From be535b2a865499905961f7bfb65098524b667221 Mon Sep 17 00:00:00 2001
From: Paul Lewis <pjlewisuk@users.noreply.github.com>
Date: Tue, 9 Apr 2024 19:50:02 +0000
Subject: [PATCH 1/5] Bumping default version for workflows

---
 .github/workflows/AKSC_Deploy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/AKSC_Deploy.yml b/.github/workflows/AKSC_Deploy.yml
index 872e685c0..eff037619 100644
--- a/.github/workflows/AKSC_Deploy.yml
+++ b/.github/workflows/AKSC_Deploy.yml
@@ -10,7 +10,7 @@ on:
       templateVersion:
         description: 'Template Version'
         required: false
-        default: '0.10.3'
+        default: '0.10.4'
         type: string
       rg:
         description: 'Resource Group name'

From 14439aee12c5bc415f66478d76fbf8d265a22045 Mon Sep 17 00:00:00 2001
From: Paul Lewis <pjlewisuk@users.noreply.github.com>
Date: Tue, 9 Apr 2024 21:57:39 +0100
Subject: [PATCH 2/5] Removed all references to the dockerBridgeCidr parameter
 as this is no longer used with AKS (#693)

---
 bicep/main.bicep                 |  6 ------
 samples/SampleAppMain.json       | 11 +----------
 samples/SystemPresetExample.json | 11 +----------
 samples/shared-acr/main.json     | 11 +----------
 4 files changed, 3 insertions(+), 36 deletions(-)

diff --git a/bicep/main.bicep b/bicep/main.bicep
index c69b620d1..5e96b4f51 100644
--- a/bicep/main.bicep
+++ b/bicep/main.bicep
@@ -1017,11 +1017,6 @@ param serviceCidr string = '172.10.0.0/16'
 @description('The IP address to reserve for DNS')
 param dnsServiceIP string = '172.10.0.10'
 
-@minLength(9)
-@maxLength(18)
-@description('The address range to use for the docker bridge')
-param dockerBridgeCidr string = '172.17.0.1/16'
-
 @description('Enable Microsoft Defender for Containers (preview)')
 param defenderForContainers bool = false
 
