrity for how to use this feature via policy. */
+    imageIntegrity?: ManagedClusterSecurityProfileImageIntegrity;
+    /** [Node Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings for the security profile. */
+    nodeRestriction?: ManagedClusterSecurityProfileNodeRestriction;
     /** A list of up to 10 base64 encoded CAs that will be added to the trust store on all nodes in the cluster. For more information see [Custom CA Trust Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority). */
     customCATrustCertificates?: Uint8Array[];
+    /** Defines service account based image pull settings. */
+    serviceAccountImagePullProfile?: ServiceAccountImagePullProfile;
 }
 export declare function managedClusterSecurityProfileSerializer(item: ManagedClusterSecurityProfile): any;
 export declare function managedClusterSecurityProfileDeserializer(item: any): ManagedClusterSecurityProfile;
@@ -2204,6 +2707,8 @@ export interface ManagedClusterSecurityProfileDefender {
     logAnalyticsWorkspaceResourceId?: string;
     /** Microsoft Defender threat detection for Cloud settings for the security profile. */
     securityMonitoring?: ManagedClusterSecurityProfileDefenderSecurityMonitoring;
+    /** Microsoft Defender settings for security gating, validates container images eligibility for deployment based on Defender for Containers security findings. Using Admission Controller, it either audits or prevents the deployment of images that do not meet security standards. */
+    securityGating?: ManagedClusterSecurityProfileDefenderSecurityGating;
 }
 export declare function managedClusterSecurityProfileDefenderSerializer(item: ManagedClusterSecurityProfileDefender): any;
 export declare function managedClusterSecurityProfileDefenderDeserializer(item: any): ManagedClusterSecurityProfileDefender;
@@ -2214,6 +2719,28 @@ export interface ManagedClusterSecurityProfileDefenderSecurityMonitoring {
 }
 export declare function managedClusterSecurityProfileDefenderSecurityMonitoringSerializer(item: ManagedClusterSecurityProfileDefenderSecurityMonitoring): any;
 export declare function managedClusterSecurityProfileDefenderSecurityMonitoringDeserializer(item: any): ManagedClusterSecurityProfileDefenderSecurityMonitoring;
+/** Microsoft Defender settings for security gating, validates container images eligibility for deployment based on Defender for Containers security findings. Using Admission Controller, it either audits or prevents the deployment of images that do not meet security standards. */
+export interface ManagedClusterSecurityProfileDefenderSecurityGating {
+    /** Whether to enable Defender security gating. When enabled, the gating feature will scan container images and audit or block the deployment of images that do not meet security standards according to the configured security rules. */
+    enabled?: boolean;
+    /** List of identities that the admission controller will make use of in order to pull security artifacts from the registry. These are the same identities used by the cluster to pull container images. Each identity provided should have federated identity credential attached to it. */
+    identities?: ManagedClusterSecurityProfileDefenderSecurityGatingIdentitiesItem[];
+    /** In use only while registry access granted by secret rather than managed identity. Set whether to grant the Defender gating agent access to the cluster's secrets for pulling images from registries. If secret access is denied and the registry requires pull secrets, the add-on will not perform any image validation. Default value is false. */
+    allowSecretAccess?: boolean;
+}
+export declare function managedClusterSecurityProfileDefenderSecurityGatingSerializer(item: ManagedClusterSecurityProfileDefenderSecurityGating): any;
+export declare function managedClusterSecurityProfileDefenderSecurityGatingDeserializer(item: any): ManagedClusterSecurityProfileDefenderSecurityGating;
+export declare function managedClusterSecurityProfileDefenderSecurityGatingIdentitiesItemArraySerializer(result: Array<ManagedClusterSecurityProfileDefenderSecurityGatingIdentitiesItem>): any[];
+export declare function managedClusterSecurityProfileDefenderSecurityGatingIdentitiesItemArrayDeserializer(result: Array<ManagedClusterSecurityProfileDefenderSecurityGatingIdentitiesItem>): any[];
+/** Identity information used by Defender security gating to access container registries. */
+export interface ManagedClusterSecurityProfileDefenderSecurityGatingIdentitiesItem {
+    /** The container registry for which the identity will be used; the identity specified here should have a federated identity credential attached to it. */
+    azureContainerRegistry?: string;
+    /** The identity object used to access the registry */
+    identity?: UserAssignedIdentity;
+}
+export declare function managedClusterSecurityProfileDefenderSecurityGatingIdentitiesItemSerializer(item: ManagedClusterSecurityProfileDefenderSecurityGatingIdentitiesItem): any;
+export declare function managedClusterSecurityProfileDefenderSecurityGatingIdentitiesItemDeserializer(item: any): ManagedClusterSecurityProfileDefenderSecurityGatingIdentitiesItem;
 /** Azure Key Vault key management service settings for the security profile. */
 export interface AzureKeyVaultKms {
     /** Whether to enable Azure Key Vault key management service. The default is false. */
@@ -2243,6 +2770,29 @@ export declare enum KnownKeyVaultNetworkAccessTypes {
  * **Private**: Key vault disables public access and enables private link.
  */
 export type KeyVaultNetworkAccessTypes = string;
+/** Encryption at rest of Kubernetes resource objects using service-managed keys. More information on this can be found under https://aka.ms/aks/kubernetesResourceObjectEncryption. */
+export interface KubernetesResourceObjectEncryptionProfile {
+    /** Whether to enable encryption at rest of Kubernetes resource objects using service-managed keys. More information on this can be found under https://aka.ms/aks/kubernetesResourceObjectEncryption. */
+    infrastructureEncryption?: InfrastructureEncryption;
+}
+export declare function kubernetesResourceObjectEncryptionProfileSerializer(item: KubernetesResourceObjectEncryptionProfile): any;
+export declare function kubernetesResourceObjectEncryptionProfileDeserializer(item: any): KubernetesResourceObjectEncryptionProfile;
+/** Whether to enable encryption at rest of Kubernetes resource objects using service-managed keys. More information on this can be found under https://aka.ms/aks/kubernetesResourceObjectEncryption. */
+export declare enum KnownInfrastructureEncryption {
+    /** Encryption at rest of Kubernetes resource objects using service-managed keys is enabled. More information on this can be found under https://aka.ms/aks/kubernetesResourceObjectEncryption. */
+    Enabled = "Enabled",
+    /** Encryption at rest of Kubernetes resource objects using service-managed keys is disabled. More information on this can be found under https://aka.ms/aks/kubernetesResourceObjectEncryption. */
+    Disabled = "Disabled"
+}
+/**
+ * Whether to enable encryption at rest of Kubernetes resource objects using service-managed keys. More information on this can be found under https://aka.ms/aks/kubernetesResourceObjectEncryption. \
+ * {@link KnownInfrastructureEncryption} can be used interchangeably with InfrastructureEncryption,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Enabled**: Encryption at rest of Kubernetes resource objects using service-managed keys is enabled. More information on this can be found under https:\//aka.ms\/aks\/kubernetesResourceObjectEncryption. \
+ * **Disabled**: Encryption at rest of Kubernetes resource objects using service-managed keys is disabled. More information on this can be found under https:\//aka.ms\/aks\/kubernetesResourceObjectEncryption.
+ */
+export type InfrastructureEncryption = string;
 /** Workload identity settings for the security profile. */
 export interface ManagedClusterSecurityProfileWorkloadIdentity {
     /** Whether to enable workload identity. */
@@ -2259,6 +2809,29 @@ export interface ManagedClusterSecurityProfileImageCleaner {
 }
 export declare function managedClusterSecurityProfileImageCleanerSerializer(item: ManagedClusterSecurityProfileImageCleaner): any;
 export declare function managedClusterSecurityProfileImageCleanerDeserializer(item: any): ManagedClusterSecurityProfileImageCleaner;
+/** Image integrity related settings for the security profile. */
+export interface ManagedClusterSecurityProfileImageIntegrity {
+    /** Whether to enable image integrity. The default value is false. */
+    enabled?: boolean;
+}
+export declare function managedClusterSecurityProfileImageIntegritySerializer(item: ManagedClusterSecurityProfileImageIntegrity): any;
+export declare function managedClusterSecurityProfileImageIntegrityDeserializer(item: any): ManagedClusterSecurityProfileImageIntegrity;
+/** Node Restriction settings for the security profile. */
+export interface ManagedClusterSecurityProfileNodeRestriction {
+    /** Whether to enable Node Restriction */
+    enabled?: boolean;
+}
+export declare function managedClusterSecurityProfileNodeRestrictionSerializer(item: ManagedClusterSecurityProfileNodeRestriction): any;
+export declare function managedClusterSecurityProfileNodeRestrictionDeserializer(item: any): ManagedClusterSecurityProfileNodeRestriction;
+/** Profile for configuring image pull authentication to use service account scoped managed identities for authentication instead of node scoped managed identity (kubelet identity) for authentication to Azure Container Registry. For more information, refer to https://aka.ms/aks/identity-binding/acr-image-pull/docs */
+export interface ServiceAccountImagePullProfile {
+    /** Indicates whether service account based image pull is enabled, for which identity bindings are required for the managed identity to be used for authentication. For more information, refer to https://aka.ms/aks/identity-binding-docs. */
+    enabled?: boolean;
+    /** Optional. The default managed identity resource ID used for image pulls at the cluster level. When configured, this identity is used if a Pod’s service account does not explicitly specify an identity for pulling images. If not configured and no identity is specified at service account level, image will be pulled via anonymous authentication. */
+    defaultManagedIdentityId?: string;
+}
+export declare function serviceAccountImagePullProfileSerializer(item: ServiceAccountImagePullProfile): any;
+export declare function serviceAccountImagePullProfileDeserializer(item: any): ServiceAccountImagePullProfile;
 /** Storage profile for the container service cluster. */
 export interface ManagedClusterStorageProfile {
     /** AzureDisk CSI Driver settings for the storage profile. */
@@ -2306,6 +2879,8 @@ export interface ManagedClusterIngressProfile {
     webAppRouting?: ManagedClusterIngressProfileWebAppRouting;
     /** Settings for the managed Gateway API installation */
     gatewayAPI?: ManagedClusterIngressProfileGatewayConfiguration;
+    /** Settings for the managed Application Load Balancer installation */
+    applicationLoadBalancer?: ManagedClusterIngressProfileApplicationLoadBalancer;
 }
 export declare function managedClusterIngressProfileSerializer(item: ManagedClusterIngressProfile): any;
 export declare function managedClusterIngressProfileDeserializer(item: any): ManagedClusterIngressProfile;
@@ -2321,6 +2896,8 @@ export interface ManagedClusterIngressProfileWebAppRouting {
     nginx?: ManagedClusterIngressProfileNginx;
     /** Managed identity of the Application Routing add-on. This is the identity that should be granted permissions, for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See [this overview of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) for more instructions. */
     readonly identity?: UserAssignedIdentity;
+    /** Configuration for the Default Domain. This is a unique, autogenerated domain that comes with a signed TLS Certificate allowing for secure HTTPS. See [the Default Domain documentation](https://aka.ms/aks/defaultdomain) for more instructions. */
+    defaultDomain?: ManagedClusterIngressDefaultDomainProfile;
 }
 export declare function managedClusterIngressProfileWebAppRoutingSerializer(item: ManagedClusterIngressProfileWebAppRouting): any;
 export declare function managedClusterIngressProfileWebAppRoutingDeserializer(item: any): ManagedClusterIngressProfileWebAppRouting;
@@ -2383,6 +2960,15 @@ export declare enum KnownNginxIngressControllerType {
  * **None**: The default Ingress Controller will not be created. It will not be deleted by the system if it exists. Users should delete the default NginxIngressController Custom Resource manually if desired.
