From efd04f4f558b9485f0e12ab0fe198c8a08a089e7 Mon Sep 17 00:00:00 2001 From: Jon Huhn Date: Thu, 10 Oct 2024 10:42:11 -0500 Subject: [PATCH] bump ASO to v2.9.0 --- Makefile | 2 +- config/aso/crds.yaml | 17465 +++++++------------------------- config/aso/kustomization.yaml | 2 +- go.mod | 4 +- go.sum | 16 +- main.go | 2 - 6 files changed, 3941 insertions(+), 13550 deletions(-) diff --git a/Makefile b/Makefile index ecd6eca9aff..b2237a06a0c 100644 --- a/Makefile +++ b/Makefile @@ -166,7 +166,7 @@ CRD_ROOT ?= $(MANIFEST_ROOT)/crd/bases WEBHOOK_ROOT ?= $(MANIFEST_ROOT)/webhook RBAC_ROOT ?= $(MANIFEST_ROOT)/rbac ASO_CRDS_PATH := $(MANIFEST_ROOT)/aso/crds.yaml -ASO_VERSION := v2.8.0 +ASO_VERSION := v2.9.0 ASO_CRDS := resourcegroups.resources.azure.com natgateways.network.azure.com managedclusters.containerservice.azure.com managedclustersagentpools.containerservice.azure.com bastionhosts.network.azure.com virtualnetworks.network.azure.com virtualnetworkssubnets.network.azure.com privateendpoints.network.azure.com fleetsmembers.containerservice.azure.com extensions.kubernetesconfiguration.azure.com # Allow overriding the imagePullPolicy diff --git a/config/aso/crds.yaml b/config/aso/crds.yaml index abdf3d6b64d..0d788bd54f5 100644 --- a/config/aso/crds.yaml +++ b/config/aso/crds.yaml @@ -6,7 +6,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.14.0 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.8.0 + app.kubernetes.io/version: v2.9.0 name: bastionhosts.network.azure.com spec: conversion: @@ -636,7 +636,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.14.0 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.8.0 + app.kubernetes.io/version: v2.9.0 name: extensions.kubernetesconfiguration.azure.com spec: conversion: @@ -1772,7 +1772,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.14.0 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.8.0 + app.kubernetes.io/version: v2.9.0 name: fleetsmembers.containerservice.azure.com spec: conversion: @@ -2197,7 +2197,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.14.0 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.8.0 + app.kubernetes.io/version: v2.9.0 name: managedclusters.containerservice.azure.com spec: conversion: @@ -12897,12 +12897,12 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20230202preview + name: v1api20231001 schema: openAPIV3Schema: description: |- Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} properties: apiVersion: @@ -12982,9 +12982,26 @@ spec: items: type: string type: array - capacityReservationGroupID: - description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' - type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object count: description: |- Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) @@ -13019,12 +13036,6 @@ spec: enableAutoScaling: description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean - enableCustomCATrust: - description: |- - EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a - daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded - certificates into node trust stores. Defaults to false. - type: boolean enableEncryptionAtHost: description: |- EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, @@ -13214,12 +13225,18 @@ spec: type: boolean netIpv4TcpkeepaliveIntvl: description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + maximum: 90 + minimum: 10 type: integer netNetfilterNfConntrackBuckets: description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' + maximum: 524288 + minimum: 65536 type: integer netNetfilterNfConntrackMax: description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + maximum: 2097152 + minimum: 131072 type: integer vmMaxMapCount: description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' @@ -13250,12 +13267,6 @@ spec: maxPods: description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer - messageOfTheDay: - description: |- - MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of - the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., - will be printed raw and not be executed as a script). - type: string minCount: description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer @@ -13374,13 +13385,14 @@ spec: type: array orchestratorVersion: description: |- - OrchestratorVersion: Both patch version and are supported. When is - specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same - once it has been created will not trigger an upgrade, even if a newer patch version is available. As a - best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version - must have the same major version as the control plane. The node pool minor version must be within two minor versions of - the control plane version. The node pool version cannot be greater than the control plane version. For more information - see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: maximum: 2048 @@ -13397,12 +13409,11 @@ spec: type: string osSKU: description: |- - OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or - Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is - deprecated. + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. enum: + - AzureLinux - CBLMariner - - Mariner - Ubuntu - Windows2019 - Windows2022 @@ -13509,6 +13520,14 @@ spec: upgradeSettings: description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + maximum: 1440 + minimum: 1 + type: integer maxSurge: description: |- MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it @@ -13546,19 +13565,9 @@ spec: description: Name is the Kubernetes name of the resource. type: string type: object - windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' - properties: - disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. - type: boolean - type: object workloadRuntime: description: 'WorkloadRuntime: Determines the type of workload a node can run.' enum: - - KataMshvVmIsolation - OCIContainer - WasmWasi type: string @@ -13588,20 +13597,12 @@ spec: enablePrivateClusterPublicFQDN: description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' type: boolean - enableVnetIntegration: - description: 'EnableVnetIntegration: Whether to enable apiserver vnet integration for the cluster or not.' - type: boolean privateDNSZone: description: |- PrivateDNSZone: The default is System. For more details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and 'none'. type: string - subnetId: - description: |- - SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable - apiserver vnet integration. - type: string type: object autoScalerProfile: description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' @@ -13685,11 +13686,10 @@ spec: description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: The default is Unmanaged, but may change to either NodeImage or SecurityPatch at GA.' + description: 'NodeOSUpgradeChannel: Manner in which the OS on your nodes is updated. The default is NodeImage.' enum: - NodeImage - None - - SecurityPatch - Unmanaged type: string upgradeChannel: @@ -13705,26 +13705,36 @@ spec: type: string type: object azureMonitorProfile: - description: 'AzureMonitorProfile: Prometheus addon profile for the container service cluster' + description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' properties: metrics: - description: 'Metrics: Metrics profile for the prometheus service addon' + description: |- + Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. properties: enabled: - description: 'Enabled: Whether to enable the Prometheus collector' + description: |- + Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. type: boolean kubeStateMetrics: - description: 'KubeStateMetrics: Kube State Metrics for prometheus addon profile for the container service cluster' + description: |- + KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. properties: metricAnnotationsAllowList: description: |- - MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric. + MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's + labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric + contains only resource name and namespace labels. type: string metricLabelsAllowlist: description: |- - MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels - metric. + MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only + resource name and namespace labels. type: string type: object required: @@ -13739,32 +13749,6 @@ spec: minLength: 1 pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ type: string - creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a - snapshot. - properties: - sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object disableLocalAccounts: description: |- DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be @@ -13796,12 +13780,6 @@ spec: dnsPrefix: description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' type: string - enableNamespaceResources: - description: |- - EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed - cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as - a ARM Resource. - type: boolean enablePodSecurityPolicy: description: |- EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was @@ -13826,30 +13804,6 @@ spec: fqdnSubdomain: description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' type: string - guardrailsProfile: - description: 'GuardrailsProfile: The guardrails profile holds all the guardrails information for a given cluster' - properties: - excludedNamespaces: - description: 'ExcludedNamespaces: List of namespaces excluded from guardrails checks' - items: - type: string - type: array - level: - description: |- - Level: The guardrails level to be used. By default, Guardrails is enabled for all namespaces except those that AKS - excludes via systemExcludedNamespaces - enum: - - Enforcement - - "Off" - - Warning - type: string - version: - description: 'Version: The version of constraints to use' - type: string - required: - - level - - version - type: object httpProxyConfig: description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: @@ -13871,6 +13825,45 @@ spec: identity: description: 'Identity: The identity of the managed cluster, if configured.' properties: + delegatedResources: + additionalProperties: + description: Delegated resource properties - internal use only. + properties: + location: + description: 'Location: The source resource location - internal use only.' + type: string + referralResource: + description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' + type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + tenantId: + description: 'TenantId: The tenant id of the delegated resource - internal use only.' + pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ + type: string + type: object + description: |- + DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. + type: object type: description: |- Type: For more information see [use managed identities in @@ -13943,44 +13936,14 @@ spec: type: object description: 'IdentityProfile: Identities associated with the cluster.' type: object - ingressProfile: - description: 'IngressProfile: Ingress profile for the managed cluster.' - properties: - webAppRouting: - description: 'WebAppRouting: Web App Routing settings for the ingress profile.' - properties: - dnsZoneResourceReference: - description: |- - DnsZoneResourceReference: Resource ID of the DNS Zone to be associated with the web app. Used only when Web App Routing - is enabled. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - enabled: - description: 'Enabled: Whether to enable Web App Routing.' - type: boolean - type: object - type: object kubernetesVersion: description: |- - KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades - must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> - 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All + upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: @@ -14026,12 +13989,6 @@ spec: range specified in serviceCidr. pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ type: string - dockerBridgeCidr: - description: |- - DockerBridgeCidr: A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP - ranges or the Kubernetes service address range. - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ - type: string ipFamilies: description: |- IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value @@ -14042,45 +13999,6 @@ spec: - IPv6 type: string type: array - kubeProxyConfig: - description: |- - KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy - defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ - where is represented by a - string. Kubernetes version 1.23 would be '1-23'. - properties: - enabled: - description: |- - Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by - default without these customizations). - type: boolean - ipvsConfig: - description: 'IpvsConfig: Holds configuration customizations for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' - properties: - scheduler: - description: 'Scheduler: IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html.' - enum: - - LeastConnection - - RoundRobin - type: string - tcpFinTimeoutSeconds: - description: |- - TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive - integer value. - type: integer - tcpTimeoutSeconds: - description: 'TcpTimeoutSeconds: The timeout value used for idle IPVS TCP sessions in seconds. Must be a positive integer value.' - type: integer - udpTimeoutSeconds: - description: 'UdpTimeoutSeconds: The timeout value used for IPVS UDP packets in seconds. Must be a positive integer value.' - type: integer - type: object - mode: - description: 'Mode: Specify which proxy mode to use (''IPTABLES'' or ''IPVS'')' - enum: - - IPTABLES - - IPVS - type: string - type: object loadBalancerProfile: description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: @@ -14293,9 +14211,9 @@ spec: - none type: string networkPluginMode: - description: 'NetworkPluginMode: Network plugin mode used for building the Kubernetes network.' + description: 'NetworkPluginMode: The mode the network plugin should use.' enum: - - Overlay + - overlay type: string networkPolicy: description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' @@ -14342,16 +14260,6 @@ spec: nodeResourceGroup: description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string - nodeResourceGroupProfile: - description: 'NodeResourceGroupProfile: The node resource group configuration profile.' - properties: - restrictionLevel: - description: 'RestrictionLevel: The restriction level applied to the cluster''s node resource group' - enum: - - ReadOnly - - Unrestricted - type: string - type: object oidcIssuerProfile: description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: @@ -14588,7 +14496,6 @@ spec: enum: - Disabled - Enabled - - SecuredByPerimeter type: string securityProfile: description: 'SecurityProfile: Security profile for the managed cluster.' @@ -14640,16 +14547,6 @@ spec: type: string type: object type: object - customCATrustCertificates: - description: |- - CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the - Custom CA Trust feature enabled. For more information see [Custom CA Trust - Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) - items: - type: string - maxItems: 10 - minItems: 0 - type: array defender: description: 'Defender: Microsoft Defender settings for the security profile.' properties: @@ -14694,16 +14591,6 @@ spec: description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object - nodeRestriction: - description: |- - NodeRestriction: [Node - Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings - for the security profile. - properties: - enabled: - description: 'Enabled: Whether to enable Node Restriction' - type: boolean - type: object workloadIdentity: description: |- WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications @@ -14720,9 +14607,68 @@ spec: istio: description: 'Istio: Istio service mesh configuration.' properties: + certificateAuthority: + description: |- + CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca + properties: + plugin: + description: 'Plugin: Plugin certificates information for Service Mesh.' + properties: + certChainObjectName: + description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' + type: string + certObjectName: + description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' + type: string + keyObjectName: + description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' + type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of the Key Vault.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + rootCertObjectName: + description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' + type: string + type: object + type: object components: description: 'Components: Istio components configuration.' properties: + egressGateways: + description: 'EgressGateways: Istio egress gateways.' + items: + description: Istio egress gateway configuration. + properties: + enabled: + description: 'Enabled: Whether to enable the egress gateway.' + type: boolean + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector: NodeSelector for scheduling the egress gateway.' + type: object + required: + - enabled + type: object + type: array ingressGateways: description: 'IngressGateways: Istio ingress gateways.' items: @@ -14745,6 +14691,15 @@ spec: type: object type: array type: object + revisions: + description: |- + Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. + When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: + https://learn.microsoft.com/en-us/azure/aks/istio-upgrade + items: + type: string + maxItems: 2 + type: array type: object mode: description: 'Mode: Mode of the service mesh.' @@ -14795,6 +14750,7 @@ spec: Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. enum: - Free + - Premium - Standard type: string type: object @@ -14814,9 +14770,6 @@ spec: enabled: description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean - version: - description: 'Version: The version of AzureDisk CSI Driver. The default value is v1.' - type: string type: object fileCSIDriver: description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' @@ -14833,6 +14786,12 @@ spec: type: boolean type: object type: object + supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' + enum: + - AKSLongTermSupport + - KubernetesOfficial + type: string tags: additionalProperties: type: string @@ -14844,14 +14803,11 @@ spec: overrideSettings: description: 'OverrideSettings: Settings for overrides.' properties: - controlPlaneOverrides: - description: 'ControlPlaneOverrides: List of upgrade overrides when upgrading a cluster''s control plane.' - items: - description: The list of control plane upgrade override settings. - enum: - - IgnoreKubernetesDeprecations - type: string - type: array + forceUpgrade: + description: |- + ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade + protections such as checking for deprecated API usage. Enable this option only with caution. + type: boolean until: description: |- Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the @@ -14944,31 +14900,13 @@ spec: - enabled type: object verticalPodAutoscaler: + description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' properties: - controlledValues: - description: 'ControlledValues: Controls which resource value autoscaler will change. Default value is RequestsAndLimits.' - enum: - - RequestsAndLimits - - RequestsOnly - type: string enabled: description: 'Enabled: Whether to enable VPA. Default value is false.' type: boolean - updateMode: - description: |- - UpdateMode: Each update mode level is a superset of the lower levels. Off, this field will be - exactly equal to it. If orchestratorVersion was , this field will contain the full + CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be + exactly equal to it. If orchestratorVersion is , this field will contain the full version being used. type: string enableAutoScaling: description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean - enableCustomCATrust: - description: |- - EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a - daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded - certificates into node trust stores. Defaults to false. - type: boolean enableEncryptionAtHost: description: |- EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, @@ -15277,12 +15209,6 @@ spec: maxPods: description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer - messageOfTheDay: - description: |- - MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of - the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., - will be printed raw and not be executed as a script). - type: string minCount: description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer @@ -15356,13 +15282,14 @@ spec: type: array orchestratorVersion: description: |- - OrchestratorVersion: Both patch version and are supported. When is - specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same - once it has been created will not trigger an upgrade, even if a newer patch version is available. As a - best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version - must have the same major version as the control plane. The node pool minor version must be within two minor versions of - the control plane version. The node pool version cannot be greater than the control plane version. For more information - see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer @@ -15374,9 +15301,8 @@ spec: type: string osSKU: description: |- - OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or - Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is - deprecated. + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. type: string osType: description: 'OsType: The operating system type. The default is Linux.' @@ -15431,6 +15357,12 @@ spec: upgradeSettings: description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + type: integer maxSurge: description: |- MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it @@ -15451,15 +15383,6 @@ spec: this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string - windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' - properties: - disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. - type: boolean - type: object workloadRuntime: description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string @@ -15487,20 +15410,12 @@ spec: enablePrivateClusterPublicFQDN: description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' type: boolean - enableVnetIntegration: - description: 'EnableVnetIntegration: Whether to enable apiserver vnet integration for the cluster or not.' - type: boolean privateDNSZone: description: |- PrivateDNSZone: The default is System. For more details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and 'none'. type: string - subnetId: - description: |- - SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable - apiserver vnet integration. - type: string type: object autoScalerProfile: description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' @@ -15579,7 +15494,7 @@ spec: description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: The default is Unmanaged, but may change to either NodeImage or SecurityPatch at GA.' + description: 'NodeOSUpgradeChannel: Manner in which the OS on your nodes is updated. The default is NodeImage.' type: string upgradeChannel: description: |- @@ -15588,26 +15503,36 @@ spec: type: string type: object azureMonitorProfile: - description: 'AzureMonitorProfile: Prometheus addon profile for the container service cluster' + description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' properties: metrics: - description: 'Metrics: Metrics profile for the prometheus service addon' + description: |- + Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. properties: enabled: - description: 'Enabled: Whether to enable the Prometheus collector' + description: |- + Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. type: boolean kubeStateMetrics: - description: 'KubeStateMetrics: Kube State Metrics for prometheus addon profile for the container service cluster' + description: |- + KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. properties: metricAnnotationsAllowList: description: |- - MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric. + MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's + labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric + contains only resource name and namespace labels. type: string metricLabelsAllowlist: description: |- - MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels - metric. + MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only + resource name and namespace labels. type: string type: object type: object @@ -15662,17 +15587,11 @@ spec: - type type: object type: array - creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a - snapshot. - properties: - sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' - type: string - type: object currentKubernetesVersion: - description: 'CurrentKubernetesVersion: The version of Kubernetes the Managed Cluster is running.' + description: |- + CurrentKubernetesVersion: If kubernetesVersion was a fully specified version , this field will be + exactly equal to it. If kubernetesVersion was , this field will contain the full + version being used. type: string disableLocalAccounts: description: |- @@ -15688,12 +15607,6 @@ spec: dnsPrefix: description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' type: string - enableNamespaceResources: - description: |- - EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed - cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as - a ARM Resource. - type: boolean enablePodSecurityPolicy: description: |- EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was @@ -15719,38 +15632,9 @@ spec: fqdnSubdomain: description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' type: string - guardrailsProfile: - description: 'GuardrailsProfile: The guardrails profile holds all the guardrails information for a given cluster' - properties: - excludedNamespaces: - description: 'ExcludedNamespaces: List of namespaces excluded from guardrails checks' - items: - type: string - type: array - level: - description: |- - Level: The guardrails level to be used. By default, Guardrails is enabled for all namespaces except those that AKS - excludes via systemExcludedNamespaces - type: string - systemExcludedNamespaces: - description: 'SystemExcludedNamespaces: List of namespaces specified by AKS to be excluded from Guardrails' - items: - type: string - type: array - version: - description: 'Version: The version of constraints to use' - type: string - type: object httpProxyConfig: description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: - effectiveNoProxy: - description: |- - EffectiveNoProxy: A read-only list of all endpoints for which traffic should not be sent to the proxy. This list is a - superset of noProxy and values injected by AKS. - items: - type: string - type: array httpProxy: description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string @@ -15768,12 +15652,33 @@ spec: type: object id: description: |- - Id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} + Id: Fully qualified resource ID for the resource. E.g. + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" type: string identity: description: 'Identity: The identity of the managed cluster, if configured.' properties: + delegatedResources: + additionalProperties: + description: Delegated resource properties - internal use only. + properties: + location: + description: 'Location: The source resource location - internal use only.' + type: string + referralResource: + description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' + type: string + resourceId: + description: 'ResourceId: The ARM resource id of the delegated resource - internal use only.' + type: string + tenantId: + description: 'TenantId: The tenant id of the delegated resource - internal use only.' + type: string + type: object + description: |- + DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. + type: object principalId: description: 'PrincipalId: The principal id of the system assigned identity which is used by master components.' type: string @@ -15816,44 +15721,14 @@ spec: type: object description: 'IdentityProfile: Identities associated with the cluster.' type: object - ingressProfile: - description: 'IngressProfile: Ingress profile for the managed cluster.' - properties: - webAppRouting: - description: 'WebAppRouting: Web App Routing settings for the ingress profile.' - properties: - dnsZoneResourceId: - description: |- - DnsZoneResourceId: Resource ID of the DNS Zone to be associated with the web app. Used only when Web App Routing is - enabled. - type: string - enabled: - description: 'Enabled: Whether to enable Web App Routing.' - type: boolean - identity: - description: |- - Identity: Managed identity of the Web Application Routing add-on. This is the identity that should be granted - permissions, for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See - [this overview of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) for more - instructions. - properties: - clientId: - description: 'ClientId: The client ID of the user assigned identity.' - type: string - objectId: - description: 'ObjectId: The object ID of the user assigned identity.' - type: string - resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' - type: string - type: object - type: object - type: object kubernetesVersion: description: |- - KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades - must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> - 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All + upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: @@ -15896,11 +15771,6 @@ spec: DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. type: string - dockerBridgeCidr: - description: |- - DockerBridgeCidr: A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP - ranges or the Kubernetes service address range. - type: string ipFamilies: description: |- IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value @@ -15908,39 +15778,6 @@ spec: items: type: string type: array - kubeProxyConfig: - description: |- - KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy - defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ - where is represented by a - string. Kubernetes version 1.23 would be '1-23'. - properties: - enabled: - description: |- - Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by - default without these customizations). - type: boolean - ipvsConfig: - description: 'IpvsConfig: Holds configuration customizations for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' - properties: - scheduler: - description: 'Scheduler: IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html.' - type: string - tcpFinTimeoutSeconds: - description: |- - TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive - integer value. - type: integer - tcpTimeoutSeconds: - description: 'TcpTimeoutSeconds: The timeout value used for idle IPVS TCP sessions in seconds. Must be a positive integer value.' - type: integer - udpTimeoutSeconds: - description: 'UdpTimeoutSeconds: The timeout value used for IPVS UDP packets in seconds. Must be a positive integer value.' - type: integer - type: object - mode: - description: 'Mode: Specify which proxy mode to use (''IPTABLES'' or ''IPVS'')' - type: string - type: object loadBalancerProfile: description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: @@ -16057,7 +15894,7 @@ spec: description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' type: string networkPluginMode: - description: 'NetworkPluginMode: Network plugin mode used for building the Kubernetes network.' + description: 'NetworkPluginMode: The mode the network plugin should use.' type: string networkPolicy: description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' @@ -16093,13 +15930,6 @@ spec: nodeResourceGroup: description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string - nodeResourceGroupProfile: - description: 'NodeResourceGroupProfile: The node resource group configuration profile.' - properties: - restrictionLevel: - description: 'RestrictionLevel: The restriction level applied to the cluster''s node resource group' - type: string - type: object oidcIssuerProfile: description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: @@ -16256,6 +16086,11 @@ spec: publicNetworkAccess: description: 'PublicNetworkAccess: Allow or deny public network access for AKS' type: string + resourceUID: + description: |- + ResourceUID: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create + sequence) + type: string securityProfile: description: 'SecurityProfile: Security profile for the managed cluster.' properties: @@ -16286,14 +16121,6 @@ spec: be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. type: string type: object - customCATrustCertificates: - description: |- - CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the - Custom CA Trust feature enabled. For more information see [Custom CA Trust - Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) - items: - type: string - type: array defender: description: 'Defender: Microsoft Defender settings for the security profile.' properties: @@ -16321,16 +16148,6 @@ spec: description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object - nodeRestriction: - description: |- - NodeRestriction: [Node - Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings - for the security profile. - properties: - enabled: - description: 'Enabled: Whether to enable Node Restriction' - type: boolean - type: object workloadIdentity: description: |- WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications @@ -16347,9 +16164,49 @@ spec: istio: description: 'Istio: Istio service mesh configuration.' properties: + certificateAuthority: + description: |- + CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca + properties: + plugin: + description: 'Plugin: Plugin certificates information for Service Mesh.' + properties: + certChainObjectName: + description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' + type: string + certObjectName: + description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' + type: string + keyObjectName: + description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' + type: string + keyVaultId: + description: 'KeyVaultId: The resource ID of the Key Vault.' + type: string + rootCertObjectName: + description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' + type: string + type: object + type: object components: description: 'Components: Istio components configuration.' properties: + egressGateways: + description: 'EgressGateways: Istio egress gateways.' + items: + description: Istio egress gateway configuration. + properties: + enabled: + description: 'Enabled: Whether to enable the egress gateway.' + type: boolean + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector: NodeSelector for scheduling the egress gateway.' + type: object + type: object + type: array ingressGateways: description: 'IngressGateways: Istio ingress gateways.' items: @@ -16366,6 +16223,14 @@ spec: type: object type: array type: object + revisions: + description: |- + Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. + When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: + https://learn.microsoft.com/en-us/azure/aks/istio-upgrade + items: + type: string + type: array type: object mode: description: 'Mode: Mode of the service mesh.' @@ -16408,9 +16273,6 @@ spec: enabled: description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean - version: - description: 'Version: The version of AzureDisk CSI Driver. The default value is v1.' - type: string type: object fileCSIDriver: description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' @@ -16427,6 +16289,9 @@ spec: type: boolean type: object type: object + supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' + type: string systemData: description: 'SystemData: Azure Resource Manager metadata containing createdBy and modifiedBy information.' properties: @@ -16463,12 +16328,11 @@ spec: overrideSettings: description: 'OverrideSettings: Settings for overrides.' properties: - controlPlaneOverrides: - description: 'ControlPlaneOverrides: List of upgrade overrides when upgrading a cluster''s control plane.' - items: - description: The list of control plane upgrade override settings. - type: string - type: array + forceUpgrade: + description: |- + ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade + protections such as checking for deprecated API usage. Enable this option only with caution. + type: boolean until: description: |- Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the @@ -16529,19 +16393,11 @@ spec: type: boolean type: object verticalPodAutoscaler: + description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' properties: - controlledValues: - description: 'ControlledValues: Controls which resource value autoscaler will change. Default value is RequestsAndLimits.' - type: string enabled: description: 'Enabled: Whether to enable VPA. Default value is false.' type: boolean - updateMode: - description: |- - UpdateMode: Each update mode level is a superset of the lower levels. Off (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: maximum: 2048 @@ -20967,14 +20707,17 @@ spec: type: string osSKU: description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. enum: - AzureLinux - CBLMariner + - Mariner - Ubuntu - Windows2019 - Windows2022 + - WindowsAnnual type: string osType: description: 'OsType: The operating system type. The default is Linux.' @@ -21058,6 +20801,26 @@ spec: - Regular - Spot type: string + securityProfile: + description: 'SecurityProfile: The security settings of an agent pool.' + properties: + enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' + enum: + - Disabled + - LocalUser + type: string + type: object spotMaxPrice: description: |- SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any @@ -21074,6 +20837,7 @@ spec: enum: - AvailabilitySet - VirtualMachineScaleSets + - VirtualMachines type: string upgradeSettings: description: 'UpgradeSettings: Settings for upgrading the agentpool' @@ -21093,6 +20857,52 @@ spec: up. If not specified, the default is 1. For more information, including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string + nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. + maximum: 30 + minimum: 0 + type: integer + type: object + virtualMachineNodesStatus: + items: + description: Current status on a group of nodes of the same vm size. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: 'Size: The VM size of the agents used to host this group of nodes.' + type: string + type: object + type: array + virtualMachinesProfile: + description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' + properties: + scale: + description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' + properties: + manual: + description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' + items: + description: Specifications on number of machines. + properties: + count: + description: 'Count: Number of nodes.' + maximum: 1000 + minimum: 0 + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes. AKS will use the first available one when scaling. If a VM size is unavailable + (e.g. due to quota or regional capacity reasons), AKS will use the next size. + items: + type: string + type: array + type: object + type: array + type: object type: object vmSize: description: |- @@ -21123,9 +20933,19 @@ spec: description: Name is the Kubernetes name of the resource. type: string type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object workloadRuntime: description: 'WorkloadRuntime: Determines the type of workload a node can run.' enum: + - KataMshvVmIsolation - OCIContainer - WasmWasi type: string @@ -21133,6 +20953,13 @@ spec: - name type: object type: array + aiToolchainOperatorProfile: + description: 'AiToolchainOperatorProfile: AI toolchain operator settings that apply to the whole cluster.' + properties: + enabled: + description: 'Enabled: Indicates if AI toolchain operator enabled or not.' + type: boolean + type: object apiServerAccessProfile: description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' properties: @@ -21155,12 +20982,20 @@ spec: enablePrivateClusterPublicFQDN: description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver vnet integration for the cluster or not.' + type: boolean privateDNSZone: description: |- PrivateDNSZone: The default is System. For more details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and 'none'. type: string + subnetId: + description: |- + SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration. + type: string type: object autoScalerProfile: description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' @@ -21168,17 +21003,31 @@ spec: balance-similar-node-groups: description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' type: string - expander: + daemonset-eviction-for-empty-nodes: description: |- - Expander: If not specified, the default is 'random'. See - [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more - information. + DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the + node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be + deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean + daemonset-eviction-for-occupied-nodes: + description: |- + DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion + of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node + will be deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean + expander: + description: 'Expander: Available values are: ''least-waste'', ''most-pods'', ''priority'', ''random''.' enum: - least-waste - most-pods - priority - random type: string + ignore-daemonsets-utilization: + description: |- + IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making + scaling down decisions. + type: boolean max-empty-bulk-delete: description: 'MaxEmptyBulkDelete: The default is 10.' type: string @@ -21244,10 +21093,11 @@ spec: description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: Manner in which the OS on your nodes is updated. The default is NodeImage.' + description: 'NodeOSUpgradeChannel: The default is Unmanaged, but may change to either NodeImage or SecurityPatch at GA.' enum: - NodeImage - None + - SecurityPatch - Unmanaged type: string upgradeChannel: @@ -21263,36 +21113,92 @@ spec: type: string type: object azureMonitorProfile: - description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' + description: 'AzureMonitorProfile: Prometheus addon profile for the container service cluster' properties: - metrics: + logs: description: |- - Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. + Logs: Logs profile for the Azure Monitor Infrastructure and Application Logs. Collect out-of-the-box Kubernetes + infrastructure & application logs to send to Azure Monitor. See aka.ms/AzureMonitorContainerInsights for an overview. properties: - enabled: + appMonitoring: description: |- - Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See - aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. + AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics + and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring enabled or not.' + type: boolean + type: object + containerInsights: + description: |- + ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & + stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Azure Monitor Container Insights Logs Addon is enabled or not.' + type: boolean + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing + Azure Monitor Container Insights Logs. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsHostLogs: + description: |- + WindowsHostLogs: Windows Host Logs Profile for Kubernetes Windows Nodes Log Collection. Collects ETW, Event Logs and + Text logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Windows Host Log Collection is enabled or not for Azure Monitor Container Insights Logs Addon.' + type: boolean + type: object + type: object + type: object + metrics: + description: 'Metrics: Metrics profile for the prometheus service addon' + properties: + appMonitoringOpenTelemetryMetrics: + description: |- + AppMonitoringOpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application + Container Metrics. Collects OpenTelemetry metrics through auto-instrumentation of the application using Azure Monitor + OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring Open Telemetry Metrics is enabled or not.' + type: boolean + type: object + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' type: boolean kubeStateMetrics: - description: |- - KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. + description: 'KubeStateMetrics: Kube State Metrics for prometheus addon profile for the container service cluster' properties: metricAnnotationsAllowList: description: |- - MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's - labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric - contains only resource name and namespace labels. + MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric. type: string metricLabelsAllowlist: description: |- - MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only - resource name and namespace labels. + MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels + metric. type: string type: object required: @@ -21307,6 +21213,32 @@ spec: minLength: 1 pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ type: string + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a + snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object disableLocalAccounts: description: |- DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be @@ -21338,6 +21270,12 @@ spec: dnsPrefix: description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' type: string + enableNamespaceResources: + description: |- + EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as + a ARM Resource. + type: boolean enablePodSecurityPolicy: description: |- EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was @@ -21494,14 +21432,48 @@ spec: type: object description: 'IdentityProfile: Identities associated with the cluster.' type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the ingress profile.' + properties: + dnsZoneResourceReferences: + description: |- + DnsZoneResourceReferences: Resource IDs of the DNS zones to be associated with the Web App Routing add-on. Used only + when Web App Routing is enabled. Public and private DNS zones can be in different resource groups, but all public DNS + zones must be in the same resource group and all private DNS zones must be in the same resource group. + items: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + type: object + type: object kubernetesVersion: description: |- - KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All - upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or - 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> + 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: @@ -21538,6 +21510,20 @@ spec: location: description: 'Location: The geo-location where the resource lives' type: string + metricsProfile: + description: 'MetricsProfile: Optional cluster metrics configuration.' + properties: + costAnalysis: + description: 'CostAnalysis: The cost analysis configuration for the cluster' + properties: + enabled: + description: |- + Enabled: The Managed Cluster sku.tier must be set to 'Standard' to enable this feature. Enabling this will add + Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the + default is false. For more information see aka.ms/aks/docs/cost-analysis. + type: boolean + type: object + type: object networkProfile: description: 'NetworkProfile: The network configuration profile.' properties: @@ -21552,11 +21538,51 @@ spec: IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value is IPv4. For dual-stack, the expected values are IPv4 and IPv6. items: + description: To determine if address belongs IPv4 or IPv6 family. enum: - IPv4 - IPv6 type: string type: array + kubeProxyConfig: + description: |- + KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - string. Kubernetes version 1.23 would be '1-23'. + properties: + enabled: + description: |- + Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by + default without these customizations). + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + enum: + - LeastConnection + - RoundRobin + type: string + tcpFinTimeoutSeconds: + description: |- + TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive + integer value. + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used for idle IPVS TCP sessions in seconds. Must be a positive integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used for IPVS UDP packets in seconds. Must be a positive integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' or ''IPVS'')' + enum: + - IPTABLES + - IPVS + type: string + type: object loadBalancerProfile: description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: @@ -21700,6 +21726,15 @@ spec: - basic - standard type: string + monitoring: + description: |- + Monitoring: This addon can be used to configure network monitoring and generate network monitoring data in Prometheus + format + properties: + enabled: + description: 'Enabled: Enable or disable the network monitoring plugin on the cluster' + type: boolean + type: object natGatewayProfile: description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: @@ -21769,7 +21804,7 @@ spec: - none type: string networkPluginMode: - description: 'NetworkPluginMode: The mode the network plugin should use.' + description: 'NetworkPluginMode: Network plugin mode used for building the Kubernetes network.' enum: - overlay type: string @@ -21779,6 +21814,7 @@ spec: - azure - calico - cilium + - none type: string outboundType: description: |- @@ -21815,9 +21851,29 @@ spec: type: string type: array type: object + nodeProvisioningProfile: + description: 'NodeProvisioningProfile: Node provisioning settings that apply to the whole cluster.' + properties: + mode: + description: 'Mode: Once the mode it set to Auto, it cannot be changed back to Manual.' + enum: + - Auto + - Manual + type: string + type: object nodeResourceGroup: description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied to the cluster''s node resource group' + enum: + - ReadOnly + - Unrestricted + type: string + type: object oidcIssuerProfile: description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: @@ -21850,21 +21906,6 @@ spec: - key - name type: object - principalId: - description: 'PrincipalId: indicates where the PrincipalId config map should be placed. If omitted, no config map will be created.' - properties: - key: - description: Key is the key in the ConfigMap being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes ConfigMap being referenced. - The ConfigMap must be in the same namespace as the resource - type: string - required: - - key - - name - type: object type: object secrets: description: 'Secrets: configures where to place Azure generated secrets.' @@ -22054,7 +22095,31 @@ spec: enum: - Disabled - Enabled + - SecuredByPerimeter type: string + safeguardsProfile: + description: 'SafeguardsProfile: The Safeguards profile holds all the safeguards information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded from Safeguards checks' + items: + type: string + type: array + level: + description: |- + Level: The Safeguards level to be used. By default, Safeguards is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces + enum: + - Enforcement + - "Off" + - Warning + type: string + version: + description: 'Version: The version of constraints to use' + type: string + required: + - level + type: object securityProfile: description: 'SecurityProfile: Security profile for the managed cluster.' properties: @@ -22105,6 +22170,16 @@ spec: type: string type: object type: object + customCATrustCertificates: + description: |- + CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the + Custom CA Trust feature enabled. For more information see [Custom CA Trust + Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) + items: + type: string + maxItems: 10 + minItems: 0 + type: array defender: description: 'Defender: Microsoft Defender settings for the security profile.' properties: @@ -22149,6 +22224,26 @@ spec: description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object + imageIntegrity: + description: |- + ImageIntegrity: Image integrity is a feature that works with Azure Policy to verify image integrity by signature. This + will not have any effect unless Azure Policy is applied to enforce image signatures. See + https://aka.ms/aks/image-integrity for how to use this feature via policy. + properties: + enabled: + description: 'Enabled: Whether to enable image integrity. The default value is false.' + type: boolean + type: object + nodeRestriction: + description: |- + NodeRestriction: [Node + Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings + for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object workloadIdentity: description: |- WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications @@ -22328,6 +22423,9 @@ spec: enabled: description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. The default value is v1.' + type: string type: object fileCSIDriver: description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' @@ -22458,10 +22556,15 @@ spec: - enabled type: object verticalPodAutoscaler: - description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' properties: + addonAutoscaling: + description: 'AddonAutoscaling: Whether VPA add-on is enabled and configured to scale AKS-managed add-ons.' + enum: + - Disabled + - Enabled + type: string enabled: - description: 'Enabled: Whether to enable VPA. Default value is false.' + description: 'Enabled: Whether to enable VPA add-on in cluster. Default value is false.' type: boolean required: - enabled @@ -22536,6 +22639,15 @@ spec: items: description: Profile for the container service agent pool. properties: + artifactStreamingProfile: + description: 'ArtifactStreamingProfile: Configuration for using artifact streaming on AKS.' + properties: + enabled: + description: |- + Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use + this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. + type: boolean + type: object availabilityZones: description: |- AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType @@ -22562,13 +22674,19 @@ spec: type: object currentOrchestratorVersion: description: |- - CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be - exactly equal to it. If orchestratorVersion is , this field will contain the full + CurrentOrchestratorVersion: If orchestratorVersion was a fully specified version , this field will be + exactly equal to it. If orchestratorVersion was , this field will contain the full version being used. type: string enableAutoScaling: description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean enableEncryptionAtHost: description: |- EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, @@ -22594,6 +22712,17 @@ spec: gpuInstanceProfile: description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string + gpuProfile: + description: 'GpuProfile: The GPU settings of an agent pool.' + properties: + installGPUDriver: + description: |- + InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU + Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents + automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver + installation themselves. + type: boolean + type: object hostGroupID: description: |- HostGroupID: This is of the form: @@ -22767,6 +22896,12 @@ spec: maxPods: description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string minCount: description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer @@ -22823,6 +22958,16 @@ spec: nodeImageVersion: description: 'NodeImageVersion: The version of node image' type: string + nodeInitializationTaints: + description: |- + NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field + can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that + requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the + node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint + nodes node1 key1=value1:NoSchedule-` + items: + type: string + type: array nodeLabels: additionalProperties: type: string @@ -22840,14 +22985,13 @@ spec: type: array orchestratorVersion: description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer @@ -22859,8 +23003,9 @@ spec: type: string osSKU: description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. type: string osType: description: 'OsType: The operating system type. The default is Linux.' @@ -22898,6 +23043,23 @@ spec: scaleSetPriority: description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' type: string + securityProfile: + description: 'SecurityProfile: The security settings of an agent pool.' + properties: + enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' + type: string + type: object spotMaxPrice: description: |- SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any @@ -22928,6 +23090,48 @@ spec: up. If not specified, the default is 1. For more information, including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string + nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. + type: integer + type: object + virtualMachineNodesStatus: + items: + description: Current status on a group of nodes of the same vm size. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: 'Size: The VM size of the agents used to host this group of nodes.' + type: string + type: object + type: array + virtualMachinesProfile: + description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' + properties: + scale: + description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' + properties: + manual: + description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' + items: + description: Specifications on number of machines. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes. AKS will use the first available one when scaling. If a VM size is unavailable + (e.g. due to quota or regional capacity reasons), AKS will use the next size. + items: + type: string + type: array + type: object + type: array + type: object type: object vmSize: description: |- @@ -22941,11 +23145,27 @@ spec: this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object workloadRuntime: description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string type: object type: array + aiToolchainOperatorProfile: + description: 'AiToolchainOperatorProfile: AI toolchain operator settings that apply to the whole cluster.' + properties: + enabled: + description: 'Enabled: Indicates if AI toolchain operator enabled or not.' + type: boolean + type: object apiServerAccessProfile: description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' properties: @@ -22968,12 +23188,20 @@ spec: enablePrivateClusterPublicFQDN: description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver vnet integration for the cluster or not.' + type: boolean privateDNSZone: description: |- PrivateDNSZone: The default is System. For more details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and 'none'. type: string + subnetId: + description: |- + SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration. + type: string type: object autoScalerProfile: description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' @@ -22981,12 +23209,26 @@ spec: balance-similar-node-groups: description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' type: string - expander: + daemonset-eviction-for-empty-nodes: description: |- - Expander: If not specified, the default is 'random'. See - [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more - information. + DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the + node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be + deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean + daemonset-eviction-for-occupied-nodes: + description: |- + DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion + of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node + will be deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean + expander: + description: 'Expander: Available values are: ''least-waste'', ''most-pods'', ''priority'', ''random''.' type: string + ignore-daemonsets-utilization: + description: |- + IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making + scaling down decisions. + type: boolean max-empty-bulk-delete: description: 'MaxEmptyBulkDelete: The default is 10.' type: string @@ -23052,7 +23294,7 @@ spec: description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: Manner in which the OS on your nodes is updated. The default is NodeImage.' + description: 'NodeOSUpgradeChannel: The default is Unmanaged, but may change to either NodeImage or SecurityPatch at GA.' type: string upgradeChannel: description: |- @@ -23061,36 +23303,75 @@ spec: type: string type: object azureMonitorProfile: - description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' + description: 'AzureMonitorProfile: Prometheus addon profile for the container service cluster' properties: - metrics: + logs: description: |- - Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. + Logs: Logs profile for the Azure Monitor Infrastructure and Application Logs. Collect out-of-the-box Kubernetes + infrastructure & application logs to send to Azure Monitor. See aka.ms/AzureMonitorContainerInsights for an overview. properties: - enabled: + appMonitoring: description: |- - Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See - aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. + AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics + and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring enabled or not.' + type: boolean + type: object + containerInsights: + description: |- + ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & + stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Azure Monitor Container Insights Logs Addon is enabled or not.' + type: boolean + logAnalyticsWorkspaceResourceId: + description: |- + LogAnalyticsWorkspaceResourceId: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing Azure + Monitor Container Insights Logs. + type: string + windowsHostLogs: + description: |- + WindowsHostLogs: Windows Host Logs Profile for Kubernetes Windows Nodes Log Collection. Collects ETW, Event Logs and + Text logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Windows Host Log Collection is enabled or not for Azure Monitor Container Insights Logs Addon.' + type: boolean + type: object + type: object + type: object + metrics: + description: 'Metrics: Metrics profile for the prometheus service addon' + properties: + appMonitoringOpenTelemetryMetrics: + description: |- + AppMonitoringOpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application + Container Metrics. Collects OpenTelemetry metrics through auto-instrumentation of the application using Azure Monitor + OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring Open Telemetry Metrics is enabled or not.' + type: boolean + type: object + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' type: boolean kubeStateMetrics: - description: |- - KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. + description: 'KubeStateMetrics: Kube State Metrics for prometheus addon profile for the container service cluster' properties: metricAnnotationsAllowList: description: |- - MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's - labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric - contains only resource name and namespace labels. + MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric. type: string metricLabelsAllowlist: description: |- - MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only - resource name and namespace labels. + MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels + metric. type: string type: object type: object @@ -23145,11 +23426,17 @@ spec: - type type: object type: array - currentKubernetesVersion: + creationData: description: |- - CurrentKubernetesVersion: If kubernetesVersion was a fully specified version , this field will be - exactly equal to it. If kubernetesVersion was , this field will contain the full - version being used. + CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a + snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' + type: string + type: object + currentKubernetesVersion: + description: 'CurrentKubernetesVersion: The version of Kubernetes the Managed Cluster is running.' type: string disableLocalAccounts: description: |- @@ -23165,6 +23452,12 @@ spec: dnsPrefix: description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' type: string + enableNamespaceResources: + description: |- + EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as + a ARM Resource. + type: boolean enablePodSecurityPolicy: description: |- EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was @@ -23193,6 +23486,13 @@ spec: httpProxyConfig: description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: + effectiveNoProxy: + description: |- + EffectiveNoProxy: A read-only list of all endpoints for which traffic should not be sent to the proxy. This list is a + superset of noProxy and values injected by AKS. + items: + type: string + type: array httpProxy: description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string @@ -23279,14 +23579,47 @@ spec: type: object description: 'IdentityProfile: Identities associated with the cluster.' type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the ingress profile.' + properties: + dnsZoneResourceIds: + description: |- + DnsZoneResourceIds: Resource IDs of the DNS zones to be associated with the Web App Routing add-on. Used only when Web + App Routing is enabled. Public and private DNS zones can be in different resource groups, but all public DNS zones must + be in the same resource group and all private DNS zones must be in the same resource group. + items: + type: string + type: array + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + identity: + description: |- + Identity: Managed identity of the Web Application Routing add-on. This is the identity that should be granted + permissions, for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See + [this overview of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) for more + instructions. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned identity.' + type: string + type: object + type: object + type: object kubernetesVersion: description: |- - KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All - upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or - 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> + 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: @@ -23318,6 +23651,20 @@ spec: maxAgentPools: description: 'MaxAgentPools: The max number of agent pools for the managed cluster.' type: integer + metricsProfile: + description: 'MetricsProfile: Optional cluster metrics configuration.' + properties: + costAnalysis: + description: 'CostAnalysis: The cost analysis configuration for the cluster' + properties: + enabled: + description: |- + Enabled: The Managed Cluster sku.tier must be set to 'Standard' to enable this feature. Enabling this will add + Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the + default is false. For more information see aka.ms/aks/docs/cost-analysis. + type: boolean + type: object + type: object name: description: 'Name: The name of the resource' type: string @@ -23334,8 +23681,42 @@ spec: IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value is IPv4. For dual-stack, the expected values are IPv4 and IPv6. items: + description: To determine if address belongs IPv4 or IPv6 family. type: string type: array + kubeProxyConfig: + description: |- + KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - string. Kubernetes version 1.23 would be '1-23'. + properties: + enabled: + description: |- + Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by + default without these customizations). + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + type: string + tcpFinTimeoutSeconds: + description: |- + TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive + integer value. + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used for idle IPVS TCP sessions in seconds. Must be a positive integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used for IPVS UDP packets in seconds. Must be a positive integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' or ''IPVS'')' + type: string + type: object loadBalancerProfile: description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: @@ -23414,6 +23795,15 @@ spec: SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load balancer SKUs. type: string + monitoring: + description: |- + Monitoring: This addon can be used to configure network monitoring and generate network monitoring data in Prometheus + format + properties: + enabled: + description: 'Enabled: Enable or disable the network monitoring plugin on the cluster' + type: boolean + type: object natGatewayProfile: description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: @@ -23452,7 +23842,7 @@ spec: description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' type: string networkPluginMode: - description: 'NetworkPluginMode: The mode the network plugin should use.' + description: 'NetworkPluginMode: Network plugin mode used for building the Kubernetes network.' type: string networkPolicy: description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' @@ -23485,9 +23875,23 @@ spec: type: string type: array type: object + nodeProvisioningProfile: + description: 'NodeProvisioningProfile: Node provisioning settings that apply to the whole cluster.' + properties: + mode: + description: 'Mode: Once the mode it set to Auto, it cannot be changed back to Manual.' + type: string + type: object nodeResourceGroup: description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied to the cluster''s node resource group' + type: string + type: object oidcIssuerProfile: description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: @@ -23649,6 +24053,28 @@ spec: ResourceUID: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create