@@ -1301,7 +1296,6 @@ var aksProperties = union({
     podCidr: networkPlugin=='kubenet' || networkPluginMode=='Overlay' || cniDynamicIpAllocation ? podCidr : json('null')
     serviceCidr: serviceCidr
     dnsServiceIP: dnsServiceIP
-    dockerBridgeCidr: dockerBridgeCidr
     outboundType: outboundTrafficType
     ebpfDataplane: networkPlugin=='azure' ? ebpfDataplane : ''
   }
diff --git a/samples/SampleAppMain.json b/samples/SampleAppMain.json
index 3b138f177..ee06d9f37 100644
--- a/samples/SampleAppMain.json
+++ b/samples/SampleAppMain.json
@@ -858,15 +858,6 @@
               "maxLength": 15,
               "minLength": 7
             },
-            "dockerBridgeCidr": {
-              "type": "string",
-              "defaultValue": "172.17.0.1/16",
-              "metadata": {
-                "description": "The address range to use for the docker bridge"
-              },
-              "maxLength": 18,
-              "minLength": 9
-            },
             "defenderForContainers": {
               "type": "bool",
               "defaultValue": false,
@@ -1453,7 +1444,7 @@
               "apiVersion": "2023-03-02-preview",
               "name": "[format('aks-{0}', parameters('resourceName'))]",
               "location": "[parameters('location')]",
-              "properties": "[union(createObject('kubernetesVersion', parameters('kubernetesVersion'), 'enableRBAC', true(), 'dnsPrefix', parameters('dnsPrefix'), 'aadProfile', if(parameters('enable_aad'), createObject('managed', true(), 'enableAzureRBAC', parameters('enableAzureRBAC'), 'tenantID', parameters('aad_tenant_id')), null()), 'apiServerAccessProfile', if(not(empty(parameters('authorizedIPRanges'))), createObject('authorizedIPRanges', parameters('authorizedIPRanges')), createObject('enablePrivateCluster', parameters('enablePrivateCluster'), 'privateDNSZone', if(parameters('enablePrivateCluster'), variables('aksPrivateDnsZone'), ''), 'enablePrivateClusterPublicFQDN', and(parameters('enablePrivateCluster'), equals(parameters('privateClusterDnsMethod'), 'none')))), 'agentPoolProfiles', if(parameters('JustUseSystemPool'), array(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule')))), concat(array(union(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule'))), if(and(equals(parameters('SystemPoolType'), 'Custom'), not(equals(parameters('SystemPoolCustomPreset'), createObject()))), parameters('SystemPoolCustomPreset'), variables('systemPoolPresets')[parameters('SystemPoolType')]))))), 'workloadAutoScalerProfile', createObject('keda', createObject('enabled', parameters('kedaAddon'))), 'networkProfile', createObject('loadBalancerSku', 'standard', 'networkPlugin', parameters('networkPlugin'), 'networkPolicy', parameters('networkPolicy'), 'networkPluginMode', if(equals(parameters('networkPlugin'), 'azure'), parameters('networkPluginMode'), ''), 'podCidr', if(or(equals(parameters('networkPlugin'), 'kubenet'), parameters('cniDynamicIpAllocation')), parameters('podCidr'), json('null')), 'serviceCidr', parameters('serviceCidr'), 'dnsServiceIP', parameters('dnsServiceIP'), 'dockerBridgeCidr', parameters('dockerBridgeCidr'), 'outboundType', parameters('aksOutboundTrafficType'), 'ebpfDataplane', if(equals(parameters('networkPlugin'), 'azure'), parameters('ebpfDataplane'), '')), 'disableLocalAccounts', and(parameters('AksDisableLocalAccounts'), parameters('enable_aad')), 'autoUpgradeProfile', createObject('upgradeChannel', parameters('upgradeChannel')), 'addonProfiles', if(not(empty(variables('aks_addons1'))), variables('aks_addons1'), variables('aks_addons')), 'autoScalerProfile', if(variables('autoScale'), parameters('AutoscaleProfile'), createObject()), 'oidcIssuerProfile', createObject('enabled', parameters('oidcIssuer')), 'securityProfile', createObject('workloadIdentity', createObject('enabled', parameters('workloadIdentity'))), 'ingressProfile', createObject('webAppRouting', createObject('enabled', parameters('warIngressNginx'))), 'storageProfile', createObject('blobCSIDriver', createObject('enabled', parameters('blobCSIDriver')), 'diskCSIDriver', createObject('enabled', parameters('diskCSIDriver')), 'fileCSIDriver', createObject('enabled', parameters('fileCSIDriver'))), 'nodeResourceGroupProfile', createObject('restrictionLevel', parameters('restrictionLevelNodeResourceGroup'))), if(equals(parameters('aksOutboundTrafficType'), 'managedNATGateway'), variables('managedNATGatewayProfile'), createObject()), if(and(parameters('defenderForContainers'), variables('createLaw')), variables('azureDefenderSecurityProfile'), createObject()), if(or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), createObject('securityProfile', createObject('azureKeyVaultKms', createObject('enabled', or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), 'keyId', if(variables('keyVaultKmsCreateAndPrereqs'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-keyvaultKmsKeys-{1}', deployment().name, parameters('resourceName')), 64)), '2022-09-01').outputs.keyVaultKmsKeyUri.value, if(not(empty(parameters('keyVaultKmsByoKeyId'))), parameters('keyVaultKmsByoKeyId'), '')), 'keyVaultNetworkAccess', if(parameters('privateLinks'), 'private', 'public'), 'keyVaultResourceId', if(and(parameters('privateLinks'), not(empty(parameters('keyVaultKmsByoKeyId')))), extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('keyVaultKmsByoRG')), 'Microsoft.KeyVault/vaults', variables('keyVaultKmsByoName')), '')))), createObject()), if(not(empty(parameters('managedNodeResourceGroup'))), createObject('nodeResourceGroup', parameters('managedNodeResourceGroup')), createObject()))]",
+              "properties": "[union(createObject('kubernetesVersion', parameters('kubernetesVersion'), 'enableRBAC', true(), 'dnsPrefix', parameters('dnsPrefix'), 'aadProfile', if(parameters('enable_aad'), createObject('managed', true(), 'enableAzureRBAC', parameters('enableAzureRBAC'), 'tenantID', parameters('aad_tenant_id')), null()), 'apiServerAccessProfile', if(not(empty(parameters('authorizedIPRanges'))), createObject('authorizedIPRanges', parameters('authorizedIPRanges')), createObject('enablePrivateCluster', parameters('enablePrivateCluster'), 'privateDNSZone', if(parameters('enablePrivateCluster'), variables('aksPrivateDnsZone'), ''), 'enablePrivateClusterPublicFQDN', and(parameters('enablePrivateCluster'), equals(parameters('privateClusterDnsMethod'), 'none')))), 'agentPoolProfiles', if(parameters('JustUseSystemPool'), array(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule')))), concat(array(union(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule'))), if(and(equals(parameters('SystemPoolType'), 'Custom'), not(equals(parameters('SystemPoolCustomPreset'), createObject()))), parameters('SystemPoolCustomPreset'), variables('systemPoolPresets')[parameters('SystemPoolType')]))))), 'workloadAutoScalerProfile', createObject('keda', createObject('enabled', parameters('kedaAddon'))), 'networkProfile', createObject('loadBalancerSku', 'standard', 'networkPlugin', parameters('networkPlugin'), 'networkPolicy', parameters('networkPolicy'), 'networkPluginMode', if(equals(parameters('networkPlugin'), 'azure'), parameters('networkPluginMode'), ''), 'podCidr', if(or(equals(parameters('networkPlugin'), 'kubenet'), parameters('cniDynamicIpAllocation')), parameters('podCidr'), json('null')), 'serviceCidr', parameters('serviceCidr'), 'dnsServiceIP', parameters('dnsServiceIP'), 'outboundType', parameters('aksOutboundTrafficType'), 'ebpfDataplane', if(equals(parameters('networkPlugin'), 'azure'), parameters('ebpfDataplane'), '')), 'disableLocalAccounts', and(parameters('AksDisableLocalAccounts'), parameters('enable_aad')), 'autoUpgradeProfile', createObject('upgradeChannel', parameters('upgradeChannel')), 'addonProfiles', if(not(empty(variables('aks_addons1'))), variables('aks_addons1'), variables('aks_addons')), 'autoScalerProfile', if(variables('autoScale'), parameters('AutoscaleProfile'), createObject()), 'oidcIssuerProfile', createObject('enabled', parameters('oidcIssuer')), 'securityProfile', createObject('workloadIdentity', createObject('enabled', parameters('workloadIdentity'))), 'ingressProfile', createObject('webAppRouting', createObject('enabled', parameters('warIngressNginx'))), 'storageProfile', createObject('blobCSIDriver', createObject('enabled', parameters('blobCSIDriver')), 'diskCSIDriver', createObject('enabled', parameters('diskCSIDriver')), 'fileCSIDriver', createObject('enabled', parameters('fileCSIDriver'))), 'nodeResourceGroupProfile', createObject('restrictionLevel', parameters('restrictionLevelNodeResourceGroup'))), if(equals(parameters('aksOutboundTrafficType'), 'managedNATGateway'), variables('managedNATGatewayProfile'), createObject()), if(and(parameters('defenderForContainers'), variables('createLaw')), variables('azureDefenderSecurityProfile'), createObject()), if(or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), createObject('securityProfile', createObject('azureKeyVaultKms', createObject('enabled', or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), 'keyId', if(variables('keyVaultKmsCreateAndPrereqs'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-keyvaultKmsKeys-{1}', deployment().name, parameters('resourceName')), 64)), '2022-09-01').outputs.keyVaultKmsKeyUri.value, if(not(empty(parameters('keyVaultKmsByoKeyId'))), parameters('keyVaultKmsByoKeyId'), '')), 'keyVaultNetworkAccess', if(parameters('privateLinks'), 'private', 'public'), 'keyVaultResourceId', if(and(parameters('privateLinks'), not(empty(parameters('keyVaultKmsByoKeyId')))), extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('keyVaultKmsByoRG')), 'Microsoft.KeyVault/vaults', variables('keyVaultKmsByoName')), '')))), createObject()), if(not(empty(parameters('managedNodeResourceGroup'))), createObject('nodeResourceGroup', parameters('managedNodeResourceGroup')), createObject()))]",
               "identity": "[if(variables('createAksUai'), createObject('type', 'UserAssigned', 'userAssignedIdentities', createObject(format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('id-aks-{0}', parameters('resourceName')))), createObject())), if(not(empty(parameters('byoUaiName'))), createObject('type', 'UserAssigned', 'userAssignedIdentities', createObject(format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('byoUaiName'))), createObject())), createObject('type', 'SystemAssigned')))]",