  */
 export type NginxIngressControllerType = string;
+/** Default domain profile for the managed cluster ingress profile. */
+export interface ManagedClusterIngressDefaultDomainProfile {
+    /** Whether to enable Default Domain. */
+    enabled?: boolean;
+    /** The unique fully qualified domain name assigned to the cluster. This will not change even if disabled then reenabled. */
+    readonly domainName?: string;
+}
+export declare function managedClusterIngressDefaultDomainProfileSerializer(item: ManagedClusterIngressDefaultDomainProfile): any;
+export declare function managedClusterIngressDefaultDomainProfileDeserializer(item: any): ManagedClusterIngressDefaultDomainProfile;
 /** Configuration for managed Gateway API CRDs. See https://aka.ms/k8s-gateway-api for more details. */
 export interface ManagedClusterIngressProfileGatewayConfiguration {
     /** Configuration for the managed Gateway API installation. If not specified, the default is 'Disabled'. See https://aka.ms/k8s-gateway-api for more details. */
@@ -2406,12 +2992,23 @@ export declare enum KnownManagedGatewayType {
  * **Standard**: Gateway API CRDs from the standard release channel will be reconciled onto your cluster. See https:\//aka.ms\/gateway-api-versions to see which bundle will be installed for your Kubernetes version.
  */
 export type ManagedGatewayType = string;
+/** Application Load Balancer settings for the ingress profile. */
+export interface ManagedClusterIngressProfileApplicationLoadBalancer {
+    /** Whether to enable Application Load Balancer. */
+    enabled?: boolean;
+    /** Managed identity of the Application Load Balancer add-on. This is the identity that should be granted permissions to manage the associated Application Gateway for Containers resource. */
+    readonly identity?: UserAssignedIdentity;
+}
+export declare function managedClusterIngressProfileApplicationLoadBalancerSerializer(item: ManagedClusterIngressProfileApplicationLoadBalancer): any;
+export declare function managedClusterIngressProfileApplicationLoadBalancerDeserializer(item: any): ManagedClusterIngressProfileApplicationLoadBalancer;
 /** PublicNetworkAccess of the managedCluster. Allow or deny public network access for AKS */
 export declare enum KnownPublicNetworkAccess {
     /** Inbound/Outbound to the managedCluster is allowed. */
     Enabled = "Enabled",
     /** Inbound traffic to managedCluster is disabled, traffic from managedCluster is allowed. */
-    Disabled = "Disabled"
+    Disabled = "Disabled",
+    /** Inbound/Outbound traffic is managed by Microsoft.Network/NetworkSecurityPerimeters. */
+    SecuredByPerimeter = "SecuredByPerimeter"
 }
 /**
  * PublicNetworkAccess of the managedCluster. Allow or deny public network access for AKS \
@@ -2419,7 +3016,8 @@ export declare enum KnownPublicNetworkAccess {
  *  this enum contains the known values that the service supports.
  * ### Known values supported by the service
  * **Enabled**: Inbound\/Outbound to the managedCluster is allowed. \
- * **Disabled**: Inbound traffic to managedCluster is disabled, traffic from managedCluster is allowed.
+ * **Disabled**: Inbound traffic to managedCluster is disabled, traffic from managedCluster is allowed. \
+ * **SecuredByPerimeter**: Inbound\/Outbound traffic is managed by Microsoft.Network\/NetworkSecurityPerimeters.
  */
 export type PublicNetworkAccess = string;
 /** Workload Auto-scaler profile for the managed cluster. */
@@ -2442,13 +3040,33 @@ export declare function managedClusterWorkloadAutoScalerProfileKedaDeserializer(
 export interface ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler {
     /** Whether to enable VPA. Default value is false. */
     enabled: boolean;
+    /** Whether VPA add-on is enabled and configured to scale AKS-managed add-ons. */
+    addonAutoscaling?: AddonAutoscaling;
 }
 export declare function managedClusterWorkloadAutoScalerProfileVerticalPodAutoscalerSerializer(item: ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler): any;
 export declare function managedClusterWorkloadAutoScalerProfileVerticalPodAutoscalerDeserializer(item: any): ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler;
+/** Whether VPA add-on is enabled and configured to scale AKS-managed add-ons. */
+export declare enum KnownAddonAutoscaling {
+    /** Feature to autoscale AKS-managed add-ons is enabled. The default VPA update mode is Initial mode. */
+    Enabled = "Enabled",
+    /** Feature to autoscale AKS-managed add-ons is disabled. */
+    Disabled = "Disabled"
+}
+/**
+ * Whether VPA add-on is enabled and configured to scale AKS-managed add-ons. \
+ * {@link KnownAddonAutoscaling} can be used interchangeably with AddonAutoscaling,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Enabled**: Feature to autoscale AKS-managed add-ons is enabled. The default VPA update mode is Initial mode. \
+ * **Disabled**: Feature to autoscale AKS-managed add-ons is disabled.
+ */
+export type AddonAutoscaling = string;
 /** Azure Monitor addon profiles for monitoring the managed cluster. */
 export interface ManagedClusterAzureMonitorProfile {
     /** Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus for an overview. */
     metrics?: ManagedClusterAzureMonitorProfileMetrics;
+    /** Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. */
+    containerInsights?: ManagedClusterAzureMonitorProfileContainerInsights;
     /** Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview. */
     appMonitoring?: ManagedClusterAzureMonitorProfileAppMonitoring;
 }
@@ -2481,10 +3099,47 @@ export interface ManagedClusterAzureMonitorProfileMetricsControlPlane {
 }
 export declare function managedClusterAzureMonitorProfileMetricsControlPlaneSerializer(item: ManagedClusterAzureMonitorProfileMetricsControlPlane): any;
 export declare function managedClusterAzureMonitorProfileMetricsControlPlaneDeserializer(item: any): ManagedClusterAzureMonitorProfileMetricsControlPlane;
+/** Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. */
+export interface ManagedClusterAzureMonitorProfileContainerInsights {
+    /** Indicates if Azure Monitor Container Insights Logs Addon is enabled or not. */
+    enabled?: boolean;
+    /** Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing Azure Monitor Container Insights Logs. */
+    logAnalyticsWorkspaceResourceId?: string;
+    /** The syslog host port. If not specified, the default port is 28330. */
+    syslogPort?: number;
+    /** Indicates whether custom metrics collection has to be disabled or not. If not specified the default is false. No custom metrics will be emitted if this field is false but the container insights enabled field is false */
+    disableCustomMetrics?: boolean;
+    /** Indicates whether prometheus metrics scraping is disabled or not. If not specified the default is false. No prometheus metrics will be emitted if this field is false but the container insights enabled field is false */
+    disablePrometheusMetricsScraping?: boolean;
+    /** Configures container network logs ingestion with Azure Monitor. Which network logs to ingest is controlled by the CRD found in the following links. No network logs are ingested by default. More information on container network logs can be found at https://aka.ms/ContainerNetworkLogsDoc. More information on configuring container network log can be found at https://aka.ms/acns/howtoenablecnl. If not specified, the default is Disabled. */
+    containerNetworkLogs?: ContainerNetworkLogs;
+}
+export declare function managedClusterAzureMonitorProfileContainerInsightsSerializer(item: ManagedClusterAzureMonitorProfileContainerInsights): any;
+export declare function managedClusterAzureMonitorProfileContainerInsightsDeserializer(item: any): ManagedClusterAzureMonitorProfileContainerInsights;
+/** Configures container network logs ingestion with Azure Monitor. Which network logs to ingest is controlled by the CRD found in the following links. No network logs are ingested by default. More information on container network logs can be found at https://aka.ms/ContainerNetworkLogsDoc. More information on configuring container network log can be found at https://aka.ms/acns/howtoenablecnl. If not specified, the default is Disabled. */
+export declare enum KnownContainerNetworkLogs {
+    /** Azure monitor ingestion of container network logs is disabled */
+    Disabled = "Disabled",
+    /** Azure monitor ingestion of container network logs is enabled */
+    Enabled = "Enabled"
+}
+/**
+ * Configures container network logs ingestion with Azure Monitor. Which network logs to ingest is controlled by the CRD found in the following links. No network logs are ingested by default. More information on container network logs can be found at https://aka.ms/ContainerNetworkLogsDoc. More information on configuring container network log can be found at https://aka.ms/acns/howtoenablecnl. If not specified, the default is Disabled. \
+ * {@link KnownContainerNetworkLogs} can be used interchangeably with ContainerNetworkLogs,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Disabled**: Azure monitor ingestion of container network logs is disabled \
+ * **Enabled**: Azure monitor ingestion of container network logs is enabled
+ */
+export type ContainerNetworkLogs = string;
 /** Application Monitoring profile for AKS. */
 export interface ManagedClusterAzureMonitorProfileAppMonitoring {
     /** Application Monitoring auto-instrumentation for AKS. Deploys a webhook that auto-instruments workloads with Microsoft OpenTelemetry Distros to collect OpenTelemetry metrics, logs, and traces. See https://aka.ms/AKSAppMonitoringDocs and https://aka.ms/AzureMonitorApplicationMonitoring for an overview. */
     autoInstrumentation?: ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation;
+    /** Application Monitoring Open Telemetry Metrics Profile for AKS. Collects OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See https://aka.ms/AKSAppMonitoringDocs and https://aka.ms/AzureMonitorApplicationMonitoring for an overview. */
+    openTelemetryMetrics?: ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics;
+    /** Application Monitoring Open Telemetry Logs and Traces Profile for AKS. Collects OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See https://aka.ms/AKSAppMonitoringDocs and https://aka.ms/AzureMonitorApplicationMonitoring for an overview. */
+    openTelemetryLogsAndTraces?: ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogsAndTraces;
 }
 export declare function managedClusterAzureMonitorProfileAppMonitoringSerializer(item: ManagedClusterAzureMonitorProfileAppMonitoring): any;
 export declare function managedClusterAzureMonitorProfileAppMonitoringDeserializer(item: any): ManagedClusterAzureMonitorProfileAppMonitoring;
@@ -2495,6 +3150,28 @@ export interface ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentati
 }
 export declare function managedClusterAzureMonitorProfileAppMonitoringAutoInstrumentationSerializer(item: ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation): any;
 export declare function managedClusterAzureMonitorProfileAppMonitoringAutoInstrumentationDeserializer(item: any): ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation;
+/** Application Monitoring Open Telemetry Metrics Profile for AKS. Collects OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See https://aka.ms/AKSAppMonitoringDocs and https://aka.ms/AzureMonitorApplicationMonitoring for an overview. */
+export interface ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics {
+    /** Indicates if Application Monitoring Open Telemetry Metrics is enabled or not. */
+    enabled?: boolean;
+    /** The host port for Open Telemetry HTTP/PROTOBUF metrics. If not specified, the default port is 28333. */
+    httpPort?: number;
+    /** The host port for Open Telemetry GRPC metrics. If not specified, the default port is 28334. */
+    grpcPort?: number;
+}
+export declare function managedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetricsSerializer(item: ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics): any;
+export declare function managedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetricsDeserializer(item: any): ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics;
+/** Application Monitoring Open Telemetry Logs and Traces Profile for AKS. Collects OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See https://aka.ms/AKSAppMonitoringDocs and https://aka.ms/AzureMonitorApplicationMonitoring for an overview. */
+export interface ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogsAndTraces {
+    /** Indicates if Application Monitoring Open Telemetry Logs and traces is enabled or not. */
+    enabled?: boolean;
+    /** The host port for Open Telemetry HTTP/PROTOBUF logs and traces. If not specified, the default port is 28331. */
+    httpPort?: number;
+    /** The host port for Open Telemetry GRPC logs and traces. If not specified, the default port is 28332. */
+    grpcPort?: number;
+}
+export declare function managedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogsAndTracesSerializer(item: ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogsAndTraces): any;
+export declare function managedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogsAndTracesDeserializer(item: any): ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogsAndTraces;
 /** Service mesh profile for a managed cluster. */
 export interface ServiceMeshProfile {
     /** Mode of the service mesh. */
@@ -2709,6 +3386,43 @@ export interface ManagedClusterAIToolchainOperatorProfile {
 }
 export declare function managedClusterAIToolchainOperatorProfileSerializer(item: ManagedClusterAIToolchainOperatorProfile): any;
 export declare function managedClusterAIToolchainOperatorProfileDeserializer(item: any): ManagedClusterAIToolchainOperatorProfile;
+/** The pod scheduler profile for the cluster. */
+export interface SchedulerProfile {
+    /** Mapping of each scheduler instance to its profile. */
+    schedulerInstanceProfiles?: SchedulerProfileSchedulerInstanceProfiles;
+}
+export declare function schedulerProfileSerializer(item: SchedulerProfile): any;
+export declare function schedulerProfileDeserializer(item: any): SchedulerProfile;
+/** Mapping of each scheduler instance to its profile. */
+export interface SchedulerProfileSchedulerInstanceProfiles {
+    /** The scheduler profile for the upstream scheduler instance. */
+    upstream?: SchedulerInstanceProfile;
+}
+export declare function schedulerProfileSchedulerInstanceProfilesSerializer(item: SchedulerProfileSchedulerInstanceProfiles): any;
+export declare function schedulerProfileSchedulerInstanceProfilesDeserializer(item: any): SchedulerProfileSchedulerInstanceProfiles;
+/** The scheduler profile for a single scheduler instance. */
+export interface SchedulerInstanceProfile {
+    /** The config customization mode for this scheduler instance. */
+    schedulerConfigMode?: SchedulerConfigMode;
+}
+export declare function schedulerInstanceProfileSerializer(item: SchedulerInstanceProfile): any;
+export declare function schedulerInstanceProfileDeserializer(item: any): SchedulerInstanceProfile;
+/** The config customization mode for this scheduler instance. */
+export declare enum KnownSchedulerConfigMode {
+    /** No config customization. Use default configuration. */
+    Default = "Default",
+    /** Enable config customization. Customer can specify scheduler configuration via a CRD. See aka.ms/aks/scheduler-crd for details. */
+    ManagedByCRD = "ManagedByCRD"
+}
+/**
+ * The config customization mode for this scheduler instance. \
+ * {@link KnownSchedulerConfigMode} can be used interchangeably with SchedulerConfigMode,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Default**: No config customization. Use default configuration. \
+ * **ManagedByCRD**: Enable config customization. Customer can specify scheduler configuration via a CRD. See aka.ms\/aks\/scheduler-crd for details.