sequence) type: string + safeguardsProfile: + description: 'SafeguardsProfile: The Safeguards profile holds all the safeguards information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded from Safeguards checks' + items: + type: string + type: array + level: + description: |- + Level: The Safeguards level to be used. By default, Safeguards is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces + type: string + systemExcludedNamespaces: + description: 'SystemExcludedNamespaces: List of namespaces specified by AKS to be excluded from Safeguards' + items: + type: string + type: array + version: + description: 'Version: The version of constraints to use' + type: string + type: object securityProfile: description: 'SecurityProfile: Security profile for the managed cluster.' properties: @@ -23679,6 +24105,14 @@ spec: be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. type: string type: object + customCATrustCertificates: + description: |- + CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the + Custom CA Trust feature enabled. For more information see [Custom CA Trust + Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) + items: + type: string + type: array defender: description: 'Defender: Microsoft Defender settings for the security profile.' properties: @@ -23706,6 +24140,26 @@ spec: description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object + imageIntegrity: + description: |- + ImageIntegrity: Image integrity is a feature that works with Azure Policy to verify image integrity by signature. This + will not have any effect unless Azure Policy is applied to enforce image signatures. See + https://aka.ms/aks/image-integrity for how to use this feature via policy. + properties: + enabled: + description: 'Enabled: Whether to enable image integrity. The default value is false.' + type: boolean + type: object + nodeRestriction: + description: |- + NodeRestriction: [Node + Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings + for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object workloadIdentity: description: |- WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications @@ -23831,6 +24285,9 @@ spec: enabled: description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. The default value is v1.' + type: string type: object fileCSIDriver: description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' @@ -23951,10 +24408,12 @@ spec: type: boolean type: object verticalPodAutoscaler: - description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' properties: + addonAutoscaling: + description: 'AddonAutoscaling: Whether VPA add-on is enabled and configured to scale AKS-managed add-ons.' + type: string enabled: - description: 'Enabled: Whether to enable VPA. Default value is false.' + description: 'Enabled: Whether to enable VPA add-on in cluster. Default value is false.' type: boolean type: object type: object @@ -23977,13 +24436,13 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20231001storage + name: v1api20231102previewstorage schema: openAPIV3Schema: description: |- - Storage version of v1api20231001.ManagedCluster + Storage version of v1api20231102preview.ManagedCluster Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-11-02-preview/managedClusters.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} properties: apiVersion: @@ -24004,7 +24463,7 @@ spec: metadata: type: object spec: - description: Storage version of v1api20231001.ManagedCluster_Spec + description: Storage version of v1api20231102preview.ManagedCluster_Spec properties: $propertyBag: additionalProperties: @@ -24015,7 +24474,7 @@ spec: type: object aadProfile: description: |- - Storage version of v1api20231001.ManagedClusterAADProfile + Storage version of v1api20231102preview.ManagedClusterAADProfile For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: $propertyBag: @@ -24045,7 +24504,7 @@ spec: addonProfiles: additionalProperties: description: |- - Storage version of v1api20231001.ManagedClusterAddonProfile + Storage version of v1api20231102preview.ManagedClusterAddonProfile A Kubernetes add-on profile for a managed cluster. properties: $propertyBag: @@ -24066,7 +24525,7 @@ spec: agentPoolProfiles: items: description: |- - Storage version of v1api20231001.ManagedClusterAgentPoolProfile + Storage version of v1api20231102preview.ManagedClusterAgentPoolProfile Profile for the container service agent pool. properties: $propertyBag: @@ -24076,6 +24535,19 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + artifactStreamingProfile: + description: Storage version of v1api20231102preview.AgentPoolArtifactStreamingProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object availabilityZones: items: type: string @@ -24104,7 +24576,7 @@ spec: type: integer creationData: description: |- - Storage version of v1api20231001.CreationData + Storage version of v1api20231102preview.CreationData Data used when creating a target resource from a source resource. properties: $propertyBag: @@ -24137,6 +24609,8 @@ spec: type: object enableAutoScaling: type: boolean + enableCustomCATrust: + type: boolean enableEncryptionAtHost: type: boolean enableFIPS: @@ -24147,6 +24621,19 @@ spec: type: boolean gpuInstanceProfile: type: string + gpuProfile: + description: Storage version of v1api20231102preview.AgentPoolGPUProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + installGPUDriver: + type: boolean + type: object hostGroupReference: description: |- HostGroupReference: This is of the form: @@ -24172,7 +24659,7 @@ spec: type: object kubeletConfig: description: |- - Storage version of v1api20231001.KubeletConfig + Storage version of v1api20231102preview.KubeletConfig See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: @@ -24211,7 +24698,7 @@ spec: type: string linuxOSConfig: description: |- - Storage version of v1api20231001.LinuxOSConfig + Storage version of v1api20231102preview.LinuxOSConfig See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: @@ -24225,7 +24712,7 @@ spec: type: integer sysctls: description: |- - Storage version of v1api20231001.SysctlConfig + Storage version of v1api20231102preview.SysctlConfig Sysctl settings for Linux agent nodes. properties: $propertyBag: @@ -24301,6 +24788,8 @@ spec: type: integer maxPods: type: integer + messageOfTheDay: + type: string minCount: type: integer mode: @@ -24309,7 +24798,7 @@ spec: type: string networkProfile: description: |- - Storage version of v1api20231001.AgentPoolNetworkProfile + Storage version of v1api20231102preview.AgentPoolNetworkProfile Network settings of an agent pool. properties: $propertyBag: @@ -24322,7 +24811,7 @@ spec: allowedHostPorts: items: description: |- - Storage version of v1api20231001.PortRange + Storage version of v1api20231102preview.PortRange The port range. properties: $propertyBag: @@ -24365,7 +24854,7 @@ spec: nodePublicIPTags: items: description: |- - Storage version of v1api20231001.IPTag + Storage version of v1api20231102preview.IPTag Contains the IPTag associated with the object. properties: $propertyBag: @@ -24382,6 +24871,10 @@ spec: type: object type: array type: object + nodeInitializationTaints: + items: + type: string + type: array nodeLabels: additionalProperties: type: string @@ -24447,7 +24940,7 @@ spec: type: object powerState: description: |- - Storage version of v1api20231001.PowerState + Storage version of v1api20231102preview.PowerState Describes the Power State of the cluster properties: $propertyBag: @@ -24486,6 +24979,25 @@ spec: type: string scaleSetPriority: type: string + securityProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolSecurityProfile + The security settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enableSecureBoot: + type: boolean + enableVTPM: + type: boolean + sshAccess: + type: string + type: object spotMaxPrice: type: number tags: @@ -24496,7 +25008,7 @@ spec: type: string upgradeSettings: description: |- - Storage version of v1api20231001.AgentPoolUpgradeSettings + Storage version of v1api20231102preview.AgentPoolUpgradeSettings Settings for upgrading an agentpool properties: $propertyBag: @@ -24510,6 +25022,74 @@ spec: type: integer maxSurge: type: string + nodeSoakDurationInMinutes: + type: integer + type: object + virtualMachineNodesStatus: + items: + description: |- + Storage version of v1api20231102preview.VirtualMachineNodes + Current status on a group of nodes of the same vm size. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + description: |- + Storage version of v1api20231102preview.VirtualMachinesProfile + Specifications on VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scale: + description: |- + Storage version of v1api20231102preview.ScaleProfile + Specifications on how to scale a VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + manual: + items: + description: |- + Storage version of v1api20231102preview.ManualScaleProfile + Specifications on number of machines. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + type: object type: object vmSize: type: string @@ -24536,13 +25116,45 @@ spec: description: Name is the Kubernetes name of the resource. type: string type: object + windowsProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolWindowsProfile + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object workloadRuntime: type: string type: object type: array + aiToolchainOperatorProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterAIToolchainOperatorProfile + When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator + automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and + enables distributed inference against them. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object apiServerAccessProfile: description: |- - Storage version of v1api20231001.ManagedClusterAPIServerAccessProfile + Storage version of v1api20231102preview.ManagedClusterAPIServerAccessProfile Access profile for managed cluster API server. properties: $propertyBag: @@ -24562,11 +25174,15 @@ spec: type: boolean enablePrivateClusterPublicFQDN: type: boolean + enableVnetIntegration: + type: boolean privateDNSZone: type: string + subnetId: + type: string type: object autoScalerProfile: - description: Storage version of v1api20231001.ManagedClusterProperties_AutoScalerProfile + description: Storage version of v1api20231102preview.ManagedClusterProperties_AutoScalerProfile properties: $propertyBag: additionalProperties: @@ -24577,8 +25193,14 @@ spec: type: object balance-similar-node-groups: type: string + daemonset-eviction-for-empty-nodes: + type: boolean + daemonset-eviction-for-occupied-nodes: + type: boolean expander: type: string + ignore-daemonsets-utilization: + type: boolean max-empty-bulk-delete: type: string max-graceful-termination-sec: @@ -24612,7 +25234,7 @@ spec: type: object autoUpgradeProfile: description: |- - Storage version of v1api20231001.ManagedClusterAutoUpgradeProfile + Storage version of v1api20231102preview.ManagedClusterAutoUpgradeProfile Auto upgrade profile for a managed cluster. properties: $propertyBag: @@ -24629,8 +25251,8 @@ spec: type: object azureMonitorProfile: description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfile - Azure Monitor addon profiles for monitoring the managed cluster. + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfile + Prometheus addon profile for the container service cluster properties: $propertyBag: additionalProperties: @@ -24639,12 +25261,95 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + logs: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileLogs + Logs profile for the Azure Monitor Infrastructure and Application Logs. Collect out-of-the-box Kubernetes infrastructure + & application logs to send to Azure Monitor. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + appMonitoring: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoring + Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces + through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + containerInsights: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileContainerInsights + Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See + aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing + Azure Monitor Container Insights Logs. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsHostLogs: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileWindowsHostLogs + Windows Host Logs Profile for Kubernetes Windows Nodes Log Collection. Collects ETW, Event Logs and Text logs etc. See + aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + type: object metrics: description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfileMetrics - Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileMetrics + Metrics profile for the prometheus service addon properties: $propertyBag: additionalProperties: @@ -24653,14 +25358,29 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + appMonitoringOpenTelemetryMetrics: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics + Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects + OpenTelemetry metrics through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object enabled: type: boolean kubeStateMetrics: description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfileKubeStateMetrics - Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileKubeStateMetrics + Kube State Metrics for prometheus addon profile for the container service cluster properties: $propertyBag: additionalProperties: @@ -24681,6 +25401,39 @@ spec: AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn't have to be. type: string + creationData: + description: |- + Storage version of v1api20231102preview.