               "sku": {
                 "name": "Base",
diff --git a/samples/SystemPresetExample.json b/samples/SystemPresetExample.json
index 917cc9334..f85e5d741 100644
--- a/samples/SystemPresetExample.json
+++ b/samples/SystemPresetExample.json
@@ -800,15 +800,6 @@
               "maxLength": 15,
               "minLength": 7
             },
-            "dockerBridgeCidr": {
-              "type": "string",
-              "defaultValue": "172.17.0.1/16",
-              "metadata": {
-                "description": "The address range to use for the docker bridge"
-              },
-              "maxLength": 18,
-              "minLength": 9
-            },
             "defenderForContainers": {
               "type": "bool",
               "defaultValue": false,
@@ -1395,7 +1386,7 @@
               "apiVersion": "2023-03-02-preview",
               "name": "[format('aks-{0}', parameters('resourceName'))]",
               "location": "[parameters('location')]",
-              "properties": "[union(createObject('kubernetesVersion', parameters('kubernetesVersion'), 'enableRBAC', true(), 'dnsPrefix', parameters('dnsPrefix'), 'aadProfile', if(parameters('enable_aad'), createObject('managed', true(), 'enableAzureRBAC', parameters('enableAzureRBAC'), 'tenantID', parameters('aad_tenant_id')), null()), 'apiServerAccessProfile', if(not(empty(parameters('authorizedIPRanges'))), createObject('authorizedIPRanges', parameters('authorizedIPRanges')), createObject('enablePrivateCluster', parameters('enablePrivateCluster'), 'privateDNSZone', if(parameters('enablePrivateCluster'), variables('aksPrivateDnsZone'), ''), 'enablePrivateClusterPublicFQDN', and(parameters('enablePrivateCluster'), equals(parameters('privateClusterDnsMethod'), 'none')))), 'agentPoolProfiles', if(parameters('JustUseSystemPool'), array(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule')))), concat(array(union(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule'))), if(and(equals(parameters('SystemPoolType'), 'Custom'), not(equals(parameters('SystemPoolCustomPreset'), createObject()))), parameters('SystemPoolCustomPreset'), variables('systemPoolPresets')[parameters('SystemPoolType')]))))), 'workloadAutoScalerProfile', createObject('keda', createObject('enabled', parameters('kedaAddon'))), 'networkProfile', createObject('loadBalancerSku', 'standard', 'networkPlugin', parameters('networkPlugin'), 'networkPolicy', parameters('networkPolicy'), 'networkPluginMode', if(equals(parameters('networkPlugin'), 'azure'), parameters('networkPluginMode'), ''), 'podCidr', if(or(equals(parameters('networkPlugin'), 'kubenet'), parameters('cniDynamicIpAllocation')), parameters('podCidr'), json('null')), 'serviceCidr', parameters('serviceCidr'), 'dnsServiceIP', parameters('dnsServiceIP'), 'dockerBridgeCidr', parameters('dockerBridgeCidr'), 'outboundType', parameters('aksOutboundTrafficType'), 'ebpfDataplane', if(equals(parameters('networkPlugin'), 'azure'), parameters('ebpfDataplane'), '')), 'disableLocalAccounts', and(parameters('AksDisableLocalAccounts'), parameters('enable_aad')), 'autoUpgradeProfile', createObject('upgradeChannel', parameters('upgradeChannel')), 'addonProfiles', if(not(empty(variables('aks_addons1'))), variables('aks_addons1'), variables('aks_addons')), 'autoScalerProfile', if(variables('autoScale'), parameters('AutoscaleProfile'), createObject()), 'oidcIssuerProfile', createObject('enabled', parameters('oidcIssuer')), 'securityProfile', createObject('workloadIdentity', createObject('enabled', parameters('workloadIdentity'))), 'ingressProfile', createObject('webAppRouting', createObject('enabled', parameters('warIngressNginx'))), 'storageProfile', createObject('blobCSIDriver', createObject('enabled', parameters('blobCSIDriver')), 'diskCSIDriver', createObject('enabled', parameters('diskCSIDriver')), 'fileCSIDriver', createObject('enabled', parameters('fileCSIDriver'))), 'nodeResourceGroupProfile', createObject('restrictionLevel', parameters('restrictionLevelNodeResourceGroup'))), if(equals(parameters('aksOutboundTrafficType'), 'managedNATGateway'), variables('managedNATGatewayProfile'), createObject()), if(and(parameters('defenderForContainers'), variables('createLaw')), variables('azureDefenderSecurityProfile'), createObject()), if(or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), createObject('securityProfile', createObject('azureKeyVaultKms', createObject('enabled', or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), 'keyId', if(variables('keyVaultKmsCreateAndPrereqs'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-keyvaultKmsKeys-{1}', deployment().name, parameters('resourceName')), 64)), '2022-09-01').outputs.keyVaultKmsKeyUri.value, if(not(empty(parameters('keyVaultKmsByoKeyId'))), parameters('keyVaultKmsByoKeyId'), '')), 'keyVaultNetworkAccess', if(parameters('privateLinks'), 'private', 'public'), 'keyVaultResourceId', if(and(parameters('privateLinks'), not(empty(parameters('keyVaultKmsByoKeyId')))), extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('keyVaultKmsByoRG')), 'Microsoft.KeyVault/vaults', variables('keyVaultKmsByoName')), '')))), createObject()), if(not(empty(parameters('managedNodeResourceGroup'))), createObject('nodeResourceGroup', parameters('managedNodeResourceGroup')), createObject()))]",
+              "properties": "[union(createObject('kubernetesVersion', parameters('kubernetesVersion'), 'enableRBAC', true(), 'dnsPrefix', parameters('dnsPrefix'), 'aadProfile', if(parameters('enable_aad'), createObject('managed', true(), 'enableAzureRBAC', parameters('enableAzureRBAC'), 'tenantID', parameters('aad_tenant_id')), null()), 'apiServerAccessProfile', if(not(empty(parameters('authorizedIPRanges'))), createObject('authorizedIPRanges', parameters('authorizedIPRanges')), createObject('enablePrivateCluster', parameters('enablePrivateCluster'), 'privateDNSZone', if(parameters('enablePrivateCluster'), variables('aksPrivateDnsZone'), ''), 'enablePrivateClusterPublicFQDN', and(parameters('enablePrivateCluster'), equals(parameters('privateClusterDnsMethod'), 'none')))), 'agentPoolProfiles', if(parameters('JustUseSystemPool'), array(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule')))), concat(array(union(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule'))), if(and(equals(parameters('SystemPoolType'), 'Custom'), not(equals(parameters('SystemPoolCustomPreset'), createObject()))), parameters('SystemPoolCustomPreset'), variables('systemPoolPresets')[parameters('SystemPoolType')]))))), 'workloadAutoScalerProfile', createObject('keda', createObject('enabled', parameters('kedaAddon'))), 'networkProfile', createObject('loadBalancerSku', 'standard', 'networkPlugin', parameters('networkPlugin'), 'networkPolicy', parameters('networkPolicy'), 'networkPluginMode', if(equals(parameters('networkPlugin'), 'azure'), parameters('networkPluginMode'), ''), 'podCidr', if(or(equals(parameters('networkPlugin'), 'kubenet'), parameters('cniDynamicIpAllocation')), parameters('podCidr'), json('null')), 'serviceCidr', parameters('serviceCidr'), 'dnsServiceIP', parameters('dnsServiceIP'), 'outboundType', parameters('aksOutboundTrafficType'), 'ebpfDataplane', if(equals(parameters('networkPlugin'), 'azure'), parameters('ebpfDataplane'), '')), 'disableLocalAccounts', and(parameters('AksDisableLocalAccounts'), parameters('enable_aad')), 'autoUpgradeProfile', createObject('upgradeChannel', parameters('upgradeChannel')), 'addonProfiles', if(not(empty(variables('aks_addons1'))), variables('aks_addons1'), variables('aks_addons')), 'autoScalerProfile', if(variables('autoScale'), parameters('AutoscaleProfile'), createObject()), 'oidcIssuerProfile', createObject('enabled', parameters('oidcIssuer')), 'securityProfile', createObject('workloadIdentity', createObject('enabled', parameters('workloadIdentity'))), 'ingressProfile', createObject('webAppRouting', createObject('enabled', parameters('warIngressNginx'))), 'storageProfile', createObject('blobCSIDriver', createObject('enabled', parameters('blobCSIDriver')), 'diskCSIDriver', createObject('enabled', parameters('diskCSIDriver')), 'fileCSIDriver', createObject('enabled', parameters('fileCSIDriver'))), 'nodeResourceGroupProfile', createObject('restrictionLevel', parameters('restrictionLevelNodeResourceGroup'))), if(equals(parameters('aksOutboundTrafficType'), 'managedNATGateway'), variables('managedNATGatewayProfile'), createObject()), if(and(parameters('defenderForContainers'), variables('createLaw')), variables('azureDefenderSecurityProfile'), createObject()), if(or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), createObject('securityProfile', createObject('azureKeyVaultKms', createObject('enabled', or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), 'keyId', if(variables('keyVaultKmsCreateAndPrereqs'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-keyvaultKmsKeys-{1}', deployment().name, parameters('resourceName')), 64)), '2022-09-01').outputs.keyVaultKmsKeyUri.value, if(not(empty(parameters('keyVaultKmsByoKeyId'))), parameters('keyVaultKmsByoKeyId'), '')), 'keyVaultNetworkAccess', if(parameters('privateLinks'), 'private', 'public'), 'keyVaultResourceId', if(and(parameters('privateLinks'), not(empty(parameters('keyVaultKmsByoKeyId')))), extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('keyVaultKmsByoRG')), 'Microsoft.KeyVault/vaults', variables('keyVaultKmsByoName')), '')))), createObject()), if(not(empty(parameters('managedNodeResourceGroup'))), createObject('nodeResourceGroup', parameters('managedNodeResourceGroup')), createObject()))]",
               "identity": "[if(variables('createAksUai'), createObject('type', 'UserAssigned', 'userAssignedIdentities', createObject(format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('id-aks-{0}', parameters('resourceName')))), createObject())), if(not(empty(parameters('byoUaiName'))), createObject('type', 'UserAssigned', 'userAssignedIdentities', createObject(format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('byoUaiName'))), createObject())), createObject('type', 'SystemAssigned')))]",