+ */
+export type SchedulerConfigMode = string;
 /** Settings for hosted system addons. */
 export interface ManagedClusterHostedSystemProfile {
     /** Whether to enable hosted system addons for the cluster. */
@@ -2720,6 +3434,67 @@ export interface ManagedClusterHostedSystemProfile {
 }
 export declare function managedClusterHostedSystemProfileSerializer(item: ManagedClusterHostedSystemProfile): any;
 export declare function managedClusterHostedSystemProfileDeserializer(item: any): ManagedClusterHostedSystemProfile;
+/** Health monitor profile for the managed cluster. */
+export interface ManagedClusterHealthMonitorProfile {
+    /** Whether to enable continuous control plane and addon monitor. */
+    enableContinuousControlPlaneAndAddonMonitor?: boolean;
+    /** Whether to enable on-demand monitor. */
+    enableOnDemandMonitor?: boolean;
+}
+export declare function managedClusterHealthMonitorProfileSerializer(item: ManagedClusterHealthMonitorProfile): any;
+export declare function managedClusterHealthMonitorProfileDeserializer(item: any): ManagedClusterHealthMonitorProfile;
+/** Profile for providing scaled and performance guaranteed control plane capacity to deliver consistent performance under high workload. Requires Kubernetes version 1.33.0 or later. */
+export interface ManagedClusterControlPlaneScalingProfile {
+    /** The scaling size of the control plane. Scaling sizes offer guaranteed capacity and predictable Kubernetes performance beyond standard tier defaults. Higher H sizes provide increased performance guarantees. See https://aka.ms/aks/hyperscale for performance metrics details for each size. */
+    scalingSize: ControlPlaneScalingSize;
+}
+export declare function managedClusterControlPlaneScalingProfileSerializer(item: ManagedClusterControlPlaneScalingProfile): any;
+export declare function managedClusterControlPlaneScalingProfileDeserializer(item: any): ManagedClusterControlPlaneScalingProfile;
+/** The scaling size of the control plane. Scaling sizes offer guaranteed capacity and predictable Kubernetes performance beyond standard tier defaults. Higher H sizes provide increased performance guarantees. See https://aka.ms/aks/hyperscale for performance metrics details for each size. */
+export declare enum KnownControlPlaneScalingSize {
+    /** H2 is the smallest scaling size with guaranteed capacity and predictable performance beyond standard tier defaults. */
+    H2 = "H2",
+    /** H4 scaling size provides increased guaranteed performance over H2. */
+    H4 = "H4",
+    /** H8 scaling size provides increased guaranteed performance over H4. */
+    H8 = "H8"
+}
+/**
+ * The scaling size of the control plane. Scaling sizes offer guaranteed capacity and predictable Kubernetes performance beyond standard tier defaults. Higher H sizes provide increased performance guarantees. See https://aka.ms/aks/hyperscale for performance metrics details for each size. \
+ * {@link KnownControlPlaneScalingSize} can be used interchangeably with ControlPlaneScalingSize,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **H2**: H2 is the smallest scaling size with guaranteed capacity and predictable performance beyond standard tier defaults. \
+ * **H4**: H4 scaling size provides increased guaranteed performance over H2. \
+ * **H8**: H8 scaling size provides increased guaranteed performance over H4.
+ */
+export type ControlPlaneScalingSize = string;
+/** Node disruption profile for a managed cluster. */
+export interface NodeDisruptionProfile {
+    /** The policy configuration for when to allow certain operations which require node re-image and trigger redeployment. For example, some operations, such as updating the .properties.ManagedClusterSecurityProfile.customCATrustCertificates field on an existing managed cluster, trigger rolling updates of the nodes. This setting allows control over when such updates are accepted. The default is 'Allow'. For a full list of covered operations see aka.ms/aks/nodedisruptionpolicy". */
+    nodeDisruptionPolicy?: NodeDisruptionPolicy;
+}
+export declare function nodeDisruptionProfileSerializer(item: NodeDisruptionProfile): any;
+export declare function nodeDisruptionProfileDeserializer(item: any): NodeDisruptionProfile;
+/** The policy configuration for when to allow certain operations which require node re-image and trigger redeployment. For example, some operations, such as updating the .properties.ManagedClusterSecurityProfile.customCATrustCertificates field on an existing managed cluster, trigger rolling updates of the nodes. This setting allows control over when such updates are accepted. The default is 'Allow'. For a full list of covered operations see aka.ms/aks/nodedisruptionpolicy". */
+export declare enum KnownNodeDisruptionPolicy {
+    /** Allows operations that will require node re-image and trigger redeployment. */
+    Allow = "Allow",
+    /** Blocks certain operations that will require node re-image and trigger redeployment unless within the aksManagedNodeOSUpgradeSchedule maintenance window. For a full list of covered operations see aka.ms/aks/nodedisruptionpolicy . For more information on using the aksManagedNodeOSUpgradeSchedule maintenance window, please see https://learn.microsoft.com/azure/aks/planned-maintenance?tabs=azure-cli */
+    AllowDuringMaintenanceWindow = "AllowDuringMaintenanceWindow",
+    /** Blocks certain operations that will require node re-image and trigger redeployment. For a full list of covered operations see aka.ms/aks/nodedisruptionpolicy */
+    Block = "Block"
+}
+/**
+ * The policy configuration for when to allow certain operations which require node re-image and trigger redeployment. For example, some operations, such as updating the .properties.ManagedClusterSecurityProfile.customCATrustCertificates field on an existing managed cluster, trigger rolling updates of the nodes. This setting allows control over when such updates are accepted. The default is 'Allow'. For a full list of covered operations see aka.ms/aks/nodedisruptionpolicy". \
+ * {@link KnownNodeDisruptionPolicy} can be used interchangeably with NodeDisruptionPolicy,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Allow**: Allows operations that will require node re-image and trigger redeployment. \
+ * **AllowDuringMaintenanceWindow**: Blocks certain operations that will require node re-image and trigger redeployment unless within the aksManagedNodeOSUpgradeSchedule maintenance window. For a full list of covered operations see aka.ms\/aks\/nodedisruptionpolicy . For more information on using the aksManagedNodeOSUpgradeSchedule maintenance window, please see https:\//learn.microsoft.com\/azure\/aks\/planned-maintenance?tabs=azure-cli \
+ * **Block**: Blocks certain operations that will require node re-image and trigger redeployment. For a full list of covered operations see aka.ms\/aks\/nodedisruptionpolicy
+ */
+export type NodeDisruptionPolicy = string;
 /** Contains read-only information about the Managed Cluster. */
 export interface ManagedClusterStatus {
     /** The error details information of the managed cluster. Preserves the detailed info of failure. If there was no error, this field is omitted. */
@@ -2988,6 +3763,12 @@ export interface EndpointDetail {
     description?: string;
 }
 export declare function endpointDetailDeserializer(item: any): EndpointDetail;
+/** The names of the load balancers to rebalance. If set to empty, all load balancers will be rebalanced. */
+export interface RebalanceLoadBalancersRequestBody {
+    /** The load balancer names list. */
+    loadBalancerNames?: string[];
+}
+export declare function rebalanceLoadBalancersRequestBodySerializer(item: RebalanceLoadBalancersRequestBody): any;
 /** The list of available upgrades for compute pools. */
 export interface ManagedClusterUpgradeProfile extends ProxyResource {
     /** The list of available upgrade versions for the control plane. */
@@ -3014,6 +3795,8 @@ export interface ManagedClusterPoolUpgradeProfile {
     osType: OSType;
     /** List of orchestrator types and versions available for upgrade. */
     upgrades?: ManagedClusterPoolUpgradeProfileUpgradesItem[];
+    /** List of components grouped by kubernetes major.minor version. */
+    componentsByReleases?: ComponentsByRelease[];
 }
 export declare function managedClusterPoolUpgradeProfileDeserializer(item: any): ManagedClusterPoolUpgradeProfile;
 export declare function managedClusterPoolUpgradeProfileUpgradesItemArrayDeserializer(result: Array<ManagedClusterPoolUpgradeProfileUpgradesItem>): any[];
@@ -3023,9 +3806,89 @@ export interface ManagedClusterPoolUpgradeProfileUpgradesItem {
     kubernetesVersion?: string;
     /** Whether the Kubernetes version is currently in preview. */
     isPreview?: boolean;
+    /** Whether the Kubernetes version is out of support. */
+    isOutOfSupport?: boolean;
 }
 export declare function managedClusterPoolUpgradeProfileUpgradesItemDeserializer(item: any): ManagedClusterPoolUpgradeProfileUpgradesItem;
 export declare function managedClusterPoolUpgradeProfileArrayDeserializer(result: Array<ManagedClusterPoolUpgradeProfile>): any[];
+/** Available Guardrails Version */
+export interface GuardrailsAvailableVersion extends ProxyResource {
+    /** Whether the version is default or not and support info. */
+    properties: GuardrailsAvailableVersionsProperties;
+}
+export declare function guardrailsAvailableVersionDeserializer(item: any): GuardrailsAvailableVersion;
+/** Whether the version is default or not and support info. */
+export interface GuardrailsAvailableVersionsProperties {
+    /** Whether this is the default version. */
+    readonly isDefaultVersion?: boolean;
+    /** Whether the version is preview or stable. */
+    readonly support?: GuardrailsSupport;
+}
+export declare function guardrailsAvailableVersionsPropertiesDeserializer(item: any): GuardrailsAvailableVersionsProperties;
+/** Whether the version is preview or stable. */
+export declare enum KnownGuardrailsSupport {
+    /** The version is preview. It is not recommended to use preview versions on critical production clusters. The preview version may not support all use-cases. */
+    Preview = "Preview",
+    /** The version is stable and can be used on critical production clusters. */
+    Stable = "Stable"
+}
+/**
+ * Whether the version is preview or stable. \
+ * {@link KnownGuardrailsSupport} can be used interchangeably with GuardrailsSupport,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Preview**: The version is preview. It is not recommended to use preview versions on critical production clusters. The preview version may not support all use-cases. \
+ * **Stable**: The version is stable and can be used on critical production clusters.