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object disableLocalAccounts: type: boolean diskEncryptionSetReference: @@ -24707,13 +25460,15 @@ spec: type: object dnsPrefix: type: string + enableNamespaceResources: + type: boolean enablePodSecurityPolicy: type: boolean enableRBAC: type: boolean extendedLocation: description: |- - Storage version of v1api20231001.ExtendedLocation + Storage version of v1api20231102preview.ExtendedLocation The complex type of the extended location. properties: $propertyBag: @@ -24732,7 +25487,7 @@ spec: type: string httpProxyConfig: description: |- - Storage version of v1api20231001.ManagedClusterHTTPProxyConfig + Storage version of v1api20231102preview.ManagedClusterHTTPProxyConfig Cluster HTTP proxy configuration. properties: $propertyBag: @@ -24755,7 +25510,7 @@ spec: type: object identity: description: |- - Storage version of v1api20231001.ManagedClusterIdentity + Storage version of v1api20231102preview.ManagedClusterIdentity Identity for the managed cluster. properties: $propertyBag: @@ -24768,7 +25523,7 @@ spec: delegatedResources: additionalProperties: description: |- - Storage version of v1api20231001.DelegatedResource + Storage version of v1api20231102preview.DelegatedResource Delegated resource properties - internal use only. properties: $propertyBag: @@ -24811,7 +25566,7 @@ spec: userAssignedIdentities: items: description: |- - Storage version of v1api20231001.UserAssignedIdentityDetails + Storage version of v1api20231102preview.UserAssignedIdentityDetails Information about the user assigned identity for the resource properties: $propertyBag: @@ -24847,7 +25602,7 @@ spec: identityProfile: additionalProperties: description: |- - Storage version of v1api20231001.UserAssignedIdentity + Storage version of v1api20231102preview.UserAssignedIdentity Details about a user assigned identity. properties: $propertyBag: @@ -24883,11 +25638,61 @@ spec: type: object type: object type: object + ingressProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterIngressProfile + Ingress profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + webAppRouting: + description: |- + Storage version of v1api20231102preview.ManagedClusterIngressProfileWebAppRouting + Web App Routing settings for the ingress profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsZoneResourceReferences: + items: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + enabled: + type: boolean + type: object + type: object kubernetesVersion: type: string linuxProfile: description: |- - Storage version of v1api20231001.ContainerServiceLinuxProfile + Storage version of v1api20231102preview.ContainerServiceLinuxProfile Profile for Linux VMs in the container service cluster. properties: $propertyBag: @@ -24901,7 +25706,7 @@ spec: type: string ssh: description: |- - Storage version of v1api20231001.ContainerServiceSshConfiguration + Storage version of v1api20231102preview.ContainerServiceSshConfiguration SSH configuration for Linux-based VMs running on Azure. properties: $propertyBag: @@ -24914,7 +25719,7 @@ spec: publicKeys: items: description: |- - Storage version of v1api20231001.ContainerServiceSshPublicKey + Storage version of v1api20231102preview.ContainerServiceSshPublicKey Contains information about SSH certificate public key data. properties: $propertyBag: @@ -24932,9 +25737,37 @@ spec: type: object location: type: string + metricsProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterMetricsProfile + The metrics profile for the ManagedCluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + costAnalysis: + description: |- + Storage version of v1api20231102preview.ManagedClusterCostAnalysis + The cost analysis configuration for the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object networkProfile: description: |- - Storage version of v1api20231001.ContainerServiceNetworkProfile + Storage version of v1api20231102preview.ContainerServiceNetworkProfile Profile of network configuration. properties: $propertyBag: @@ -24950,9 +25783,43 @@ spec: items: type: string type: array + kubeProxyConfig: + description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + ipvsConfig: + description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scheduler: + type: string + tcpFinTimeoutSeconds: + type: integer + tcpTimeoutSeconds: + type: integer + udpTimeoutSeconds: + type: integer + type: object + mode: + type: string + type: object loadBalancerProfile: description: |- - Storage version of v1api20231001.ManagedClusterLoadBalancerProfile + Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile Profile of the managed cluster load balancer. properties: $propertyBag: @@ -24969,7 +25836,7 @@ spec: effectiveOutboundIPs: items: description: |- - Storage version of v1api20231001.ResourceReference + Storage version of v1api20231102preview.ResourceReference A reference to an Azure resource. properties: $propertyBag: @@ -25006,7 +25873,7 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs properties: $propertyBag: additionalProperties: @@ -25021,7 +25888,7 @@ spec: type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes properties: $propertyBag: additionalProperties: @@ -25033,7 +25900,7 @@ spec: publicIPPrefixes: items: description: |- - Storage version of v1api20231001.ResourceReference + Storage version of v1api20231102preview.ResourceReference A reference to an Azure resource. properties: $propertyBag: @@ -25067,7 +25934,7 @@ spec: type: array type: object outboundIPs: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPs + description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPs properties: $propertyBag: additionalProperties: @@ -25079,7 +25946,7 @@ spec: publicIPs: items: description: |- - Storage version of v1api20231001.ResourceReference + Storage version of v1api20231102preview.ResourceReference A reference to an Azure resource. properties: $propertyBag: @@ -25115,9 +25982,24 @@ spec: type: object loadBalancerSku: type: string + monitoring: + description: |- + Storage version of v1api20231102preview.NetworkMonitoring + This addon can be used to configure network monitoring and generate network monitoring data in Prometheus format + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object natGatewayProfile: description: |- - Storage version of v1api20231001.ManagedClusterNATGatewayProfile + Storage version of v1api20231102preview.ManagedClusterNATGatewayProfile Profile of the managed cluster NAT gateway. properties: $propertyBag: @@ -25130,7 +26012,7 @@ spec: effectiveOutboundIPs: items: description: |- - Storage version of v1api20231001.ResourceReference + Storage version of v1api20231102preview.ResourceReference A reference to an Azure resource. properties: $propertyBag: @@ -25166,7 +26048,7 @@ spec: type: integer managedOutboundIPProfile: description: |- - Storage version of v1api20231001.ManagedClusterManagedOutboundIPProfile + Storage version of v1api20231102preview.ManagedClusterManagedOutboundIPProfile Profile of the managed outbound IP resources of the managed cluster. properties: $propertyBag: @@ -25205,11 +26087,39 @@ spec: type: string type: array type: object + nodeProvisioningProfile: + description: Storage version of v1api20231102preview.ManagedClusterNodeProvisioningProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + mode: + type: string + type: object nodeResourceGroup: type: string + nodeResourceGroupProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterNodeResourceGroupProfile + Node resource group lockdown profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + restrictionLevel: + type: string + type: object oidcIssuerProfile: description: |- - Storage version of v1api20231001.ManagedClusterOIDCIssuerProfile + Storage version of v1api20231102preview.ManagedClusterOIDCIssuerProfile The OIDC issuer profile of the Managed Cluster. properties: $propertyBag: @@ -25224,7 +26134,7 @@ spec: type: object operatorSpec: description: |- - Storage version of v1api20231001.ManagedClusterOperatorSpec + Storage version of v1api20231102preview.ManagedClusterOperatorSpec Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: @@ -25235,7 +26145,7 @@ spec: resources, allowing for full fidelity round trip conversions type: object configMaps: - description: Storage version of v1api20231001.ManagedClusterOperatorConfigMaps + description: Storage version of v1api20231102preview.ManagedClusterOperatorConfigMaps properties: $propertyBag: additionalProperties: @@ -25261,26 +26171,9 @@ spec: - key - name type: object - principalId: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to SecretDestination in secrets.go. Changes to one should likely also be made to the other. - properties: - key: - description: Key is the key in the ConfigMap being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes ConfigMap being referenced. - The ConfigMap must be in the same namespace as the resource - type: string - required: - - key - - name - type: object type: object secrets: - description: Storage version of v1api20231001.ManagedClusterOperatorSecrets + description: Storage version of v1api20231102preview.ManagedClusterOperatorSecrets properties: $propertyBag: additionalProperties: @@ -25342,7 +26235,7 @@ spec: type: object podIdentityProfile: description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityProfile + Storage version of v1api20231102preview.ManagedClusterPodIdentityProfile See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod identity integration. properties: @@ -25360,7 +26253,7 @@ spec: userAssignedIdentities: items: description: |- - Storage version of v1api20231001.ManagedClusterPodIdentity + Storage version of v1api20231102preview.ManagedClusterPodIdentity Details about the pod identity assigned to the Managed Cluster. properties: $propertyBag: @@ -25374,7 +26267,7 @@ spec: type: string identity: description: |- - Storage version of v1api20231001.UserAssignedIdentity + Storage version of v1api20231102preview.UserAssignedIdentity Details about a user assigned identity. properties: $propertyBag: @@ -25418,7 +26311,7 @@ spec: userAssignedIdentityExceptions: items: description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityException + Storage version of v1api20231102preview.ManagedClusterPodIdentityException See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: @@ -25443,7 +26336,7 @@ spec: privateLinkResources: items: description: |- - Storage version of v1api20231001.PrivateLinkResource + Storage version of v1api20231102preview.PrivateLinkResource A private link resource properties: $propertyBag: @@ -25487,9 +26380,30 @@ spec: type: array publicNetworkAccess: type: string + safeguardsProfile: + description: |- + Storage version of v1api20231102preview.SafeguardsProfile + The Safeguards profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + excludedNamespaces: + items: + type: string + type: array + level: + type: string + version: + type: string + type: object securityProfile: description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfile + Storage version of v1api20231102preview.ManagedClusterSecurityProfile Security profile for the container service cluster. properties: $propertyBag: @@ -25501,7 +26415,7 @@ spec: type: object azureKeyVaultKms: description: |- - Storage version of v1api20231001.AzureKeyVaultKms + Storage version of v1api20231102preview.AzureKeyVaultKms Azure Key Vault key management service settings for the security profile. properties: $propertyBag: @@ -25540,9 +26454,13 @@ spec: type: string type: object type: object + customCATrustCertificates: + items: + type: string + type: array defender: description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileDefender + Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefender Microsoft Defender settings for the security profile. properties: $propertyBag: @@ -25577,7 +26495,7 @@ spec: type: object securityMonitoring: description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileDefenderSecurityMonitoring + Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring Microsoft Defender settings for the security profile threat detection. properties: $propertyBag: @@ -25593,7 +26511,7 @@ spec: type: object imageCleaner: description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileImageCleaner + Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageCleaner Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here are settings for the security profile. properties: @@ -25609,9 +26527,39 @@ spec: intervalHours: type: integer type: object + imageIntegrity: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageIntegrity + Image integrity related settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + nodeRestriction: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileNodeRestriction + Node Restriction settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object workloadIdentity: description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileWorkloadIdentity + Storage version of v1api20231102preview.ManagedClusterSecurityProfileWorkloadIdentity Workload identity settings for the security profile. properties: $propertyBag: @@ -25627,7 +26575,7 @@ spec: type: object serviceMeshProfile: description: |- - Storage version of v1api20231001.ServiceMeshProfile + Storage version of v1api20231102preview.ServiceMeshProfile Service mesh profile for a managed cluster. properties: $propertyBag: @@ -25639,7 +26587,7 @@ spec: type: object istio: description: |- - Storage version of v1api20231001.IstioServiceMesh + Storage version of v1api20231102preview.IstioServiceMesh Istio service mesh configuration. properties: $propertyBag: @@ -25651,7 +26599,7 @@ spec: type: object certificateAuthority: description: |- - Storage version of v1api20231001.IstioCertificateAuthority + Storage version of v1api20231102preview.IstioCertificateAuthority Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described here https://aka.ms/asm-plugin-ca properties: @@ -25664,7 +26612,7 @@ spec: type: object plugin: description: |- - Storage version of v1api20231001.IstioPluginCertificateAuthority + Storage version of v1api20231102preview.IstioPluginCertificateAuthority Plugin certificates information for Service Mesh. properties: $propertyBag: @@ -25706,7 +26654,7 @@ spec: type: object components: description: |- - Storage version of v1api20231001.IstioComponents + Storage version of v1api20231102preview.IstioComponents Istio components configuration. properties: $propertyBag: @@ -25719,7 +26667,7 @@ spec: egressGateways: items: description: |- - Storage version of