               "sku": {
                 "name": "Base",
diff --git a/samples/shared-acr/main.json b/samples/shared-acr/main.json
index 87b1aaea8..d8c57e7fe 100644
--- a/samples/shared-acr/main.json
+++ b/samples/shared-acr/main.json
@@ -826,15 +826,6 @@
               "maxLength": 15,
               "minLength": 7
             },
-            "dockerBridgeCidr": {
-              "type": "string",
-              "defaultValue": "172.17.0.1/16",
-              "metadata": {
-                "description": "The address range to use for the docker bridge"
-              },
-              "maxLength": 18,
-              "minLength": 9
-            },
             "defenderForContainers": {
               "type": "bool",
               "defaultValue": false,
@@ -1421,7 +1412,7 @@
               "apiVersion": "2023-03-02-preview",
               "name": "[format('aks-{0}', parameters('resourceName'))]",
               "location": "[parameters('location')]",
-              "properties": "[union(createObject('kubernetesVersion', parameters('kubernetesVersion'), 'enableRBAC', true(), 'dnsPrefix', parameters('dnsPrefix'), 'aadProfile', if(parameters('enable_aad'), createObject('managed', true(), 'enableAzureRBAC', parameters('enableAzureRBAC'), 'tenantID', parameters('aad_tenant_id')), null()), 'apiServerAccessProfile', if(not(empty(parameters('authorizedIPRanges'))), createObject('authorizedIPRanges', parameters('authorizedIPRanges')), createObject('enablePrivateCluster', parameters('enablePrivateCluster'), 'privateDNSZone', if(parameters('enablePrivateCluster'), variables('aksPrivateDnsZone'), ''), 'enablePrivateClusterPublicFQDN', and(parameters('enablePrivateCluster'), equals(parameters('privateClusterDnsMethod'), 'none')))), 'agentPoolProfiles', if(parameters('JustUseSystemPool'), array(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule')))), concat(array(union(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule'))), if(and(equals(parameters('SystemPoolType'), 'Custom'), not(equals(parameters('SystemPoolCustomPreset'), createObject()))), parameters('SystemPoolCustomPreset'), variables('systemPoolPresets')[parameters('SystemPoolType')]))))), 'workloadAutoScalerProfile', createObject('keda', createObject('enabled', parameters('kedaAddon'))), 'networkProfile', createObject('loadBalancerSku', 'standard', 'networkPlugin', parameters('networkPlugin'), 'networkPolicy', parameters('networkPolicy'), 'networkPluginMode', if(equals(parameters('networkPlugin'), 'azure'), parameters('networkPluginMode'), ''), 'podCidr', if(or(equals(parameters('networkPlugin'), 'kubenet'), parameters('cniDynamicIpAllocation')), parameters('podCidr'), json('null')), 'serviceCidr', parameters('serviceCidr'), 'dnsServiceIP', parameters('dnsServiceIP'), 'dockerBridgeCidr', parameters('dockerBridgeCidr'), 'outboundType', parameters('aksOutboundTrafficType'), 'ebpfDataplane', if(equals(parameters('networkPlugin'), 'azure'), parameters('ebpfDataplane'), '')), 'disableLocalAccounts', and(parameters('AksDisableLocalAccounts'), parameters('enable_aad')), 'autoUpgradeProfile', createObject('upgradeChannel', parameters('upgradeChannel')), 'addonProfiles', if(not(empty(variables('aks_addons1'))), variables('aks_addons1'), variables('aks_addons')), 'autoScalerProfile', if(variables('autoScale'), parameters('AutoscaleProfile'), createObject()), 'oidcIssuerProfile', createObject('enabled', parameters('oidcIssuer')), 'securityProfile', createObject('workloadIdentity', createObject('enabled', parameters('workloadIdentity'))), 'ingressProfile', createObject('webAppRouting', createObject('enabled', parameters('warIngressNginx'))), 'storageProfile', createObject('blobCSIDriver', createObject('enabled', parameters('blobCSIDriver')), 'diskCSIDriver', createObject('enabled', parameters('diskCSIDriver')), 'fileCSIDriver', createObject('enabled', parameters('fileCSIDriver'))), 'nodeResourceGroupProfile', createObject('restrictionLevel', parameters('restrictionLevelNodeResourceGroup'))), if(equals(parameters('aksOutboundTrafficType'), 'managedNATGateway'), variables('managedNATGatewayProfile'), createObject()), if(and(parameters('defenderForContainers'), variables('createLaw')), variables('azureDefenderSecurityProfile'), createObject()), if(or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), createObject('securityProfile', createObject('azureKeyVaultKms', createObject('enabled', or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), 'keyId', if(variables('keyVaultKmsCreateAndPrereqs'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-keyvaultKmsKeys-{1}', deployment().name, parameters('resourceName')), 64)), '2022-09-01').outputs.keyVaultKmsKeyUri.value, if(not(empty(parameters('keyVaultKmsByoKeyId'))), parameters('keyVaultKmsByoKeyId'), '')), 'keyVaultNetworkAccess', if(parameters('privateLinks'), 'private', 'public'), 'keyVaultResourceId', if(and(parameters('privateLinks'), not(empty(parameters('keyVaultKmsByoKeyId')))), extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('keyVaultKmsByoRG')), 'Microsoft.KeyVault/vaults', variables('keyVaultKmsByoName')), '')))), createObject()), if(not(empty(parameters('managedNodeResourceGroup'))), createObject('nodeResourceGroup', parameters('managedNodeResourceGroup')), createObject()))]",
+              "properties": "[union(createObject('kubernetesVersion', parameters('kubernetesVersion'), 'enableRBAC', true(), 'dnsPrefix', parameters('dnsPrefix'), 'aadProfile', if(parameters('enable_aad'), createObject('managed', true(), 'enableAzureRBAC', parameters('enableAzureRBAC'), 'tenantID', parameters('aad_tenant_id')), null()), 'apiServerAccessProfile', if(not(empty(parameters('authorizedIPRanges'))), createObject('authorizedIPRanges', parameters('authorizedIPRanges')), createObject('enablePrivateCluster', parameters('enablePrivateCluster'), 'privateDNSZone', if(parameters('enablePrivateCluster'), variables('aksPrivateDnsZone'), ''), 'enablePrivateClusterPublicFQDN', and(parameters('enablePrivateCluster'), equals(parameters('privateClusterDnsMethod'), 'none')))), 'agentPoolProfiles', if(parameters('JustUseSystemPool'), array(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule')))), concat(array(union(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule'))), if(and(equals(parameters('SystemPoolType'), 'Custom'), not(equals(parameters('SystemPoolCustomPreset'), createObject()))), parameters('SystemPoolCustomPreset'), variables('systemPoolPresets')[parameters('SystemPoolType')]))))), 'workloadAutoScalerProfile', createObject('keda', createObject('enabled', parameters('kedaAddon'))), 'networkProfile', createObject('loadBalancerSku', 'standard', 'networkPlugin', parameters('networkPlugin'), 'networkPolicy', parameters('networkPolicy'), 'networkPluginMode', if(equals(parameters('networkPlugin'), 'azure'), parameters('networkPluginMode'), ''), 'podCidr', if(or(equals(parameters('networkPlugin'), 'kubenet'), parameters('cniDynamicIpAllocation')), parameters('podCidr'), json('null')), 'serviceCidr', parameters('serviceCidr'), 'dnsServiceIP', parameters('dnsServiceIP'), 'outboundType', parameters('aksOutboundTrafficType'), 'ebpfDataplane', if(equals(parameters('networkPlugin'), 'azure'), parameters('ebpfDataplane'), '')), 'disableLocalAccounts', and(parameters('AksDisableLocalAccounts'), parameters('enable_aad')), 'autoUpgradeProfile', createObject('upgradeChannel', parameters('upgradeChannel')), 'addonProfiles', if(not(empty(variables('aks_addons1'))), variables('aks_addons1'), variables('aks_addons')), 'autoScalerProfile', if(variables('autoScale'), parameters('AutoscaleProfile'), createObject()), 'oidcIssuerProfile', createObject('enabled', parameters('oidcIssuer')), 'securityProfile', createObject('workloadIdentity', createObject('enabled', parameters('workloadIdentity'))), 'ingressProfile', createObject('webAppRouting', createObject('enabled', parameters('warIngressNginx'))), 'storageProfile', createObject('blobCSIDriver', createObject('enabled', parameters('blobCSIDriver')), 'diskCSIDriver', createObject('enabled', parameters('diskCSIDriver')), 'fileCSIDriver', createObject('enabled', parameters('fileCSIDriver'))), 'nodeResourceGroupProfile', createObject('restrictionLevel', parameters('restrictionLevelNodeResourceGroup'))), if(equals(parameters('aksOutboundTrafficType'), 'managedNATGateway'), variables('managedNATGatewayProfile'), createObject()), if(and(parameters('defenderForContainers'), variables('createLaw')), variables('azureDefenderSecurityProfile'), createObject()), if(or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), createObject('securityProfile', createObject('azureKeyVaultKms', createObject('enabled', or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), 'keyId', if(variables('keyVaultKmsCreateAndPrereqs'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-keyvaultKmsKeys-{1}', deployment().name, parameters('resourceName')), 64)), '2022-09-01').outputs.keyVaultKmsKeyUri.value, if(not(empty(parameters('keyVaultKmsByoKeyId'))), parameters('keyVaultKmsByoKeyId'), '')), 'keyVaultNetworkAccess', if(parameters('privateLinks'), 'private', 'public'), 'keyVaultResourceId', if(and(parameters('privateLinks'), not(empty(parameters('keyVaultKmsByoKeyId')))), extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('keyVaultKmsByoRG')), 'Microsoft.KeyVault/vaults', variables('keyVaultKmsByoName')), '')))), createObject()), if(not(empty(parameters('managedNodeResourceGroup'))), createObject('nodeResourceGroup', parameters('managedNodeResourceGroup')), createObject()))]",
               "identity": "[if(variables('createAksUai'), createObject('type', 'UserAssigned', 'userAssignedIdentities', createObject(format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('id-aks-{0}', parameters('resourceName')))), createObject())), if(not(empty(parameters('byoUaiName'))), createObject('type', 'UserAssigned', 'userAssignedIdentities', createObject(format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('byoUaiName'))), createObject())), createObject('type', 'SystemAssigned')))]",
               "sku": {
                 "name": "Base",