+ */
+export type GuardrailsSupport = string;
+/** Hold values properties, which is array of GuardrailsVersions */
+export interface _GuardrailsAvailableVersionsList {
+    /** The GuardrailsAvailableVersion items on this page */
+    value: GuardrailsAvailableVersion[];
+    /** The link to the next page of items */
+    nextLink?: string;
+}
+export declare function _guardrailsAvailableVersionsListDeserializer(item: any): _GuardrailsAvailableVersionsList;
+export declare function guardrailsAvailableVersionArrayDeserializer(result: Array<GuardrailsAvailableVersion>): any[];
+/** Available Safeguards Version */
+export interface SafeguardsAvailableVersion extends ProxyResource {
+    /** Whether the version is default or not and support info. */
+    properties: SafeguardsAvailableVersionsProperties;
+}
+export declare function safeguardsAvailableVersionDeserializer(item: any): SafeguardsAvailableVersion;
+/** Whether the version is default or not and support info. */
+export interface SafeguardsAvailableVersionsProperties {
+    /** Whether this is the default version. */
+    readonly isDefaultVersion?: boolean;
+    /** Whether the version is preview or stable. */
+    readonly support?: SafeguardsSupport;
+}
+export declare function safeguardsAvailableVersionsPropertiesDeserializer(item: any): SafeguardsAvailableVersionsProperties;
+/** Whether the version is preview or stable. */
+export declare enum KnownSafeguardsSupport {
+    /** The version is preview. It is not recommended to use preview versions on critical production clusters. The preview version may not support all use-cases. */
+    Preview = "Preview",
+    /** The version is stable and can be used on critical production clusters. */
+    Stable = "Stable"
+}
+/**
+ * Whether the version is preview or stable. \
+ * {@link KnownSafeguardsSupport} can be used interchangeably with SafeguardsSupport,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Preview**: The version is preview. It is not recommended to use preview versions on critical production clusters. The preview version may not support all use-cases. \
+ * **Stable**: The version is stable and can be used on critical production clusters.
+ */
+export type SafeguardsSupport = string;
+/** Hold values properties, which is array of SafeguardsVersions */
+export interface _SafeguardsAvailableVersionsList {
+    /** The SafeguardsAvailableVersion items on this page */
+    value: SafeguardsAvailableVersion[];
+    /** The link to the next page of items */
+    nextLink?: string;
+}
+export declare function _safeguardsAvailableVersionsListDeserializer(item: any): _SafeguardsAvailableVersionsList;
+export declare function safeguardsAvailableVersionArrayDeserializer(result: Array<SafeguardsAvailableVersion>): any[];
 /** Mesh revision profile for a mesh. */
 export interface MeshRevisionProfile extends ProxyResource {
     /** Mesh revision profile properties for a mesh */
@@ -3307,6 +4170,73 @@ export interface _MaintenanceConfigurationListResult {
 export declare function _maintenanceConfigurationListResultDeserializer(item: any): _MaintenanceConfigurationListResult;
 export declare function maintenanceConfigurationArraySerializer(result: Array<MaintenanceConfiguration>): any[];
 export declare function maintenanceConfigurationArrayDeserializer(result: Array<MaintenanceConfiguration>): any[];
+/**
+ * A maintenance window is a resource-group-scoped resource that defines a reusable
+ * maintenance schedule which can be linked to maintenance configurations on one
+ * or more managed clusters.
+ * For more information, see https://aka.ms/aks/maintenance-windows.
+ */
+export interface MaintenanceWindowResource extends TrackedResource {
+    /** Properties of a maintenance window. */
+    properties?: MaintenanceWindowResourceProperties;
+}
+export declare function maintenanceWindowResourceSerializer(item: MaintenanceWindowResource): any;
+export declare function maintenanceWindowResourceDeserializer(item: any): MaintenanceWindowResource;
+/**
+ * Properties of a maintenance window.
+ * For more information, see https://aka.ms/aks/maintenance-windows.
+ */
+export interface MaintenanceWindowResourceProperties {
+    /** The provisioning state of the maintenance window. */
+    readonly provisioningState?: ResourceProvisioningState;
+    /**
+     * Recurrence schedule for the maintenance window. One and only one of the schedule
+     * types should be specified: 'daily', 'weekly', 'absoluteMonthly', or 'relativeMonthly'.
+     */
+    schedule: Schedule;
+    /**
+     * The date the maintenance window activates. If the current date is before this
+     * date, the maintenance window is inactive and will not be used. If not specified,
+     * the maintenance window will be active right away.
+     */
+    startDate?: Date;
+    /**
+     * The start time of the maintenance window. Accepted values are from '00:00' to
+     * '23:59'. 'utcOffset' applies to this field. For example: '02:00' with
+     * 'utcOffset: +02:00' means UTC time '00:00'.
+     */
+    startTime: string;
+    /** Length of the maintenance window in hours. */
+    durationHours: number;
+    /**
+     * The UTC offset in format +/-HH:mm. For example, '+05:30' for IST and '-07:00'
+     * for PST. If not specified, the default is '+00:00'.
+     * Note: this is a static offset and does not adjust for Daylight Saving Time.
+     * Customers in DST-observing regions should pick the offset that matches their
+     * preferred wall-clock time year-round; the maintenance window will shift by one
+     * hour relative to local time when DST starts or ends.
+     */
+    utcOffset?: string;
+    /**
+     * Date ranges during which maintenance is not allowed. 'utcOffset' applies to
+     * these dates. For example, with 'utcOffset: +02:00' and a date span of
+     * '2026-12-23' to '2027-01-03', maintenance will be blocked from
+     * '2026-12-22 22:00' to '2027-01-03 22:00' in UTC time.
+     */
+    notAllowedDates?: DateSpan[];
+}
+export declare function maintenanceWindowResourcePropertiesSerializer(item: MaintenanceWindowResourceProperties): any;
+export declare function maintenanceWindowResourcePropertiesDeserializer(item: any): MaintenanceWindowResourceProperties;
+/** The response of a MaintenanceWindowResource list operation. */
+export interface _MaintenanceWindowResourceListResult {
+    /** The MaintenanceWindowResource items on this page */
+    value: MaintenanceWindowResource[];
+    /** The link to the next page of items */
+    nextLink?: string;
+}
+export declare function _maintenanceWindowResourceListResultDeserializer(item: any): _MaintenanceWindowResourceListResult;
+export declare function maintenanceWindowResourceArraySerializer(result: Array<MaintenanceWindowResource>): any[];
+export declare function maintenanceWindowResourceArrayDeserializer(result: Array<MaintenanceWindowResource>): any[];
 /** Namespace managed by ARM. */
 export interface ManagedNamespace extends TrackedResource {
     /** Properties of a namespace. */
@@ -3456,22 +4386,63 @@ export interface Machine extends ProxyResource {
     /** The properties of the machine */
     properties?: MachineProperties;
     /** The Availability zone in which machine is located. */
-    readonly zones?: string[];
+    zones?: string[];
 }
+export declare function machineSerializer(item: Machine): any;
 export declare function machineDeserializer(item: any): Machine;
 /** The properties of the machine */
 export interface MachineProperties {
     /** network properties of the machine */
-    readonly network?: MachineNetworkProperties;
+    network?: MachineNetworkProperties;
     /** Azure resource id of the machine. It can be used to GET underlying VM Instance */
     readonly resourceId?: string;
+    /** The hardware and GPU settings of the machine. */
+    hardware?: MachineHardwareProfile;
+    /** The operating system and disk used by the machine. */
+    operatingSystem?: MachineOSProfile;
+    /** The Kubernetes configurations used by the machine. */
+    kubernetes?: MachineKubernetesProfile;
+    /** Machine only allows 'System' and 'User' mode. */
+    mode?: AgentPoolMode;
+    /** The security settings of the machine. */
+    security?: MachineSecurityProfile;
+    /** The priority for the machine. If not specified, the default is 'Regular'. */
+    priority?: ScaleSetPriority;
+    /** The eviction policy for machine. This cannot be specified unless the priority is 'Spot'. If not specified, the default is 'Delete'. */
+    evictionPolicy?: ScaleSetEvictionPolicy;
+    /** The properties having to do with machine billing. */
+    billing?: MachineBillingProfile;
+    /** The version of node image. */
+    readonly nodeImageVersion?: string;
+    /** The current deployment or provisioning state. */
+    readonly provisioningState?: string;
+    /** The tags to be persisted on the machine. */
+    tags?: Record<string, string>;
+    /** Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic concurrency per the normal eTag convention. */
+    readonly eTag?: string;
+    /** Contains read-only information about the machine. */
+    readonly status?: MachineStatus;
+    /** Configures the per-node local DNS, with VnetDNS and KubeDNS overrides. LocalDNS helps improve performance and reliability of DNS resolution in an AKS cluster. For more details see aka.ms/aks/localdns. */
+    localDNSProfile?: LocalDNSProfile;
 }
+export declare function machinePropertiesSerializer(item: MachineProperties): any;
 export declare function machinePropertiesDeserializer(item: any): MachineProperties;
 /** network properties of the machine */
 export interface MachineNetworkProperties {
     /** IPv4, IPv6 addresses of the machine */
     readonly ipAddresses?: MachineIpAddress[];
+    /** The ID of the subnet which node and optionally pods will join on startup. If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} */
+    vnetSubnetID?: string;
+    /** The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} */
+    podSubnetID?: string;
+    /** Whether the machine is allocated its own public IP. Some scenarios may require the machine to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. The default is false. */
+    enableNodePublicIP?: boolean;
+    /** The public IP prefix ID which VM node should use IPs from. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} */
+    nodePublicIPPrefixID?: string;
+    /** IPTags of instance-level public IPs. */
+    nodePublicIPTags?: IPTag[];
 }
+export declare function machineNetworkPropertiesSerializer(item: MachineNetworkProperties): any;
 export declare function machineNetworkPropertiesDeserializer(item: any): MachineNetworkProperties;
 export declare function machineIpAddressArrayDeserializer(result: Array<MachineIpAddress>): any[];
 /** The machine IP address details. */
@@ -3482,6 +4453,140 @@ export interface MachineIpAddress {
     readonly ip?: string;
 }
 export declare function machineIpAddressDeserializer(item: any): MachineIpAddress;
+/** The hardware and GPU settings of the machine. */
+export interface MachineHardwareProfile {
+    /** The size of the VM. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions */
+    vmSize?: string;
+    /** GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. */
+    gpuInstanceProfile?: GPUInstanceProfile;
+    /** The GPU settings of the machine. */
+    gpuProfile?: GPUProfile;
+    /** Whether to enable UltraSSD */
+    ultraSsdEnabled?: boolean;
+}
+export declare function machineHardwareProfileSerializer(item: MachineHardwareProfile): any;
+export declare function machineHardwareProfileDeserializer(item: any): MachineHardwareProfile;
+/** The operating system and disk used by the machine. */
+export interface MachineOSProfile {
+    /** The operating system type. The default is Linux. */
+    osType?: OSType;
+    /** Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is deprecated. */
+    osSKU?: Ossku;
+    /** OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified. */
+    osDiskSizeGB?: number;
+    /** The OS disk type to be used for machines in the agent pool. The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). */
+    osDiskType?: OSDiskType;
+    /** Whether to use a FIPS-enabled OS. */
+    enableFips?: boolean;
+    /** The Linux machine's specific profile. */
+    linuxProfile?: MachineOSProfileLinuxProfile;
+    /** The Windows machine's specific profile. */
+    windowsProfile?: AgentPoolWindowsProfile;
+}
+export declare function machineOSProfileSerializer(item: MachineOSProfile): any;
+export declare function machineOSProfileDeserializer(item: any): MachineOSProfile;
+/** The Linux machine's specific profile. */
+export interface MachineOSProfileLinuxProfile {
+    /** The OS configuration of Linux machine. */
+    linuxOSConfig?: LinuxOSConfig;
+    /** Message of the day for Linux nodes, base64-encoded. A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., will be printed raw and not be executed as a script). */
+    messageOfTheDay?: string;
+}
+export declare function machineOSProfileLinuxProfileSerializer(item: MachineOSProfileLinuxProfile): any;
+export declare function machineOSProfileLinuxProfileDeserializer(item: any): MachineOSProfileLinuxProfile;
+/** The Kubernetes configurations used by the machine. */
+export interface MachineKubernetesProfile {
+    /** The node labels on the machine. */
+    nodeLabels?: Record<string, string>;
+    /** The version of Kubernetes specified by the user. Both patch version <major.minor.patch> and <major.minor> are supported. When <major.minor> is specified, the latest supported patch version is chosen automatically. */
+    orchestratorVersion?: string;
+    /** The version of Kubernetes running on the machine. If orchestratorVersion was a fully specified version <major.minor.patch>, this field will be exactly equal to it. If orchestratorVersion was <major.minor>, this field will contain the full <major.minor.patch> version being used. */
+    readonly currentOrchestratorVersion?: string;
+    /** Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. */
+    kubeletDiskType?: KubeletDiskType;
+    /** The Kubelet configuration on the machine. */
+    kubeletConfig?: KubeletConfig;
+    /** Taints added on the node during creation that will not be reconciled by AKS. These taints will not be reconciled by AKS and can be removed with a kubectl call. These taints allow for required configuration to run before the node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint nodes node1 key1=value1:NoSchedule-` */
+    nodeInitializationTaints?: string[];
+    /** The taints added to new node during machine create. For example, key=value:NoSchedule. */
+    nodeTaints?: string[];
+    /** The maximum number of pods that can run on a node. */
+    maxPods?: number;
+    /** The node name in the Kubernetes cluster. */
+    readonly nodeName?: string;
+    /** Determines the type of workload a node can run. */
+    workloadRuntime?: WorkloadRuntime;
+    /** Configuration for using artifact streaming on AKS. */
+    artifactStreamingProfile?: AgentPoolArtifactStreamingProfile;
+}
+export declare function machineKubernetesProfileSerializer(item: MachineKubernetesProfile): any;
+export declare function machineKubernetesProfileDeserializer(item: any): MachineKubernetesProfile;
+/** The security settings of the machine. */
+export interface MachineSecurityProfile {
+    /** vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. */
+    enableVtpm?: boolean;
+    /** Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and drivers can boot. For more details, see aka.ms/aks/trustedlaunch.  If not specified, the default is false. */
+    enableSecureBoot?: boolean;
+    /** SSH access method of an agent pool. */
+    sshAccess?: AgentPoolSSHAccess;
+    /** Whether to enable host based OS and data drive encryption. This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption */
+    enableEncryptionAtHost?: boolean;
+}
+export declare function machineSecurityProfileSerializer(item: MachineSecurityProfile): any;
+export declare function machineSecurityProfileDeserializer(item: any): MachineSecurityProfile;
+/** The properties having to do with machine billing. */
+export interface MachineBillingProfile {
+    /** The max price (in US Dollars) you are willing to pay for spot instances. Possible values are any decimal value greater than zero or -1 which indicates default price to be up-to on-demand. For more details on spot pricing, see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) */
+    spotMaxPrice?: number;
+}
+export declare function machineBillingProfileSerializer(item: MachineBillingProfile): any;
+export declare function machineBillingProfileDeserializer(item: any): MachineBillingProfile;
+/** Contains read-only information about the machine. */
+export interface MachineStatus {
+    /** The error details information of the machine. Preserves the detailed info of failure. If there was no error, this field is omitted. */
+    readonly provisioningError?: ErrorDetail;
+    /** Specifies the time at which the machine was created. */
+    readonly creationTimestamp?: Date;
+    /** The drift action of the machine. Indicates whether a machine has deviated from its expected state due to changes in managed cluster properties, requiring corrective action. */
+    readonly driftAction?: DriftAction;
+    /** Reason for machine drift. Provides detailed information on why the machine has drifted. This field is omitted if the machine is up to date. */
+    readonly driftReason?: string;
+    /** Virtual machine state. Indicates the current state of the underlying virtual machine. */
+    readonly vmState?: VmState;
+}
+export declare function machineStatusDeserializer(item: any): MachineStatus;
+/** The drift action of the machine. Indicates whether a machine has deviated from its expected state due to changes in managed cluster properties, requiring corrective action. */
+export declare enum KnownDriftAction {
+    /** The machine is up to date. */
+    Synced = "Synced",
+    /** The machine has drifted and needs to be deleted and recreated. */
+    Recreate = "Recreate"
+}
+/**
+ * The drift action of the machine. Indicates whether a machine has deviated from its expected state due to changes in managed cluster properties, requiring corrective action. \
+ * {@link KnownDriftAction} can be used interchangeably with DriftAction,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Synced**: The machine is up to date. \
+ * **Recreate**: The machine has drifted and needs to be deleted and recreated.
+ */
+export type DriftAction = string;
+/** Virtual machine state. Indicates the current state of the underlying virtual machine. */
+export declare enum KnownVmState {
+    /** The virtual machine is currently running. */
+    Running = "Running",
+    /** The virtual machine has been deleted by the user or due to spot eviction. */
+    Deleted = "Deleted"
+}
+/**
+ * Virtual machine state. Indicates the current state of the underlying virtual machine. \
+ * {@link KnownVmState} can be used interchangeably with VmState,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Running**: The virtual machine is currently running. \
+ * **Deleted**: The virtual machine has been deleted by the user or due to spot eviction.
+ */
+export type VmState = string;
 /** The response of a Machine list operation. */
 export interface _MachineListResult {
     /** The Machine items on this page */
@@ -3490,6 +4595,7 @@ export interface _MachineListResult {
     nextLink?: string;
 }
 export declare function _machineListResultDeserializer(item: any): _MachineListResult;
+export declare function machineArraySerializer(result: Array<Machine>): any[];
 export declare function machineArrayDeserializer(result: Array<Machine>): any[];
 /** A private endpoint connection */
 export interface PrivateEndpointConnection extends ProxyResource {
@@ -3629,14 +4735,17 @@ export declare function snapshotPropertiesDeserializer(item: any): SnapshotPrope
 /** The type of a snapshot. The default is NodePool. */
 export declare enum KnownSnapshotType {
     /** The snapshot is a snapshot of a node pool. */
-    NodePool = "NodePool"
+    NodePool = "NodePool",
+    /** The snapshot is a snapshot of a managed cluster. */
+    ManagedCluster = "ManagedCluster"
 }
 /**
  * The type of a snapshot. The default is NodePool. \
  * {@link KnownSnapshotType} can be used interchangeably with SnapshotType,
  *  this enum contains the known values that the service supports.
  * ### Known values supported by the service
- * **NodePool**: The snapshot is a snapshot of a node pool.
+ * **NodePool**: The snapshot is a snapshot of a node pool. \
+ * **ManagedCluster**: The snapshot is a snapshot of a managed cluster.