From 87e342fabd212b34ef50e84188c057f3f1958fd1 Mon Sep 17 00:00:00 2001
From: Paul Lewis <pjlewisuk@users.noreply.github.com>
Date: Tue, 9 Apr 2024 21:22:08 +0000
Subject: [PATCH 3/5] Bumping default version for workflows

---
 .github/workflows/AKSC_Deploy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/AKSC_Deploy.yml b/.github/workflows/AKSC_Deploy.yml
index eff037619..609882972 100644
--- a/.github/workflows/AKSC_Deploy.yml
+++ b/.github/workflows/AKSC_Deploy.yml
@@ -10,7 +10,7 @@ on:
       templateVersion:
         description: 'Template Version'
         required: false
-        default: '0.10.4'
+        default: '0.10.5'
         type: string
       rg:
         description: 'Resource Group name'

From 6a033359d4b49fb7eb40f808d27364076181c530 Mon Sep 17 00:00:00 2001
From: Paul Lewis <pjlewisuk@users.noreply.github.com>
Date: Wed, 10 Apr 2024 10:37:52 +0100
Subject: [PATCH 4/5] Fix ebpfDataPlane error on cluster deployment (#695)

* Updated all GitHub Actions to latest version to update to NodeJS 20

* Updated additional GitHub Actions to latest version to update to NodeJS 20

* Added permissions key to releases job to allow GitHub job write access to the repo to create new releases / write to gh_pages_canary

* Renamed ebpfDataPlane to networkDataplane to match current managedClusters API spec
---
 .../workflows_dep/regressionparams/cilium-cni-overlay.json  | 2 +-
 bicep/main.bicep                                            | 4 ++--
 helper/src/components/addonsTab.js                          | 4 ++--
 helper/src/components/deployTab.js                          | 4 ++--
 helper/src/components/networkTab.js                         | 6 +++---
 helper/src/components/portalnav.js                          | 2 +-
 samples/SampleAppMain.json                                  | 2 +-
 samples/SystemPresetExample.json                            | 2 +-
 samples/shared-acr/main.json                                | 2 +-
 9 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/.github/workflows_dep/regressionparams/cilium-cni-overlay.json b/.github/workflows_dep/regressionparams/cilium-cni-overlay.json
index b2fc09021..60becd68a 100644
--- a/.github/workflows_dep/regressionparams/cilium-cni-overlay.json
+++ b/.github/workflows_dep/regressionparams/cilium-cni-overlay.json
@@ -11,7 +11,7 @@
     "agentVMSize": {
       "value": "Standard_DS3_v2"
     },
-    "ebpfDataplane": {
+    "networkDataplane": {
       "value": "cilium"
     },
     "networkPluginMode": {
diff --git a/bicep/main.bicep b/bicep/main.bicep
index 5e96b4f51..9860e4e4d 100644
--- a/bicep/main.bicep
+++ b/bicep/main.bicep
@@ -951,7 +951,7 @@ param networkPluginMode string = ''
   'cilium'
 ])
 @description('Use Cilium dataplane (requires azure networkPlugin)')
-param ebpfDataplane string = ''
+param networkDataplane string = ''
 
 @allowed([
   ''
@@ -1297,7 +1297,7 @@ var aksProperties = union({
     serviceCidr: serviceCidr
     dnsServiceIP: dnsServiceIP
     outboundType: outboundTrafficType
-    ebpfDataplane: networkPlugin=='azure' ? ebpfDataplane : ''
+    networkDataplane: networkPlugin=='azure' ? networkDataplane : ''
   }
   disableLocalAccounts: AksDisableLocalAccounts && enable_aad
   autoUpgradeProfile: {upgradeChannel: upgradeChannel}
diff --git a/helper/src/components/addonsTab.js b/helper/src/components/addonsTab.js
index 937d79785..15e8b4726 100644
--- a/helper/src/components/addonsTab.js
+++ b/helper/src/components/addonsTab.js
@@ -365,8 +365,8 @@ export default function ({ tabValues, updateFn, featureFlag, invalidArray,showPr
                     errorMessage={getError(invalidArray, 'networkPolicy')}
                     options={[
                         { "data-testid":'addons-netpolicy-none', key: 'none', text: 'No restrictions, all PODs can access each other' },
-                        { "data-testid":'addons-netpolicy-calico', disabled: net.ebpfDataplane, key: 'calico', text: 'Use Calico to implement intra-cluster traffic restrictions' },
-                        { "data-testid":'addons-netpolicy-azure', disabled: net.ebpfDataplane, key: 'azure', text: 'Use Azure NPM to implement intra-cluster traffic restrictions ' },
+                        { "data-testid":'addons-netpolicy-calico', disabled: net.networkDataplane, key: 'calico', text: 'Use Calico to implement intra-cluster traffic restrictions' },
+                        { "data-testid":'addons-netpolicy-azure', disabled: net.networkDataplane, key: 'azure', text: 'Use Azure NPM to implement intra-cluster traffic restrictions ' },
                         { "data-testid":'addons-netpolicy-cilium', key: 'cilium', text: 'Use Cilium to implement intra-cluster traffic restrictions (requires Cilium backplane for CNI).' }
                     ]}
                     onChange={(ev, { key }) => updateFn("networkPolicy", key)}
diff --git a/helper/src/components/deployTab.js b/helper/src/components/deployTab.js
index 681d3da2c..4afd2750e 100644
--- a/helper/src/components/deployTab.js
+++ b/helper/src/components/deployTab.js
@@ -82,7 +82,7 @@ export default function DeployTab({ defaults, updateFn, tabValues, invalidArray,
         ...( addons.logDataCap !== defaults.addons.logDataCap && {logDataCap: addons.logDataCap }),
         ...( addons.createAksMetricAlerts !== defaults.addons.createAksMetricAlerts && {createAksMetricAlerts: addons.createAksMetricAlerts })
        }),
-    ...(addons.networkPolicy !== "none" && !net.ebpfDataplane && { networkPolicy: addons.networkPolicy }),
+    ...(addons.networkPolicy !== "none" && !net.networkDataplane && { networkPolicy: addons.networkPolicy }),
     ...(defaults.addons.serviceMeshProfile !== addons.serviceMeshProfile && {serviceMeshProfile: addons.serviceMeshProfile }),
     ...(addons.azurepolicy !== "none" && { azurepolicy: addons.azurepolicy }),
     ...(addons.azurepolicy !== "none" && addons.azurePolicyInitiative !== defaults.addons.azurePolicyInitiative && { azurePolicyInitiative: addons.azurePolicyInitiative }),
@@ -160,7 +160,7 @@ export default function DeployTab({ defaults, updateFn, tabValues, invalidArray,
     ...(defaults.addons.blobCSIDriver !== addons.blobCSIDriver && {blobCSIDriver: addons.blobCSIDriver }),
     ...(defaults.addons.workloadIdentity !== addons.workloadIdentity && {oidcIssuer: true, workloadIdentity: addons.workloadIdentity }),
     ...(net.networkPlugin === 'azure' && {
-      ...(net.ebpfDataplane && {ebpfDataplane: 'cilium'})
+      ...(net.networkDataplane && {networkDataplane: 'cilium'})
     }),
     ...(urlParams.getAll('feature').includes('defender') && cluster.DefenderForContainers !== defaults.cluster.DefenderForContainers && { DefenderForContainers: cluster.DefenderForContainers }),
     ...(addons.monitor === "aci" && {
diff --git a/helper/src/components/networkTab.js b/helper/src/components/networkTab.js
index 76cb31103..7418930b7 100644
--- a/helper/src/components/networkTab.js
+++ b/helper/src/components/networkTab.js
@@ -108,11 +108,11 @@ export default function NetworkTab ({ defaults, tabValues, updateFn, invalidArra
                         <Checkbox
                             styles={{ root: { marginLeft: '50px', marginTop: '10px !important' } }}
                             disabled={net.networkPlugin!=='azure' || net.networkPluginMode===false}
-                            checked={net.ebpfDataplane}
-                            onChange={(ev, v) => updateFn("ebpfDataplane", v)}
+                            checked={net.networkDataplane}
+                            onChange={(ev, v) => updateFn("networkDataplane", v)}
                             label="Cilium powered dataplane" />
                             {
-                                net.ebpfDataplane &&
+                                net.networkDataplane &&
                                 (
                                     <PreviewDialog previewLink={"https://learn.microsoft.com/en-us/azure/aks/azure-cni-powered-by-cilium#prerequisites"} />
                                 )
diff --git a/helper/src/components/portalnav.js b/helper/src/components/portalnav.js
index 3666655c0..8f6942a8f 100644
--- a/helper/src/components/portalnav.js
+++ b/helper/src/components/portalnav.js
@@ -414,7 +414,7 @@ export default function PortalNav({ config }) {
   invalidFn('net', 'networkPlugin', net.networkPlugin === "kubenet" && cluster.osType === "Windows" , "Windows nodepools do not support kubenet networking")
   invalidFn('net', 'cniFeatures', addons.ingress === "appgw" && net.networkPluginMode === true, "CNI Overlay does not support the Azure Application Gateway ingress controller. Please select an alternative ingress controller on the Addon Details tab")
   invalidFn('addons', 'ingressControllers', addons.ingress === "appgw" && net.networkPluginMode === true, "CNI Overlay does not support the Azure Application Gateway ingress controller. Please select an alternative ingress controller to continue")
-  invalidFn('addons', 'networkPolicy', (!net.ebpfDataplane && addons.networkPolicy === "cilium") || (net.ebpfDataplane && (addons.networkPolicy === "calico" || addons.networkPolicy === "azure")), net.ebpfDataplane ? "Cilium epbf backplane is incompatible with Azure NPM and Calico" : "Cilium network policy requires the CNI Cilium epbf to be enabled")
+  invalidFn('addons', 'networkPolicy', (!net.networkDataplane && addons.networkPolicy === "cilium") || (net.networkDataplane && (addons.networkPolicy === "calico" || addons.networkPolicy === "azure")), net.networkDataplane ? "Cilium epbf backplane is incompatible with Azure NPM and Calico" : "Cilium network policy requires the CNI Cilium epbf to be enabled")
   invalidFn('deploy', 'apiips', cluster.apisecurity === 'whitelist' && deploy.apiips.length < 7, 'Enter an IP/CIDR, or select \'Public IP with no IP restrictions\' in the \'Cluster API Server Security\' section of the \'Cluster Details\' tab')
   invalidFn('deploy', 'clusterName', !deploy.clusterName || deploy.clusterName.match(/^[a-z0-9][_\-a-z0-9]+[a-z0-9]$/i) === null || deploy.clusterName.length > 19, 'Enter valid cluster name')
 
diff --git a/samples/SampleAppMain.json b/samples/SampleAppMain.json
index ee06d9f37..ed5687c7e 100644
--- a/samples/SampleAppMain.json
+++ b/samples/SampleAppMain.json
@@ -733,7 +733,7 @@
                 "Overlay"
               ]
             },
-            "ebpfDataplane": {
+            "networkDataplane": {
               "type": "string",
               "defaultValue": "",
               "metadata": {
diff --git a/samples/SystemPresetExample.json b/samples/SystemPresetExample.json
index f85e5d741..5c55c3486 100644
--- a/samples/SystemPresetExample.json
+++ b/samples/SystemPresetExample.json
@@ -675,7 +675,7 @@
                 "Overlay"
               ]
             },
-            "ebpfDataplane": {
+            "networkDataplane": {
               "type": "string",
               "defaultValue": "",
               "metadata": {
diff --git a/samples/shared-acr/main.json b/samples/shared-acr/main.json
index d8c57e7fe..3a8edf6c7 100644
--- a/samples/shared-acr/main.json
+++ b/samples/shared-acr/main.json
@@ -701,7 +701,7 @@
                 "Overlay"
               ]
             },
-            "ebpfDataplane": {
+            "networkDataplane": {
               "type": "string",
               "defaultValue": "",
               "metadata": {

From 7f5214ca256b959873ca5bb32a506254e6821123 Mon Sep 17 00:00:00 2001
From: Paul Lewis <pjlewisuk@users.noreply.github.com>
Date: Wed, 10 Apr 2024 16:56:28 +0100
Subject: [PATCH 5/5] Removing references to nodeResourceGroupProfile as this
 is deprected in the managedClusters API (#696)