  */
 export type SnapshotType = string;
 /** The response of a Snapshot list operation. */
@@ -3649,6 +4758,64 @@ export interface _SnapshotListResult {
 export declare function _snapshotListResultDeserializer(item: any): _SnapshotListResult;
 export declare function snapshotArraySerializer(result: Array<Snapshot>): any[];
 export declare function snapshotArrayDeserializer(result: Array<Snapshot>): any[];
+/** A managed cluster snapshot resource. */
+export interface ManagedClusterSnapshot extends TrackedResource {
+    /** CreationData to be used to specify the source resource ID to create this snapshot. */
+    creationData?: CreationData;
+    /** The type of a snapshot. The default is NodePool. */
+    snapshotType?: SnapshotType;
+    /** What the properties will be showed when getting managed cluster snapshot. Those properties are read-only. */
+    readonly managedClusterPropertiesReadOnly?: ManagedClusterPropertiesForSnapshot;
+}
+export declare function managedClusterSnapshotSerializer(item: ManagedClusterSnapshot): any;
+export declare function managedClusterSnapshotDeserializer(item: any): ManagedClusterSnapshot;
+/** Properties for a managed cluster snapshot. */
+export interface ManagedClusterSnapshotProperties {
+    /** CreationData to be used to specify the source resource ID to create this snapshot. */
+    creationData?: CreationData;
+    /** The type of a snapshot. The default is NodePool. */
+    snapshotType?: SnapshotType;
+    /** What the properties will be showed when getting managed cluster snapshot. Those properties are read-only. */
+    readonly managedClusterPropertiesReadOnly?: ManagedClusterPropertiesForSnapshot;
+}
+export declare function managedClusterSnapshotPropertiesSerializer(item: ManagedClusterSnapshotProperties): any;
+export declare function managedClusterSnapshotPropertiesDeserializer(item: any): ManagedClusterSnapshotProperties;
+/** managed cluster properties for snapshot, these properties are read only. */
+export interface ManagedClusterPropertiesForSnapshot {
+    /** The current kubernetes version. */
+    readonly kubernetesVersion?: string;
+    /** The current managed cluster sku. */
+    readonly sku?: ManagedClusterSKU;
+    /** Whether the cluster has enabled Kubernetes Role-Based Access Control or not. */
+    readonly enableRbac?: boolean;
+    /** The current network profile. */
+    readonly networkProfile?: NetworkProfileForSnapshot;
+}
+export declare function managedClusterPropertiesForSnapshotDeserializer(item: any): ManagedClusterPropertiesForSnapshot;
+/** network profile for managed cluster snapshot, these properties are read only. */
+export interface NetworkProfileForSnapshot {
+    /** networkPlugin for managed cluster snapshot. */
+    networkPlugin?: NetworkPlugin;
+    /** NetworkPluginMode for managed cluster snapshot. */
+    networkPluginMode?: NetworkPluginMode;
+    /** networkPolicy for managed cluster snapshot. */
+    networkPolicy?: NetworkPolicy;
+    /** networkMode for managed cluster snapshot. */
+    networkMode?: NetworkMode;
+    /** loadBalancerSku for managed cluster snapshot. */
+    loadBalancerSku?: LoadBalancerSku;
+}
+export declare function networkProfileForSnapshotDeserializer(item: any): NetworkProfileForSnapshot;
+/** The response of a ManagedClusterSnapshot list operation. */
+export interface _ManagedClusterSnapshotListResult {
+    /** The ManagedClusterSnapshot items on this page */
+    value: ManagedClusterSnapshot[];
+    /** The link to the next page of items */
+    nextLink?: string;
+}
+export declare function _managedClusterSnapshotListResultDeserializer(item: any): _ManagedClusterSnapshotListResult;
+export declare function managedClusterSnapshotArraySerializer(result: Array<ManagedClusterSnapshot>): any[];
+export declare function managedClusterSnapshotArrayDeserializer(result: Array<ManagedClusterSnapshot>): any[];
 /** Defines binding between a resource and role */
 export interface TrustedAccessRoleBinding extends ProxyResource {
     /** The current provisioning state of trusted access role binding. */
@@ -3706,6 +4873,94 @@ export interface _TrustedAccessRoleBindingListResult {
 export declare function _trustedAccessRoleBindingListResultDeserializer(item: any): _TrustedAccessRoleBindingListResult;
 export declare function trustedAccessRoleBindingArraySerializer(result: Array<TrustedAccessRoleBinding>): any[];
 export declare function trustedAccessRoleBindingArrayDeserializer(result: Array<TrustedAccessRoleBinding>): any[];
+/** The configurations regarding multiple standard load balancers. If not supplied, single load balancer mode will be used. Multiple standard load balancers mode will be used if at lease one configuration is supplied. There has to be a configuration named `kubernetes`. The name field will be the name of the corresponding public load balancer. There will be an internal load balancer created if needed, and the name will be `<name>-internal`. The internal lb shares the same configurations as the external one. The internal lbs are not needed to be included in LoadBalancer list. */
+export interface LoadBalancer extends ProxyResource {
+    /** Required field. A string value that must specify the ID of an existing agent pool. All nodes in the given pool will always be added to this load balancer. This agent pool must have at least one node and minCount>=1 for autoscaling operations. An agent pool can only be the primary pool for a single load balancer. */
+    primaryAgentPoolName?: string;
+    /** Whether to automatically place services on the load balancer. If not supplied, the default value is true. If set to false manually, both of the external and the internal load balancer will not be selected for services unless they explicitly target it. */
+    allowServicePlacement?: boolean;
+    /** Only services that must match this selector can be placed on this load balancer. */
+    serviceLabelSelector?: LabelSelector;
+    /** Services created in namespaces that match the selector can be placed on this load balancer. */
+    serviceNamespaceSelector?: LabelSelector;
+    /** Nodes that match this selector will be possible members of this load balancer. */
+    nodeSelector?: LabelSelector;
+    /** The current provisioning state. */
+    readonly provisioningState?: string;
+}
+export declare function loadBalancerSerializer(item: LoadBalancer): any;
+export declare function loadBalancerDeserializer(item: any): LoadBalancer;
+/** Properties for a load balancer resource. */
+export interface LoadBalancerProperties {
+    /** Required field. A string value that must specify the ID of an existing agent pool. All nodes in the given pool will always be added to this load balancer. This agent pool must have at least one node and minCount>=1 for autoscaling operations. An agent pool can only be the primary pool for a single load balancer. */
+    primaryAgentPoolName: string;
+    /** Whether to automatically place services on the load balancer. If not supplied, the default value is true. If set to false manually, both of the external and the internal load balancer will not be selected for services unless they explicitly target it. */
+    allowServicePlacement?: boolean;
+    /** Only services that must match this selector can be placed on this load balancer. */
+    serviceLabelSelector?: LabelSelector;
+    /** Services created in namespaces that match the selector can be placed on this load balancer. */
+    serviceNamespaceSelector?: LabelSelector;
+    /** Nodes that match this selector will be possible members of this load balancer. */
+    nodeSelector?: LabelSelector;
+    /** The current provisioning state. */
+    readonly provisioningState?: string;
+}
+export declare function loadBalancerPropertiesSerializer(item: LoadBalancerProperties): any;
+export declare function loadBalancerPropertiesDeserializer(item: any): LoadBalancerProperties;
+/** A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. */
+export interface LabelSelector {
+    /** matchLabels is an array of {key=value} pairs. A single {key=value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is `key`, the operator is `In`, and the values array contains only `value`. The requirements are ANDed. */
+    matchLabels?: string[];
+    /** matchExpressions is a list of label selector requirements. The requirements are ANDed. */
+    matchExpressions?: LabelSelectorRequirement[];
+}
+export declare function labelSelectorSerializer(item: LabelSelector): any;
+export declare function labelSelectorDeserializer(item: any): LabelSelector;
+export declare function labelSelectorRequirementArraySerializer(result: Array<LabelSelectorRequirement>): any[];
+export declare function labelSelectorRequirementArrayDeserializer(result: Array<LabelSelectorRequirement>): any[];
+/** A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. */
+export interface LabelSelectorRequirement {
+    /** key is the label key that the selector applies to. */
+    key?: string;
+    /** operator represents a key's relationship to a set of values. Valid operators are In and NotIn */
+    operator?: Operator;
+    /** values is an array of string values, the values array must be non-empty. */
+    values?: string[];
+}
+export declare function labelSelectorRequirementSerializer(item: LabelSelectorRequirement): any;
+export declare function labelSelectorRequirementDeserializer(item: any): LabelSelectorRequirement;
+/** operator represents a key's relationship to a set of values. Valid operators are In and NotIn */
+export declare enum KnownOperator {
+    /** The value of the key should be in the given list. */
+    In = "In",
+    /** The value of the key should not be in the given list. */
+    NotIn = "NotIn",
+    /** The value of the key should exist. */
+    Exists = "Exists",
+    /** The value of the key should not exist. */
+    DoesNotExist = "DoesNotExist"
+}
+/**
+ * operator represents a key's relationship to a set of values. Valid operators are In and NotIn \
+ * {@link KnownOperator} can be used interchangeably with Operator,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **In**: The value of the key should be in the given list. \
+ * **NotIn**: The value of the key should not be in the given list. \
+ * **Exists**: The value of the key should exist. \
+ * **DoesNotExist**: The value of the key should not exist.
+ */
+export type Operator = string;
+/** The response of a LoadBalancer list operation. */
+export interface _LoadBalancerListResult {
+    /** The LoadBalancer items on this page */
+    value: LoadBalancer[];
+    /** The link to the next page of items */
+    nextLink?: string;
+}
+export declare function _loadBalancerListResultDeserializer(item: any): _LoadBalancerListResult;
+export declare function loadBalancerArraySerializer(result: Array<LoadBalancer>): any[];
+export declare function loadBalancerArrayDeserializer(result: Array<LoadBalancer>): any[];
 /** The IdentityBinding resource. */
 export interface IdentityBinding extends ProxyResource {
     /** The resource-specific properties for this resource. */
@@ -3783,6 +5038,186 @@ export interface _IdentityBindingListResult {
 export declare function _identityBindingListResultDeserializer(item: any): _IdentityBindingListResult;
 export declare function identityBindingArraySerializer(result: Array<IdentityBinding>): any[];
 export declare function identityBindingArrayDeserializer(result: Array<IdentityBinding>): any[];
+/** Configuration for JWT authenticator in the managed cluster. */
+export interface JWTAuthenticator extends ProxyResource {
+    /** The properties of JWTAuthenticator. For details on how to configure the properties of a JWT authenticator, please refer to the Kubernetes documentation: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#using-authentication-configuration. Please note that not all fields available in the Kubernetes documentation are supported by AKS. For troubleshooting, please see https://aka.ms/aks-external-issuers-docs. */
+    properties: JWTAuthenticatorProperties;
+}
+export declare function jwtAuthenticatorSerializer(item: JWTAuthenticator): any;
+export declare function jwtAuthenticatorDeserializer(item: any): JWTAuthenticator;
+/** The properties of JWTAuthenticator. For details on how to configure the properties of a JWT authenticator, please refer to the Kubernetes documentation: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#using-authentication-configuration. Please note that not all fields available in the Kubernetes documentation are supported by AKS. For troubleshooting, please see https://aka.ms/aks-external-issuers-docs. */
+export interface JWTAuthenticatorProperties {
+    /** The current provisioning state of the JWT authenticator. */
+    readonly provisioningState?: JWTAuthenticatorProvisioningState;
+    /** The JWT OIDC issuer details. */
+    issuer: JWTAuthenticatorIssuer;
+    /** The rules that are applied to validate token claims to authenticate users. All the expressions must evaluate to true for validation to succeed. */
+    claimValidationRules?: JWTAuthenticatorValidationRule[];
+    /** The mappings that define how user attributes are extracted from the token claims. */
+    claimMappings: JWTAuthenticatorClaimMappings;
+    /** The rules that are applied to the mapped user before completing authentication. All the expressions must evaluate to true for validation to succeed. */
+    userValidationRules?: JWTAuthenticatorValidationRule[];
+}
+export declare function jwtAuthenticatorPropertiesSerializer(item: JWTAuthenticatorProperties): any;
+export declare function jwtAuthenticatorPropertiesDeserializer(item: any): JWTAuthenticatorProperties;
+/** The provisioning state of the last accepted operation. */
+export declare enum KnownJWTAuthenticatorProvisioningState {
+    /** Resource has been created. */
+    Succeeded = "Succeeded",
+    /** Resource creation failed. */
+    Failed = "Failed",
+    /** Resource creation was canceled. */
+    Canceled = "Canceled",
+    /** The JWT authenticator is being created. */
+    Creating = "Creating",
+    /** The JWT authenticator is being updated. */
+    Updating = "Updating",
+    /** The JWT authenticator is being deleted. */
+    Deleting = "Deleting"
+}
+/**
+ * The provisioning state of the last accepted operation. \
+ * {@link KnownJWTAuthenticatorProvisioningState} can be used interchangeably with JWTAuthenticatorProvisioningState,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Succeeded**: Resource has been created. \
+ * **Failed**: Resource creation failed. \
+ * **Canceled**: Resource creation was canceled. \
+ * **Creating**: The JWT authenticator is being created. \
+ * **Updating**: The JWT authenticator is being updated. \
+ * **Deleting**: The JWT authenticator is being deleted.
+ */
+export type JWTAuthenticatorProvisioningState = string;
+/** The OIDC issuer details for JWTAuthenticator. */
+export interface JWTAuthenticatorIssuer {
+    /** The issuer URL. The URL must begin with the scheme https and cannot contain a query string or fragment. This must match the "iss" claim in the presented JWT, and the issuer returned from discovery. */
+    url: string;
+    /** The set of acceptable audiences the JWT must be issued to. At least one is required. When multiple is set, AudienceMatchPolicy is used in API Server configuration. */
+    audiences: string[];
+}
+export declare function jwtAuthenticatorIssuerSerializer(item: JWTAuthenticatorIssuer): any;
+export declare function jwtAuthenticatorIssuerDeserializer(item: any): JWTAuthenticatorIssuer;
+export declare function jwtAuthenticatorValidationRuleArraySerializer(result: Array<JWTAuthenticatorValidationRule>): any[];
+export declare function jwtAuthenticatorValidationRuleArrayDeserializer(result: Array<JWTAuthenticatorValidationRule>): any[];
+/** The validation rule for JWTAuthenticator. */
+export interface JWTAuthenticatorValidationRule {
+    /** The CEL expression used to validate the claim or attribute. */
+    expression: string;
+    /** The validation error message. */
+    message?: string;
+}
+export declare function jwtAuthenticatorValidationRuleSerializer(item: JWTAuthenticatorValidationRule): any;
+export declare function jwtAuthenticatorValidationRuleDeserializer(item: any): JWTAuthenticatorValidationRule;
+/** The claim mappings for JWTAuthenticator. */
+export interface JWTAuthenticatorClaimMappings {
+    /** The expression to extract username attribute from the token claims. */
+    username: JWTAuthenticatorClaimMappingExpression;
+    /** The expression to extract groups attribute from the token claims. When not provided, no groups are extracted from the token claims. */
+    groups?: JWTAuthenticatorClaimMappingExpression;
+    /** The expression to extract uid attribute from the token claims. When not provided, no uid is extracted from the token claims. */
+    uid?: JWTAuthenticatorClaimMappingExpression;
+    /** The expression to extract extra attribute from the token claims. When not provided, no extra attributes are extracted from the token claims. */
+    extra?: JWTAuthenticatorExtraClaimMappingExpression[];
+}
+export declare function jwtAuthenticatorClaimMappingsSerializer(item: JWTAuthenticatorClaimMappings): any;
+export declare function jwtAuthenticatorClaimMappingsDeserializer(item: any): JWTAuthenticatorClaimMappings;
+/** The claim mapping expression for JWTAuthenticator. */
+export interface JWTAuthenticatorClaimMappingExpression {
+    /** The CEL expression used to access token claims. */
+    expression: string;
+}
+export declare function jwtAuthenticatorClaimMappingExpressionSerializer(item: JWTAuthenticatorClaimMappingExpression): any;
+export declare function jwtAuthenticatorClaimMappingExpressionDeserializer(item: any): JWTAuthenticatorClaimMappingExpression;
+export declare function jwtAuthenticatorExtraClaimMappingExpressionArraySerializer(result: Array<JWTAuthenticatorExtraClaimMappingExpression>): any[];
+export declare function jwtAuthenticatorExtraClaimMappingExpressionArrayDeserializer(result: Array<JWTAuthenticatorExtraClaimMappingExpression>): any[];
+/** The extra claim mapping expression for JWTAuthenticator. */
+export interface JWTAuthenticatorExtraClaimMappingExpression {
+    /** The key of the extra attribute. */
+    key: string;
+    /** The CEL expression used to extract the value of the extra attribute. */
+    valueExpression: string;
+}
+export declare function jwtAuthenticatorExtraClaimMappingExpressionSerializer(item: JWTAuthenticatorExtraClaimMappingExpression): any;
+export declare function jwtAuthenticatorExtraClaimMappingExpressionDeserializer(item: any): JWTAuthenticatorExtraClaimMappingExpression;
+/** The response of a JWTAuthenticator list operation. */
+export interface _JWTAuthenticatorListResult {
+    /** The JWTAuthenticator items on this page */
+    value: JWTAuthenticator[];
+    /** The link to the next page of items */
+    nextLink?: string;
+}
+export declare function _jwtAuthenticatorListResultDeserializer(item: any): _JWTAuthenticatorListResult;
+export declare function jwtAuthenticatorArraySerializer(result: Array<JWTAuthenticator>): any[];
+export declare function jwtAuthenticatorArrayDeserializer(result: Array<JWTAuthenticator>): any[];
+/** Mesh membership of a managed cluster. */
+export interface MeshMembership extends ProxyResource {
+    /** Mesh membership properties of a managed cluster. */
+    properties?: MeshMembershipProperties;
+    /** The fully qualified resource ID of the resource that manages this resource. Indicates if this resource is managed by another Azure resource. If this is present, complete mode deployment will not delete the resource if it is removed from the template since it is managed by another resource. */
+    managedBy?: string;
+    /** If eTag is provided in the response body, it may also be provided as a header per the normal etag convention.  Entity tags are used for comparing two or more entities from the same requested resource. HTTP/1.1 uses entity tags in the etag (section 14.19), If-Match (section 14.24), If-None-Match (section 14.26), and If-Range (section 14.27) header fields. */
+    readonly eTag?: string;
+}
+export declare function meshMembershipSerializer(item: MeshMembership): any;
+export declare function meshMembershipDeserializer(item: any): MeshMembership;
+/** Mesh membership properties of a managed cluster. */
+export interface MeshMembershipProperties {
+    /** The current provisioning state of the Mesh Membership. */
+    readonly provisioningState?: MeshMembershipProvisioningState;
+    /** Profile for configuring private connectivity between the mesh control plane and member clusters. When configured, communication between the mesh control plane and this member cluster occurs over private network instead of public networks. Visit https://aka.ms/applink for more information. */
+    privateConnectProfile?: MeshMembershipPrivateConnectProfile;
+    /** The ARM resource id for the managed mesh member. This is of the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.AppLink/applinks/{appLinkName}/appLinkMembers/{appLinkMemberName}'. Visit https://aka.ms/applink for more information. */
+    managedMeshID: string;
+}
+export declare function meshMembershipPropertiesSerializer(item: MeshMembershipProperties): any;
+export declare function meshMembershipPropertiesDeserializer(item: any): MeshMembershipProperties;
+/** The provisioning state of the last accepted operation. */
+export declare enum KnownMeshMembershipProvisioningState {
+    /** Resource creation was canceled. */
+    Canceled = "Canceled",
+    /** The Mesh Membership is being created. */
+    Creating = "Creating",
+    /** The Mesh Membership is being deleted. */
+    Deleting = "Deleting",
+    /** Resource creation failed. */
+    Failed = "Failed",
+    /** Resource has been created. */
+    Succeeded = "Succeeded",
+    /** The Mesh Membership is being updated. */
+    Updating = "Updating"
+}
+/**
+ * The provisioning state of the last accepted operation. \
+ * {@link KnownMeshMembershipProvisioningState} can be used interchangeably with MeshMembershipProvisioningState,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Canceled**: Resource creation was canceled. \
+ * **Creating**: The Mesh Membership is being created. \
+ * **Deleting**: The Mesh Membership is being deleted. \
+ * **Failed**: Resource creation failed. \
+ * **Succeeded**: Resource has been created. \
+ * **Updating**: The Mesh Membership is being updated.
+ */
+export type MeshMembershipProvisioningState = string;
+/** Private connect profile for mesh membership. */
+export interface MeshMembershipPrivateConnectProfile {
+    /** The private IP address of the member cluster private FQDN. This is a read-only property populated by the service. */
+    readonly privateIpAddress?: string;
+    /** The delegated subnet resource ID. Customer can provide their own subnet, or AKS will allocate one if not specified. When providing your own subnet, the minimum required size is /28 */
+    subnetResourceId?: string;
+}
+export declare function meshMembershipPrivateConnectProfileSerializer(item: MeshMembershipPrivateConnectProfile): any;
+export declare function meshMembershipPrivateConnectProfileDeserializer(item: any): MeshMembershipPrivateConnectProfile;
+/** The result of a request to list mesh memberships in a managed cluster. */
+export interface _MeshMembershipsListResult {
+    /** The list of mesh memberships. */
+    value: MeshMembership[];
+    /** The URL to get the next set of mesh membership results. */
+    nextLink?: string;
+}
+export declare function _meshMembershipsListResultDeserializer(item: any): _MeshMembershipsListResult;
+export declare function meshMembershipArraySerializer(result: Array<MeshMembership>): any[];
+export declare function meshMembershipArrayDeserializer(result: Array<MeshMembership>): any[];
 /** The List Operation response. */
 export interface _OperationListResult {
     /** The list of operations */
@@ -3820,6 +5255,37 @@ export interface OperationValueDisplay {
     readonly provider?: string;
 }
 export declare function operationValueDisplayDeserializer(item: any): OperationValueDisplay;
+/** The current status of an async operation. */
+export interface OperationStatusResult {
+    /** Fully qualified ID for the async operation. */
+    id?: string;
+    /** Name of the async operation. */
+    name?: string;
+    /** Operation status. */
+    status: string;
+    /** Percent of the operation that is complete. */
+    percentComplete?: number;
+    /** The start time of the operation. */
+    startTime?: Date;
+    /** The end time of the operation. */
+    endTime?: Date;
+    /** The operations list. */
+    operations?: OperationStatusResult[];
+    /** If present, details of the operation error. */
+    error?: ErrorDetail;
+    /** Fully qualified ID of the resource against which the original async operation was started. */
+    readonly resourceId?: string;
+}
+export declare function operationStatusResultDeserializer(item: any): OperationStatusResult;
+export declare function operationStatusResultArrayDeserializer(result: Array<OperationStatusResult>): any[];
+/** The operations list. It contains an URL link to get the next set of results. */
+export interface _OperationStatusResultList {
+    /** The OperationStatusResult items on this page */
+    value: OperationStatusResult[];
+    /** The link to the next page of items */
+    nextLink?: string;
+}
+export declare function _operationStatusResultListDeserializer(item: any): _OperationStatusResultList;
 /** A list of private link resources */
 export interface PrivateLinkResourcesListResult {
     /** The collection value. */
@@ -3860,6 +5326,194 @@ export interface TrustedAccessRoleRule {
     readonly nonResourceURLs?: string[];
 }
 export declare function trustedAccessRoleRuleDeserializer(item: any): TrustedAccessRoleRule;
+/** Holds an array NodeImageVersions */
+export interface _NodeImageVersionsListResult {
+    /** The NodeImageVersion items on this page */
+    value: NodeImageVersion[];
+    /** The link to the next page of items */
+    nextLink?: string;
+}
+export declare function _nodeImageVersionsListResultDeserializer(item: any): _NodeImageVersionsListResult;
+export declare function nodeImageVersionArrayDeserializer(result: Array<NodeImageVersion>): any[];
+/** node image version profile for given major.minor.patch release. */
+export interface NodeImageVersion {
+    /** The operating system of the node image. Example: AKSUbuntu */
+    os?: string;
+    /** The SKU or flavor of the node image. Example: 2004gen2containerd */
+    sku?: string;
+    /** major.minor.patch version of the node image version release. Example: 2024.02.02 */
+    version?: string;
+    /** The OS + SKU + version of the node image. Example: AKSUbuntu-1804gen2containerd-2024.02.02 */
+    fullName?: string;
+}
+export declare function nodeImageVersionDeserializer(item: any): NodeImageVersion;