---
 bicep/main.bicep                 | 3 ---
 samples/SampleAppMain.json       | 2 +-
 samples/SystemPresetExample.json | 2 +-
 samples/shared-acr/main.json     | 2 +-
 4 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/bicep/main.bicep b/bicep/main.bicep
index 9860e4e4d..0fb71ced5 100644
--- a/bicep/main.bicep
+++ b/bicep/main.bicep
@@ -1327,9 +1327,6 @@ var aksProperties = union({
       enabled: fileCSIDriver
     }
   }
-  nodeResourceGroupProfile: {
-    restrictionLevel: restrictionLevelNodeResourceGroup
-  }
 },
 outboundTrafficType == 'managedNATGateway' ? managedNATGatewayProfile : {},
 defenderForContainers && createLaw ? azureDefenderSecurityProfile : {},
diff --git a/samples/SampleAppMain.json b/samples/SampleAppMain.json
index ed5687c7e..b80f3661f 100644
--- a/samples/SampleAppMain.json
+++ b/samples/SampleAppMain.json
@@ -1444,7 +1444,7 @@
               "apiVersion": "2023-03-02-preview",
               "name": "[format('aks-{0}', parameters('resourceName'))]",
               "location": "[parameters('location')]",
-              "properties": "[union(createObject('kubernetesVersion', parameters('kubernetesVersion'), 'enableRBAC', true(), 'dnsPrefix', parameters('dnsPrefix'), 'aadProfile', if(parameters('enable_aad'), createObject('managed', true(), 'enableAzureRBAC', parameters('enableAzureRBAC'), 'tenantID', parameters('aad_tenant_id')), null()), 'apiServerAccessProfile', if(not(empty(parameters('authorizedIPRanges'))), createObject('authorizedIPRanges', parameters('authorizedIPRanges')), createObject('enablePrivateCluster', parameters('enablePrivateCluster'), 'privateDNSZone', if(parameters('enablePrivateCluster'), variables('aksPrivateDnsZone'), ''), 'enablePrivateClusterPublicFQDN', and(parameters('enablePrivateCluster'), equals(parameters('privateClusterDnsMethod'), 'none')))), 'agentPoolProfiles', if(parameters('JustUseSystemPool'), array(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule')))), concat(array(union(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule'))), if(and(equals(parameters('SystemPoolType'), 'Custom'), not(equals(parameters('SystemPoolCustomPreset'), createObject()))), parameters('SystemPoolCustomPreset'), variables('systemPoolPresets')[parameters('SystemPoolType')]))))), 'workloadAutoScalerProfile', createObject('keda', createObject('enabled', parameters('kedaAddon'))), 'networkProfile', createObject('loadBalancerSku', 'standard', 'networkPlugin', parameters('networkPlugin'), 'networkPolicy', parameters('networkPolicy'), 'networkPluginMode', if(equals(parameters('networkPlugin'), 'azure'), parameters('networkPluginMode'), ''), 'podCidr', if(or(equals(parameters('networkPlugin'), 'kubenet'), parameters('cniDynamicIpAllocation')), parameters('podCidr'), json('null')), 'serviceCidr', parameters('serviceCidr'), 'dnsServiceIP', parameters('dnsServiceIP'), 'outboundType', parameters('aksOutboundTrafficType'), 'ebpfDataplane', if(equals(parameters('networkPlugin'), 'azure'), parameters('ebpfDataplane'), '')), 'disableLocalAccounts', and(parameters('AksDisableLocalAccounts'), parameters('enable_aad')), 'autoUpgradeProfile', createObject('upgradeChannel', parameters('upgradeChannel')), 'addonProfiles', if(not(empty(variables('aks_addons1'))), variables('aks_addons1'), variables('aks_addons')), 'autoScalerProfile', if(variables('autoScale'), parameters('AutoscaleProfile'), createObject()), 'oidcIssuerProfile', createObject('enabled', parameters('oidcIssuer')), 'securityProfile', createObject('workloadIdentity', createObject('enabled', parameters('workloadIdentity'))), 'ingressProfile', createObject('webAppRouting', createObject('enabled', parameters('warIngressNginx'))), 'storageProfile', createObject('blobCSIDriver', createObject('enabled', parameters('blobCSIDriver')), 'diskCSIDriver', createObject('enabled', parameters('diskCSIDriver')), 'fileCSIDriver', createObject('enabled', parameters('fileCSIDriver'))), 'nodeResourceGroupProfile', createObject('restrictionLevel', parameters('restrictionLevelNodeResourceGroup'))), if(equals(parameters('aksOutboundTrafficType'), 'managedNATGateway'), variables('managedNATGatewayProfile'), createObject()), if(and(parameters('defenderForContainers'), variables('createLaw')), variables('azureDefenderSecurityProfile'), createObject()), if(or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), createObject('securityProfile', createObject('azureKeyVaultKms', createObject('enabled', or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), 'keyId', if(variables('keyVaultKmsCreateAndPrereqs'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-keyvaultKmsKeys-{1}', deployment().name, parameters('resourceName')), 64)), '2022-09-01').outputs.keyVaultKmsKeyUri.value, if(not(empty(parameters('keyVaultKmsByoKeyId'))), parameters('keyVaultKmsByoKeyId'), '')), 'keyVaultNetworkAccess', if(parameters('privateLinks'), 'private', 'public'), 'keyVaultResourceId', if(and(parameters('privateLinks'), not(empty(parameters('keyVaultKmsByoKeyId')))), extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('keyVaultKmsByoRG')), 'Microsoft.KeyVault/vaults', variables('keyVaultKmsByoName')), '')))), createObject()), if(not(empty(parameters('managedNodeResourceGroup'))), createObject('nodeResourceGroup', parameters('managedNodeResourceGroup')), createObject()))]",
+              "properties": "[union(createObject('kubernetesVersion', parameters('kubernetesVersion'), 'enableRBAC', true(), 'dnsPrefix', parameters('dnsPrefix'), 'aadProfile', if(parameters('enable_aad'), createObject('managed', true(), 'enableAzureRBAC', parameters('enableAzureRBAC'), 'tenantID', parameters('aad_tenant_id')), null()), 'apiServerAccessProfile', if(not(empty(parameters('authorizedIPRanges'))), createObject('authorizedIPRanges', parameters('authorizedIPRanges')), createObject('enablePrivateCluster', parameters('enablePrivateCluster'), 'privateDNSZone', if(parameters('enablePrivateCluster'), variables('aksPrivateDnsZone'), ''), 'enablePrivateClusterPublicFQDN', and(parameters('enablePrivateCluster'), equals(parameters('privateClusterDnsMethod'), 'none')))), 'agentPoolProfiles', if(parameters('JustUseSystemPool'), array(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule')))), concat(array(union(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule'))), if(and(equals(parameters('SystemPoolType'), 'Custom'), not(equals(parameters('SystemPoolCustomPreset'), createObject()))), parameters('SystemPoolCustomPreset'), variables('systemPoolPresets')[parameters('SystemPoolType')]))))), 'workloadAutoScalerProfile', createObject('keda', createObject('enabled', parameters('kedaAddon'))), 'networkProfile', createObject('loadBalancerSku', 'standard', 'networkPlugin', parameters('networkPlugin'), 'networkPolicy', parameters('networkPolicy'), 'networkPluginMode', if(equals(parameters('networkPlugin'), 'azure'), parameters('networkPluginMode'), ''), 'podCidr', if(or(equals(parameters('networkPlugin'), 'kubenet'), parameters('cniDynamicIpAllocation')), parameters('podCidr'), json('null')), 'serviceCidr', parameters('serviceCidr'), 'dnsServiceIP', parameters('dnsServiceIP'), 'outboundType', parameters('aksOutboundTrafficType'), 'ebpfDataplane', if(equals(parameters('networkPlugin'), 'azure'), parameters('ebpfDataplane'), '')), 'disableLocalAccounts', and(parameters('AksDisableLocalAccounts'), parameters('enable_aad')), 'autoUpgradeProfile', createObject('upgradeChannel', parameters('upgradeChannel')), 'addonProfiles', if(not(empty(variables('aks_addons1'))), variables('aks_addons1'), variables('aks_addons')), 'autoScalerProfile', if(variables('autoScale'), parameters('AutoscaleProfile'), createObject()), 'oidcIssuerProfile', createObject('enabled', parameters('oidcIssuer')), 'securityProfile', createObject('workloadIdentity', createObject('enabled', parameters('workloadIdentity'))), 'ingressProfile', createObject('webAppRouting', createObject('enabled', parameters('warIngressNginx'))), 'storageProfile', createObject('blobCSIDriver', createObject('enabled', parameters('blobCSIDriver')), 'diskCSIDriver', createObject('enabled', parameters('diskCSIDriver')), 'fileCSIDriver', createObject('enabled', parameters('fileCSIDriver'))), createObject('restrictionLevel', parameters('restrictionLevelNodeResourceGroup'))), if(equals(parameters('aksOutboundTrafficType'), 'managedNATGateway'), variables('managedNATGatewayProfile'), createObject()), if(and(parameters('defenderForContainers'), variables('createLaw')), variables('azureDefenderSecurityProfile'), createObject()), if(or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), createObject('securityProfile', createObject('azureKeyVaultKms', createObject('enabled', or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), 'keyId', if(variables('keyVaultKmsCreateAndPrereqs'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-keyvaultKmsKeys-{1}', deployment().name, parameters('resourceName')), 64)), '2022-09-01').outputs.keyVaultKmsKeyUri.value, if(not(empty(parameters('keyVaultKmsByoKeyId'))), parameters('keyVaultKmsByoKeyId'), '')), 'keyVaultNetworkAccess', if(parameters('privateLinks'), 'private', 'public'), 'keyVaultResourceId', if(and(parameters('privateLinks'), not(empty(parameters('keyVaultKmsByoKeyId')))), extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('keyVaultKmsByoRG')), 'Microsoft.KeyVault/vaults', variables('keyVaultKmsByoName')), '')))), createObject()), if(not(empty(parameters('managedNodeResourceGroup'))), createObject('nodeResourceGroup', parameters('managedNodeResourceGroup')), createObject()))]",
               "identity": "[if(variables('createAksUai'), createObject('type', 'UserAssigned', 'userAssignedIdentities', createObject(format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('id-aks-{0}', parameters('resourceName')))), createObject())), if(not(empty(parameters('byoUaiName'))), createObject('type', 'UserAssigned', 'userAssignedIdentities', createObject(format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('byoUaiName'))), createObject())), createObject('type', 'SystemAssigned')))]",
               "sku": {
                 "name": "Base",
diff --git a/samples/SystemPresetExample.json b/samples/SystemPresetExample.json
index 5c55c3486..aa7386666 100644
--- a/samples/SystemPresetExample.json
+++ b/samples/SystemPresetExample.json
@@ -1386,7 +1386,7 @@
               "apiVersion": "2023-03-02-preview",
               "name": "[format('aks-{0}', parameters('resourceName'))]",
               "location": "[parameters('location')]",
-              "properties": "[union(createObject('kubernetesVersion', parameters('kubernetesVersion'), 'enableRBAC', true(), 'dnsPrefix', parameters('dnsPrefix'), 'aadProfile', if(parameters('enable_aad'), createObject('managed', true(), 'enableAzureRBAC', parameters('enableAzureRBAC'), 'tenantID', parameters('aad_tenant_id')), null()), 'apiServerAccessProfile', if(not(empty(parameters('authorizedIPRanges'))), createObject('authorizedIPRanges', parameters('authorizedIPRanges')), createObject('enablePrivateCluster', parameters('enablePrivateCluster'), 'privateDNSZone', if(parameters('enablePrivateCluster'), variables('aksPrivateDnsZone'), ''), 'enablePrivateClusterPublicFQDN', and(parameters('enablePrivateCluster'), equals(parameters('privateClusterDnsMethod'), 'none')))), 'agentPoolProfiles', if(parameters('JustUseSystemPool'), array(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule')))), concat(array(union(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule'))), if(and(equals(parameters('SystemPoolType'), 'Custom'), not(equals(parameters('SystemPoolCustomPreset'), createObject()))), parameters('SystemPoolCustomPreset'), variables('systemPoolPresets')[parameters('SystemPoolType')]))))), 'workloadAutoScalerProfile', createObject('keda', createObject('enabled', parameters('kedaAddon'))), 'networkProfile', createObject('loadBalancerSku', 'standard', 'networkPlugin', parameters('networkPlugin'), 'networkPolicy', parameters('networkPolicy'), 'networkPluginMode', if(equals(parameters('networkPlugin'), 'azure'), parameters('networkPluginMode'), ''), 'podCidr', if(or(equals(parameters('networkPlugin'), 'kubenet'), parameters('cniDynamicIpAllocation')), parameters('podCidr'), json('null')), 'serviceCidr', parameters('serviceCidr'), 'dnsServiceIP', parameters('dnsServiceIP'), 'outboundType', parameters('aksOutboundTrafficType'), 'ebpfDataplane', if(equals(parameters('networkPlugin'), 'azure'), parameters('ebpfDataplane'), '')), 'disableLocalAccounts', and(parameters('AksDisableLocalAccounts'), parameters('enable_aad')), 'autoUpgradeProfile', createObject('upgradeChannel', parameters('upgradeChannel')), 'addonProfiles', if(not(empty(variables('aks_addons1'))), variables('aks_addons1'), variables('aks_addons')), 'autoScalerProfile', if(variables('autoScale'), parameters('AutoscaleProfile'), createObject()), 'oidcIssuerProfile', createObject('enabled', parameters('oidcIssuer')), 'securityProfile', createObject('workloadIdentity', createObject('enabled', parameters('workloadIdentity'))), 'ingressProfile', createObject('webAppRouting', createObject('enabled', parameters('warIngressNginx'))), 'storageProfile', createObject('blobCSIDriver', createObject('enabled', parameters('blobCSIDriver')), 'diskCSIDriver', createObject('enabled', parameters('diskCSIDriver')), 'fileCSIDriver', createObject('enabled', parameters('fileCSIDriver'))), 'nodeResourceGroupProfile', createObject('restrictionLevel', parameters('restrictionLevelNodeResourceGroup'))), if(equals(parameters('aksOutboundTrafficType'), 'managedNATGateway'), variables('managedNATGatewayProfile'), createObject()), if(and(parameters('defenderForContainers'), variables('createLaw')), variables('azureDefenderSecurityProfile'), createObject()), if(or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), createObject('securityProfile', createObject('azureKeyVaultKms', createObject('enabled', or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), 'keyId', if(variables('keyVaultKmsCreateAndPrereqs'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-keyvaultKmsKeys-{1}', deployment().name, parameters('resourceName')), 64)), '2022-09-01').outputs.keyVaultKmsKeyUri.value, if(not(empty(parameters('keyVaultKmsByoKeyId'))), parameters('keyVaultKmsByoKeyId'), '')), 'keyVaultNetworkAccess', if(parameters('privateLinks'), 'private', 'public'), 'keyVaultResourceId', if(and(parameters('privateLinks'), not(empty(parameters('keyVaultKmsByoKeyId')))), extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('keyVaultKmsByoRG')), 'Microsoft.KeyVault/vaults', variables('keyVaultKmsByoName')), '')))), createObject()), if(not(empty(parameters('managedNodeResourceGroup'))), createObject('nodeResourceGroup', parameters('managedNodeResourceGroup')), createObject()))]",