+/** The List Resource Skus operation response. */
+export interface _VmSkusListResult {
+    /** The ResourceSku items on this page */
+    value: ResourceSku[];
+    /** The link to the next page of items */
+    nextLink?: string;
+}
+export declare function _vmSkusListResultDeserializer(item: any): _VmSkusListResult;
+export declare function resourceSkuArrayDeserializer(result: Array<ResourceSku>): any[];
+/** Describes an available Compute SKU. */
+export interface ResourceSku {
+    /** The type of resource the SKU applies to. */
+    readonly resourceType?: string;
+    /** The name of SKU. */
+    readonly name?: string;
+    /** Specifies the tier of virtual machines in a scale set.<br /><br /> Possible Values:<br /><br /> **Standard**<br /><br /> **Basic** */
+    readonly tier?: string;
+    /** The Size of the SKU. */
+    readonly size?: string;
+    /** The Family of this particular SKU. */
+    readonly family?: string;
+    /** The Kind of resources that are supported in this SKU. */
+    readonly kind?: string;
+    /** Specifies the number of virtual machines in the scale set. */
+    readonly capacity?: ResourceSkuCapacity;
+    /** The set of locations that the SKU is available. */
+    readonly locations?: string[];
+    /** A list of locations and availability zones in those locations where the SKU is available. */
+    readonly locationInfo?: ResourceSkuLocationInfo[];
+    /** The api versions that support this SKU. */
+    readonly apiVersions?: string[];
+    /** Metadata for retrieving price info. */
+    readonly costs?: ResourceSkuCosts[];
+    /** A name value pair to describe the capability. */
+    readonly capabilities?: ResourceSkuCapabilities[];
+    /** The restrictions because of which SKU cannot be used. This is empty if there are no restrictions. */
+    readonly restrictions?: ResourceSkuRestrictions[];
+}
+export declare function resourceSkuDeserializer(item: any): ResourceSku;
+/** Describes scaling information of a SKU. */
+export interface ResourceSkuCapacity {
+    /** The minimum capacity. */
+    readonly minimum?: number;
+    /** The maximum capacity that can be set. */
+    readonly maximum?: number;
+    /** The default capacity. */
+    readonly default?: number;
+    /** The scale type applicable to the sku. */
+    readonly scaleType?: ResourceSkuCapacityScaleType;
+}
+export declare function resourceSkuCapacityDeserializer(item: any): ResourceSkuCapacity;
+/** The scale type applicable to the sku. */
+export declare enum KnownResourceSkuCapacityScaleType {
+    /** Automatic scaling */
+    Automatic = "Automatic",
+    /** Manual scaling */
+    Manual = "Manual",
+    /** No scaling */
+    None = "None"
+}
+/**
+ * The scale type applicable to the sku. \
+ * {@link KnownResourceSkuCapacityScaleType} can be used interchangeably with ResourceSkuCapacityScaleType,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Automatic**: Automatic scaling \
+ * **Manual**: Manual scaling \
+ * **None**: No scaling
+ */
+export type ResourceSkuCapacityScaleType = string;
+export declare function resourceSkuLocationInfoArrayDeserializer(result: Array<ResourceSkuLocationInfo>): any[];
+/** Describes an available Compute SKU Location Information. */
+export interface ResourceSkuLocationInfo {
+    /** Location of the SKU */
+    readonly location?: string;
+    /** List of availability zones where the SKU is supported. */
+    readonly zones?: string[];
+    /** Details of capabilities available to a SKU in specific zones. */
+    readonly zoneDetails?: ResourceSkuZoneDetails[];
+    /** The names of extended locations. */
+    readonly extendedLocations?: string[];
+    /** The type of the extended location. */
+    readonly type?: ExtendedLocationTypes;
+}
+export declare function resourceSkuLocationInfoDeserializer(item: any): ResourceSkuLocationInfo;
+export declare function resourceSkuZoneDetailsArrayDeserializer(result: Array<ResourceSkuZoneDetails>): any[];
+/** Describes The zonal capabilities of a SKU. */
+export interface ResourceSkuZoneDetails {
+    /** The set of zones that the SKU is available in with the specified capabilities. */
+    readonly name?: string[];
+    /** A list of capabilities that are available for the SKU in the specified list of zones. */
+    readonly capabilities?: ResourceSkuCapabilities[];
+}
+export declare function resourceSkuZoneDetailsDeserializer(item: any): ResourceSkuZoneDetails;
+export declare function resourceSkuCapabilitiesArrayDeserializer(result: Array<ResourceSkuCapabilities>): any[];
+/** Describes The SKU capabilities object. */
+export interface ResourceSkuCapabilities {
+    /** An invariant to describe the feature. */
+    readonly name?: string;
+    /** An invariant if the feature is measured by quantity. */
+    readonly value?: string;
+}
+export declare function resourceSkuCapabilitiesDeserializer(item: any): ResourceSkuCapabilities;
+export declare function resourceSkuCostsArrayDeserializer(result: Array<ResourceSkuCosts>): any[];
+/** Describes metadata for retrieving price info. */
+export interface ResourceSkuCosts {
+    /** Used for querying price from commerce. */
+    readonly meterID?: string;
+    /** The multiplier is needed to extend the base metered cost. */
+    readonly quantity?: number;
+    /** An invariant to show the extended unit. */
+    readonly extendedUnit?: string;
+}
+export declare function resourceSkuCostsDeserializer(item: any): ResourceSkuCosts;
+export declare function resourceSkuRestrictionsArrayDeserializer(result: Array<ResourceSkuRestrictions>): any[];
+/** Describes scaling information of a SKU. */
+export interface ResourceSkuRestrictions {
+    /** The type of restrictions. */
+    readonly type?: ResourceSkuRestrictionsType;
+    /** The value of restrictions. If the restriction type is set to location. This would be different locations where the SKU is restricted. */
+    readonly values?: string[];
+    /** The information about the restriction where the SKU cannot be used. */
+    readonly restrictionInfo?: ResourceSkuRestrictionInfo;
+    /** The reason for restriction. */
+    readonly reasonCode?: ResourceSkuRestrictionsReasonCode;
+}
+export declare function resourceSkuRestrictionsDeserializer(item: any): ResourceSkuRestrictions;
+/** The type of restrictions. */
+export declare enum KnownResourceSkuRestrictionsType {
+    /** Location restriction */
+    Location = "Location",
+    /** Zone restriction */
+    Zone = "Zone"
+}
+/**
+ * The type of restrictions. \
+ * {@link KnownResourceSkuRestrictionsType} can be used interchangeably with ResourceSkuRestrictionsType,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **Location**: Location restriction \
+ * **Zone**: Zone restriction
+ */
+export type ResourceSkuRestrictionsType = string;
+/** Describes an available Compute SKU Restriction Information. */
+export interface ResourceSkuRestrictionInfo {
+    /** Locations where the SKU is restricted */
+    readonly locations?: string[];
+    /** List of availability zones where the SKU is restricted. */
+    readonly zones?: string[];
+}
+export declare function resourceSkuRestrictionInfoDeserializer(item: any): ResourceSkuRestrictionInfo;
+/** The reason for restriction. */
+export declare enum KnownResourceSkuRestrictionsReasonCode {
+    /** Quota ID restriction */
+    QuotaId = "QuotaId",
+    /** Not available for subscription */
+    NotAvailableForSubscription = "NotAvailableForSubscription"
+}
+/**
+ * The reason for restriction. \
+ * {@link KnownResourceSkuRestrictionsReasonCode} can be used interchangeably with ResourceSkuRestrictionsReasonCode,
+ *  this enum contains the known values that the service supports.
+ * ### Known values supported by the service
+ * **QuotaId**: Quota ID restriction \
+ * **NotAvailableForSubscription**: Not available for subscription
+ */
+export type ResourceSkuRestrictionsReasonCode = string;
 /** The format of the kubeconfig credential. */
 export declare enum KnownFormat {
     /** Return azure auth-provider kubeconfig. This format is deprecated in v1.22 and will be fully removed in v1.26. See: https://aka.ms/k8s/changes-1-26. */
@@ -3887,7 +5541,9 @@ export declare enum KnownVersions {
     /** The 2026-03-01 API version. */
     V20260301 = "2026-03-01",
     /** The 2026-04-01 API version. */
-    V20260401 = "2026-04-01"
+    V20260401 = "2026-04-01",
+    /** The 2026-04-02-preview API version. */
+    V20260402Preview = "2026-04-02-preview"
 }
 export declare function _agentPoolPropertiesSerializer(item: AgentPool): any;
 export declare function _agentPoolPropertiesDeserializer(item: any): {
@@ -3914,7 +5570,10 @@ export declare function _agentPoolPropertiesDeserializer(item: any): {
     orchestratorVersion: any;
     currentOrchestratorVersion: any;
     nodeImageVersion: any;
+    upgradeStrategy: any;
+    enableOSDiskFullCaching: any;
     upgradeSettings: any;
+    upgradeSettingsBlueGreen: any;
     provisioningState: any;
     powerState: any;
     availabilityZones: any;
@@ -3926,6 +5585,7 @@ export declare function _agentPoolPropertiesDeserializer(item: any): {
     tags: any;
     nodeLabels: any;
     nodeTaints: any;
+    nodeInitializationTaints: any;
     proximityPlacementGroupID: any;
     kubeletConfig: any;
     linuxOSConfig: any;
@@ -3946,6 +5606,7 @@ export declare function _agentPoolPropertiesDeserializer(item: any): {
     virtualMachineNodesStatus: any;
     status: any;
     localDNSProfile: any;
+    preparedImageSpecificationProfile: any;
 };
 export declare function _agentPoolAvailableVersionsPropertiesDeserializer(item: any): {
     agentPoolVersions: any;
@@ -3954,6 +5615,7 @@ export declare function _agentPoolUpgradeProfilePropertiesDeserializer(item: any
     kubernetesVersion: any;
     osType: any;
     upgrades: any;
+    componentsByReleases: any;
     recentlyUsedVersions: any;
     latestNodeImageVersion: any;
 };
@@ -3961,6 +5623,7 @@ export declare function _managedClusterPropertiesSerializer(item: ManagedCluster
 export declare function _managedClusterPropertiesDeserializer(item: any): {
     provisioningState: any;
     powerState: any;
+    creationData: any;
     maxAgentPools: any;
     kubernetesVersion: any;
     currentKubernetesVersion: any;
@@ -3980,6 +5643,8 @@ export declare function _managedClusterPropertiesDeserializer(item: any): {
     nodeResourceGroupProfile: any;
     enableRbac: any;
     supportPlan: any;
+    enableFips: any;
+    enableNamespaceResources: any;
     networkProfile: any;
     aadProfile: any;
     autoUpgradeProfile: any;
@@ -4003,7 +5668,11 @@ export declare function _managedClusterPropertiesDeserializer(item: any): {
     nodeProvisioningProfile: any;
     bootstrapProfile: any;
     aiToolchainOperatorProfile: any;
+    schedulerProfile: any;
     hostedSystemProfile: any;
+    healthMonitorProfile: any;
+    controlPlaneScalingProfile: any;
+    nodeDisruptionProfile: any;
     status: any;
 };
 export declare function _managedClusterAccessProfilePropertiesDeserializer(item: any): {
@@ -4044,12 +5713,27 @@ export declare function _snapshotPropertiesDeserializer(item: any): {
     vmSize: any;
     enableFips: any;
 };
+export declare function _managedClusterSnapshotPropertiesSerializer(item: ManagedClusterSnapshot): any;
+export declare function _managedClusterSnapshotPropertiesDeserializer(item: any): {
+    creationData: any;
+    snapshotType: any;
+    managedClusterPropertiesReadOnly: any;
+};
 export declare function _trustedAccessRoleBindingPropertiesSerializer(item: TrustedAccessRoleBinding): any;
 export declare function _trustedAccessRoleBindingPropertiesDeserializer(item: any): {
     provisioningState: any;
     sourceResourceId: any;
     roles: any;
 };
+export declare function _loadBalancerPropertiesSerializer(item: LoadBalancer): any;
+export declare function _loadBalancerPropertiesDeserializer(item: any): {
+    primaryAgentPoolName: any;
+    allowServicePlacement: any;
+    serviceLabelSelector: any;
+    serviceNamespaceSelector: any;
+    nodeSelector: any;
+    provisioningState: any;
+};
 export declare function _operationValueDisplayDeserializer(item: any): {
     operation: any;
     resource: any;