+              "properties": "[union(createObject('kubernetesVersion', parameters('kubernetesVersion'), 'enableRBAC', true(), 'dnsPrefix', parameters('dnsPrefix'), 'aadProfile', if(parameters('enable_aad'), createObject('managed', true(), 'enableAzureRBAC', parameters('enableAzureRBAC'), 'tenantID', parameters('aad_tenant_id')), null()), 'apiServerAccessProfile', if(not(empty(parameters('authorizedIPRanges'))), createObject('authorizedIPRanges', parameters('authorizedIPRanges')), createObject('enablePrivateCluster', parameters('enablePrivateCluster'), 'privateDNSZone', if(parameters('enablePrivateCluster'), variables('aksPrivateDnsZone'), ''), 'enablePrivateClusterPublicFQDN', and(parameters('enablePrivateCluster'), equals(parameters('privateClusterDnsMethod'), 'none')))), 'agentPoolProfiles', if(parameters('JustUseSystemPool'), array(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule')))), concat(array(union(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule'))), if(and(equals(parameters('SystemPoolType'), 'Custom'), not(equals(parameters('SystemPoolCustomPreset'), createObject()))), parameters('SystemPoolCustomPreset'), variables('systemPoolPresets')[parameters('SystemPoolType')]))))), 'workloadAutoScalerProfile', createObject('keda', createObject('enabled', parameters('kedaAddon'))), 'networkProfile', createObject('loadBalancerSku', 'standard', 'networkPlugin', parameters('networkPlugin'), 'networkPolicy', parameters('networkPolicy'), 'networkPluginMode', if(equals(parameters('networkPlugin'), 'azure'), parameters('networkPluginMode'), ''), 'podCidr', if(or(equals(parameters('networkPlugin'), 'kubenet'), parameters('cniDynamicIpAllocation')), parameters('podCidr'), json('null')), 'serviceCidr', parameters('serviceCidr'), 'dnsServiceIP', parameters('dnsServiceIP'), 'outboundType', parameters('aksOutboundTrafficType'), 'ebpfDataplane', if(equals(parameters('networkPlugin'), 'azure'), parameters('ebpfDataplane'), '')), 'disableLocalAccounts', and(parameters('AksDisableLocalAccounts'), parameters('enable_aad')), 'autoUpgradeProfile', createObject('upgradeChannel', parameters('upgradeChannel')), 'addonProfiles', if(not(empty(variables('aks_addons1'))), variables('aks_addons1'), variables('aks_addons')), 'autoScalerProfile', if(variables('autoScale'), parameters('AutoscaleProfile'), createObject()), 'oidcIssuerProfile', createObject('enabled', parameters('oidcIssuer')), 'securityProfile', createObject('workloadIdentity', createObject('enabled', parameters('workloadIdentity'))), 'ingressProfile', createObject('webAppRouting', createObject('enabled', parameters('warIngressNginx'))), 'storageProfile', createObject('blobCSIDriver', createObject('enabled', parameters('blobCSIDriver')), 'diskCSIDriver', createObject('enabled', parameters('diskCSIDriver')), 'fileCSIDriver', createObject('enabled', parameters('fileCSIDriver'))), createObject('restrictionLevel', parameters('restrictionLevelNodeResourceGroup'))), if(equals(parameters('aksOutboundTrafficType'), 'managedNATGateway'), variables('managedNATGatewayProfile'), createObject()), if(and(parameters('defenderForContainers'), variables('createLaw')), variables('azureDefenderSecurityProfile'), createObject()), if(or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), createObject('securityProfile', createObject('azureKeyVaultKms', createObject('enabled', or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), 'keyId', if(variables('keyVaultKmsCreateAndPrereqs'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-keyvaultKmsKeys-{1}', deployment().name, parameters('resourceName')), 64)), '2022-09-01').outputs.keyVaultKmsKeyUri.value, if(not(empty(parameters('keyVaultKmsByoKeyId'))), parameters('keyVaultKmsByoKeyId'), '')), 'keyVaultNetworkAccess', if(parameters('privateLinks'), 'private', 'public'), 'keyVaultResourceId', if(and(parameters('privateLinks'), not(empty(parameters('keyVaultKmsByoKeyId')))), extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('keyVaultKmsByoRG')), 'Microsoft.KeyVault/vaults', variables('keyVaultKmsByoName')), '')))), createObject()), if(not(empty(parameters('managedNodeResourceGroup'))), createObject('nodeResourceGroup', parameters('managedNodeResourceGroup')), createObject()))]",
               "identity": "[if(variables('createAksUai'), createObject('type', 'UserAssigned', 'userAssignedIdentities', createObject(format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('id-aks-{0}', parameters('resourceName')))), createObject())), if(not(empty(parameters('byoUaiName'))), createObject('type', 'UserAssigned', 'userAssignedIdentities', createObject(format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('byoUaiName'))), createObject())), createObject('type', 'SystemAssigned')))]",
               "sku": {
                 "name": "Base",
diff --git a/samples/shared-acr/main.json b/samples/shared-acr/main.json
index 3a8edf6c7..ba466cc08 100644
--- a/samples/shared-acr/main.json
+++ b/samples/shared-acr/main.json
@@ -1412,7 +1412,7 @@
               "apiVersion": "2023-03-02-preview",
               "name": "[format('aks-{0}', parameters('resourceName'))]",
               "location": "[parameters('location')]",
-              "properties": "[union(createObject('kubernetesVersion', parameters('kubernetesVersion'), 'enableRBAC', true(), 'dnsPrefix', parameters('dnsPrefix'), 'aadProfile', if(parameters('enable_aad'), createObject('managed', true(), 'enableAzureRBAC', parameters('enableAzureRBAC'), 'tenantID', parameters('aad_tenant_id')), null()), 'apiServerAccessProfile', if(not(empty(parameters('authorizedIPRanges'))), createObject('authorizedIPRanges', parameters('authorizedIPRanges')), createObject('enablePrivateCluster', parameters('enablePrivateCluster'), 'privateDNSZone', if(parameters('enablePrivateCluster'), variables('aksPrivateDnsZone'), ''), 'enablePrivateClusterPublicFQDN', and(parameters('enablePrivateCluster'), equals(parameters('privateClusterDnsMethod'), 'none')))), 'agentPoolProfiles', if(parameters('JustUseSystemPool'), array(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule')))), concat(array(union(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule'))), if(and(equals(parameters('SystemPoolType'), 'Custom'), not(equals(parameters('SystemPoolCustomPreset'), createObject()))), parameters('SystemPoolCustomPreset'), variables('systemPoolPresets')[parameters('SystemPoolType')]))))), 'workloadAutoScalerProfile', createObject('keda', createObject('enabled', parameters('kedaAddon'))), 'networkProfile', createObject('loadBalancerSku', 'standard', 'networkPlugin', parameters('networkPlugin'), 'networkPolicy', parameters('networkPolicy'), 'networkPluginMode', if(equals(parameters('networkPlugin'), 'azure'), parameters('networkPluginMode'), ''), 'podCidr', if(or(equals(parameters('networkPlugin'), 'kubenet'), parameters('cniDynamicIpAllocation')), parameters('podCidr'), json('null')), 'serviceCidr', parameters('serviceCidr'), 'dnsServiceIP', parameters('dnsServiceIP'), 'outboundType', parameters('aksOutboundTrafficType'), 'ebpfDataplane', if(equals(parameters('networkPlugin'), 'azure'), parameters('ebpfDataplane'), '')), 'disableLocalAccounts', and(parameters('AksDisableLocalAccounts'), parameters('enable_aad')), 'autoUpgradeProfile', createObject('upgradeChannel', parameters('upgradeChannel')), 'addonProfiles', if(not(empty(variables('aks_addons1'))), variables('aks_addons1'), variables('aks_addons')), 'autoScalerProfile', if(variables('autoScale'), parameters('AutoscaleProfile'), createObject()), 'oidcIssuerProfile', createObject('enabled', parameters('oidcIssuer')), 'securityProfile', createObject('workloadIdentity', createObject('enabled', parameters('workloadIdentity'))), 'ingressProfile', createObject('webAppRouting', createObject('enabled', parameters('warIngressNginx'))), 'storageProfile', createObject('blobCSIDriver', createObject('enabled', parameters('blobCSIDriver')), 'diskCSIDriver', createObject('enabled', parameters('diskCSIDriver')), 'fileCSIDriver', createObject('enabled', parameters('fileCSIDriver'))), 'nodeResourceGroupProfile', createObject('restrictionLevel', parameters('restrictionLevelNodeResourceGroup'))), if(equals(parameters('aksOutboundTrafficType'), 'managedNATGateway'), variables('managedNATGatewayProfile'), createObject()), if(and(parameters('defenderForContainers'), variables('createLaw')), variables('azureDefenderSecurityProfile'), createObject()), if(or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), createObject('securityProfile', createObject('azureKeyVaultKms', createObject('enabled', or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), 'keyId', if(variables('keyVaultKmsCreateAndPrereqs'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-keyvaultKmsKeys-{1}', deployment().name, parameters('resourceName')), 64)), '2022-09-01').outputs.keyVaultKmsKeyUri.value, if(not(empty(parameters('keyVaultKmsByoKeyId'))), parameters('keyVaultKmsByoKeyId'), '')), 'keyVaultNetworkAccess', if(parameters('privateLinks'), 'private', 'public'), 'keyVaultResourceId', if(and(parameters('privateLinks'), not(empty(parameters('keyVaultKmsByoKeyId')))), extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('keyVaultKmsByoRG')), 'Microsoft.KeyVault/vaults', variables('keyVaultKmsByoName')), '')))), createObject()), if(not(empty(parameters('managedNodeResourceGroup'))), createObject('nodeResourceGroup', parameters('managedNodeResourceGroup')), createObject()))]",
+              "properties": "[union(createObject('kubernetesVersion', parameters('kubernetesVersion'), 'enableRBAC', true(), 'dnsPrefix', parameters('dnsPrefix'), 'aadProfile', if(parameters('enable_aad'), createObject('managed', true(), 'enableAzureRBAC', parameters('enableAzureRBAC'), 'tenantID', parameters('aad_tenant_id')), null()), 'apiServerAccessProfile', if(not(empty(parameters('authorizedIPRanges'))), createObject('authorizedIPRanges', parameters('authorizedIPRanges')), createObject('enablePrivateCluster', parameters('enablePrivateCluster'), 'privateDNSZone', if(parameters('enablePrivateCluster'), variables('aksPrivateDnsZone'), ''), 'enablePrivateClusterPublicFQDN', and(parameters('enablePrivateCluster'), equals(parameters('privateClusterDnsMethod'), 'none')))), 'agentPoolProfiles', if(parameters('JustUseSystemPool'), array(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule')))), concat(array(union(createObject('name', if(parameters('JustUseSystemPool'), parameters('nodePoolName'), 'npsystem'), 'vmSize', parameters('agentVMSize'), 'count', parameters('agentCount'), 'mode', 'System', 'osType', 'Linux', 'maxPods', 30, 'type', 'VirtualMachineScaleSets', 'vnetSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksSubnetId.value, parameters('byoAKSSubnetId')), null()), 'podSubnetID', if(not(empty(if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')))), if(parameters('custom_vnet'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-network', deployment().name), 64)), '2022-09-01').outputs.aksPodSubnetId.value, parameters('byoAKSPodSubnetId')), null()), 'upgradeSettings', createObject('maxSurge', '33%'), 'nodeTaints', createArray(if(parameters('JustUseSystemPool'), '', 'CriticalAddonsOnly=true:NoSchedule'))), if(and(equals(parameters('SystemPoolType'), 'Custom'), not(equals(parameters('SystemPoolCustomPreset'), createObject()))), parameters('SystemPoolCustomPreset'), variables('systemPoolPresets')[parameters('SystemPoolType')]))))), 'workloadAutoScalerProfile', createObject('keda', createObject('enabled', parameters('kedaAddon'))), 'networkProfile', createObject('loadBalancerSku', 'standard', 'networkPlugin', parameters('networkPlugin'), 'networkPolicy', parameters('networkPolicy'), 'networkPluginMode', if(equals(parameters('networkPlugin'), 'azure'), parameters('networkPluginMode'), ''), 'podCidr', if(or(equals(parameters('networkPlugin'), 'kubenet'), parameters('cniDynamicIpAllocation')), parameters('podCidr'), json('null')), 'serviceCidr', parameters('serviceCidr'), 'dnsServiceIP', parameters('dnsServiceIP'), 'outboundType', parameters('aksOutboundTrafficType'), 'ebpfDataplane', if(equals(parameters('networkPlugin'), 'azure'), parameters('ebpfDataplane'), '')), 'disableLocalAccounts', and(parameters('AksDisableLocalAccounts'), parameters('enable_aad')), 'autoUpgradeProfile', createObject('upgradeChannel', parameters('upgradeChannel')), 'addonProfiles', if(not(empty(variables('aks_addons1'))), variables('aks_addons1'), variables('aks_addons')), 'autoScalerProfile', if(variables('autoScale'), parameters('AutoscaleProfile'), createObject()), 'oidcIssuerProfile', createObject('enabled', parameters('oidcIssuer')), 'securityProfile', createObject('workloadIdentity', createObject('enabled', parameters('workloadIdentity'))), 'ingressProfile', createObject('webAppRouting', createObject('enabled', parameters('warIngressNginx'))), 'storageProfile', createObject('blobCSIDriver', createObject('enabled', parameters('blobCSIDriver')), 'diskCSIDriver', createObject('enabled', parameters('diskCSIDriver')), 'fileCSIDriver', createObject('enabled', parameters('fileCSIDriver'))), createObject('restrictionLevel', parameters('restrictionLevelNodeResourceGroup'))), if(equals(parameters('aksOutboundTrafficType'), 'managedNATGateway'), variables('managedNATGatewayProfile'), createObject()), if(and(parameters('defenderForContainers'), variables('createLaw')), variables('azureDefenderSecurityProfile'), createObject()), if(or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), createObject('securityProfile', createObject('azureKeyVaultKms', createObject('enabled', or(variables('keyVaultKmsCreateAndPrereqs'), not(empty(parameters('keyVaultKmsByoKeyId')))), 'keyId', if(variables('keyVaultKmsCreateAndPrereqs'), reference(resourceId('Microsoft.Resources/deployments', take(format('{0}-keyvaultKmsKeys-{1}', deployment().name, parameters('resourceName')), 64)), '2022-09-01').outputs.keyVaultKmsKeyUri.value, if(not(empty(parameters('keyVaultKmsByoKeyId'))), parameters('keyVaultKmsByoKeyId'), '')), 'keyVaultNetworkAccess', if(parameters('privateLinks'), 'private', 'public'), 'keyVaultResourceId', if(and(parameters('privateLinks'), not(empty(parameters('keyVaultKmsByoKeyId')))), extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('keyVaultKmsByoRG')), 'Microsoft.KeyVault/vaults', variables('keyVaultKmsByoName')), '')))), createObject()), if(not(empty(parameters('managedNodeResourceGroup'))), createObject('nodeResourceGroup', parameters('managedNodeResourceGroup')), createObject()))]",
               "identity": "[if(variables('createAksUai'), createObject('type', 'UserAssigned', 'userAssignedIdentities', createObject(format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', format('id-aks-{0}', parameters('resourceName')))), createObject())), if(not(empty(parameters('byoUaiName'))), createObject('type', 'UserAssigned', 'userAssignedIdentities', createObject(format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('byoUaiName'))), createObject())), createObject('type', 'SystemAssigned')))]",
               "sku": {
                 "name": "Base",