v1api20231001.IstioEgressGateway + Storage version of v1api20231102preview.IstioEgressGateway Istio egress gateway configuration. properties: $propertyBag: @@ -25740,7 +26688,7 @@ spec: ingressGateways: items: description: |- - Storage version of v1api20231001.IstioIngressGateway + Storage version of v1api20231102preview.IstioIngressGateway Istio ingress gateway configuration. For now, we support up to one external ingress gateway named `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: @@ -25768,7 +26716,7 @@ spec: type: object servicePrincipalProfile: description: |- - Storage version of v1api20231001.ManagedClusterServicePrincipalProfile + Storage version of v1api20231102preview.ManagedClusterServicePrincipalProfile Information about a service principal identity for the cluster to use for manipulating Azure APIs. properties: $propertyBag: @@ -25800,7 +26748,7 @@ spec: type: object sku: description: |- - Storage version of v1api20231001.ManagedClusterSKU + Storage version of v1api20231102preview.ManagedClusterSKU The SKU of a Managed Cluster. properties: $propertyBag: @@ -25817,7 +26765,7 @@ spec: type: object storageProfile: description: |- - Storage version of v1api20231001.ManagedClusterStorageProfile + Storage version of v1api20231102preview.ManagedClusterStorageProfile Storage profile for the container service cluster. properties: $propertyBag: @@ -25829,7 +26777,7 @@ spec: type: object blobCSIDriver: description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileBlobCSIDriver + Storage version of v1api20231102preview.ManagedClusterStorageProfileBlobCSIDriver AzureBlob CSI Driver settings for the storage profile. properties: $propertyBag: @@ -25844,7 +26792,7 @@ spec: type: object diskCSIDriver: description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileDiskCSIDriver + Storage version of v1api20231102preview.ManagedClusterStorageProfileDiskCSIDriver AzureDisk CSI Driver settings for the storage profile. properties: $propertyBag: @@ -25856,10 +26804,12 @@ spec: type: object enabled: type: boolean + version: + type: string type: object fileCSIDriver: description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileFileCSIDriver + Storage version of v1api20231102preview.ManagedClusterStorageProfileFileCSIDriver AzureFile CSI Driver settings for the storage profile. properties: $propertyBag: @@ -25874,7 +26824,7 @@ spec: type: object snapshotController: description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileSnapshotController + Storage version of v1api20231102preview.ManagedClusterStorageProfileSnapshotController Snapshot Controller settings for the storage profile. properties: $propertyBag: @@ -25896,7 +26846,7 @@ spec: type: object upgradeSettings: description: |- - Storage version of v1api20231001.ClusterUpgradeSettings + Storage version of v1api20231102preview.ClusterUpgradeSettings Settings for upgrading a cluster. properties: $propertyBag: @@ -25908,7 +26858,7 @@ spec: type: object overrideSettings: description: |- - Storage version of v1api20231001.UpgradeOverrideSettings + Storage version of v1api20231102preview.UpgradeOverrideSettings Settings for overrides when upgrading a cluster. properties: $propertyBag: @@ -25926,7 +26876,7 @@ spec: type: object windowsProfile: description: |- - Storage version of v1api20231001.ManagedClusterWindowsProfile + Storage version of v1api20231102preview.ManagedClusterWindowsProfile Profile for Windows VMs in the managed cluster. properties: $propertyBag: @@ -25959,7 +26909,7 @@ spec: type: boolean gmsaProfile: description: |- - Storage version of v1api20231001.WindowsGmsaProfile + Storage version of v1api20231102preview.WindowsGmsaProfile Windows gMSA Profile in the managed cluster. properties: $propertyBag: @@ -25981,7 +26931,7 @@ spec: type: object workloadAutoScalerProfile: description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfile + Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfile Workload Auto-scaler profile for the managed cluster. properties: $propertyBag: @@ -25993,7 +26943,7 @@ spec: type: object keda: description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileKeda + Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileKeda KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. properties: $propertyBag: @@ -26007,9 +26957,7 @@ spec: type: boolean type: object verticalPodAutoscaler: - description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler - VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. + description: Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler properties: $propertyBag: additionalProperties: @@ -26018,6 +26966,8 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + addonAutoscaling: + type: string enabled: type: boolean type: object @@ -26027,7 +26977,7 @@ spec: type: object status: description: |- - Storage version of v1api20231001.ManagedCluster_STATUS + Storage version of v1api20231102preview.ManagedCluster_STATUS Managed cluster. properties: $propertyBag: @@ -26039,7 +26989,7 @@ spec: type: object aadProfile: description: |- - Storage version of v1api20231001.ManagedClusterAADProfile_STATUS + Storage version of v1api20231102preview.ManagedClusterAADProfile_STATUS For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: $propertyBag: @@ -26069,7 +27019,7 @@ spec: addonProfiles: additionalProperties: description: |- - Storage version of v1api20231001.ManagedClusterAddonProfile_STATUS + Storage version of v1api20231102preview.ManagedClusterAddonProfile_STATUS A Kubernetes add-on profile for a managed cluster. properties: $propertyBag: @@ -26087,7 +27037,7 @@ spec: type: boolean identity: description: |- - Storage version of v1api20231001.UserAssignedIdentity_STATUS + Storage version of v1api20231102preview.UserAssignedIdentity_STATUS Details about a user assigned identity. properties: $propertyBag: @@ -26109,7 +27059,7 @@ spec: agentPoolProfiles: items: description: |- - Storage version of v1api20231001.ManagedClusterAgentPoolProfile_STATUS + Storage version of v1api20231102preview.ManagedClusterAgentPoolProfile_STATUS Profile for the container service agent pool. properties: $propertyBag: @@ -26119,6 +27069,19 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + artifactStreamingProfile: + description: Storage version of v1api20231102preview.AgentPoolArtifactStreamingProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object availabilityZones: items: type: string @@ -26129,7 +27092,7 @@ spec: type: integer creationData: description: |- - Storage version of v1api20231001.CreationData_STATUS + Storage version of v1api20231102preview.CreationData_STATUS Data used when creating a target resource from a source resource. properties: $propertyBag: @@ -26146,6 +27109,8 @@ spec: type: string enableAutoScaling: type: boolean + enableCustomCATrust: + type: boolean enableEncryptionAtHost: type: boolean enableFIPS: @@ -26156,11 +27121,24 @@ spec: type: boolean gpuInstanceProfile: type: string + gpuProfile: + description: Storage version of v1api20231102preview.AgentPoolGPUProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + installGPUDriver: + type: boolean + type: object hostGroupID: type: string kubeletConfig: description: |- - Storage version of v1api20231001.KubeletConfig_STATUS + Storage version of v1api20231102preview.KubeletConfig_STATUS See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: @@ -26199,7 +27177,7 @@ spec: type: string linuxOSConfig: description: |- - Storage version of v1api20231001.LinuxOSConfig_STATUS + Storage version of v1api20231102preview.LinuxOSConfig_STATUS See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: @@ -26213,7 +27191,7 @@ spec: type: integer sysctls: description: |- - Storage version of v1api20231001.SysctlConfig_STATUS + Storage version of v1api20231102preview.SysctlConfig_STATUS Sysctl settings for Linux agent nodes. properties: $propertyBag: @@ -26289,6 +27267,8 @@ spec: type: integer maxPods: type: integer + messageOfTheDay: + type: string minCount: type: integer mode: @@ -26297,7 +27277,7 @@ spec: type: string networkProfile: description: |- - Storage version of v1api20231001.AgentPoolNetworkProfile_STATUS + Storage version of v1api20231102preview.AgentPoolNetworkProfile_STATUS Network settings of an agent pool. properties: $propertyBag: @@ -26310,7 +27290,7 @@ spec: allowedHostPorts: items: description: |- - Storage version of v1api20231001.PortRange_STATUS + Storage version of v1api20231102preview.PortRange_STATUS The port range. properties: $propertyBag: @@ -26335,7 +27315,7 @@ spec: nodePublicIPTags: items: description: |- - Storage version of v1api20231001.IPTag_STATUS + Storage version of v1api20231102preview.IPTag_STATUS Contains the IPTag associated with the object. properties: $propertyBag: @@ -26354,6 +27334,10 @@ spec: type: object nodeImageVersion: type: string + nodeInitializationTaints: + items: + type: string + type: array nodeLabels: additionalProperties: type: string @@ -26378,7 +27362,7 @@ spec: type: string powerState: description: |- - Storage version of v1api20231001.PowerState_STATUS + Storage version of v1api20231102preview.PowerState_STATUS Describes the Power State of the cluster properties: $propertyBag: @@ -26401,6 +27385,25 @@ spec: type: string scaleSetPriority: type: string + securityProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolSecurityProfile_STATUS + The security settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enableSecureBoot: + type: boolean + enableVTPM: + type: boolean + sshAccess: + type: string + type: object spotMaxPrice: type: number tags: @@ -26411,7 +27414,7 @@ spec: type: string upgradeSettings: description: |- - Storage version of v1api20231001.AgentPoolUpgradeSettings_STATUS + Storage version of v1api20231102preview.AgentPoolUpgradeSettings_STATUS Settings for upgrading an agentpool properties: $propertyBag: @@ -26425,18 +27428,118 @@ spec: type: integer maxSurge: type: string + nodeSoakDurationInMinutes: + type: integer + type: object + virtualMachineNodesStatus: + items: + description: |- + Storage version of v1api20231102preview.VirtualMachineNodes_STATUS + Current status on a group of nodes of the same vm size. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + description: |- + Storage version of v1api20231102preview.VirtualMachinesProfile_STATUS + Specifications on VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scale: + description: |- + Storage version of v1api20231102preview.ScaleProfile_STATUS + Specifications on how to scale a VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + manual: + items: + description: |- + Storage version of v1api20231102preview.ManualScaleProfile_STATUS + Specifications on number of machines. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + type: object type: object vmSize: type: string vnetSubnetID: type: string + windowsProfile: + description: |- + Storage version of v1api20231102preview.AgentPoolWindowsProfile_STATUS + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object workloadRuntime: type: string type: object type: array + aiToolchainOperatorProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterAIToolchainOperatorProfile_STATUS + When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator + automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and + enables distributed inference against them. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object apiServerAccessProfile: description: |- - Storage version of v1api20231001.ManagedClusterAPIServerAccessProfile_STATUS + Storage version of v1api20231102preview.ManagedClusterAPIServerAccessProfile_STATUS Access profile for managed cluster API server. properties: $propertyBag: @@ -26456,11 +27559,15 @@ spec: type: boolean enablePrivateClusterPublicFQDN: type: boolean + enableVnetIntegration: + type: boolean privateDNSZone: type: string + subnetId: + type: string type: object autoScalerProfile: - description: Storage version of v1api20231001.ManagedClusterProperties_AutoScalerProfile_STATUS + description: Storage version of v1api20231102preview.ManagedClusterProperties_AutoScalerProfile_STATUS properties: $propertyBag: additionalProperties: @@ -26471,8 +27578,14 @@ spec: type: object balance-similar-node-groups: type: string + daemonset-eviction-for-empty-nodes: + type: boolean + daemonset-eviction-for-occupied-nodes: + type: boolean expander: type: string + ignore-daemonsets-utilization: + type: boolean max-empty-bulk-delete: type: string max-graceful-termination-sec: @@ -26506,7 +27619,7 @@ spec: type: object autoUpgradeProfile: description: |- - Storage version of v1api20231001.ManagedClusterAutoUpgradeProfile_STATUS + Storage version of v1api20231102preview.ManagedClusterAutoUpgradeProfile_STATUS Auto upgrade profile for a managed cluster. properties: $propertyBag: @@ -26523,8 +27636,8 @@ spec: type: object azureMonitorProfile: description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfile_STATUS - Azure Monitor addon profiles for monitoring the managed cluster. + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfile_STATUS + Prometheus addon profile for the container service cluster properties: $propertyBag: additionalProperties: @@ -26533,12 +27646,75 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + logs: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileLogs_STATUS + Logs profile for the Azure Monitor Infrastructure and Application Logs. Collect out-of-the-box Kubernetes infrastructure + & application logs to send to Azure Monitor. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + appMonitoring: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoring_STATUS + Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces + through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + containerInsights: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileContainerInsights_STATUS + Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See + aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + logAnalyticsWorkspaceResourceId: + type: string + windowsHostLogs: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileWindowsHostLogs_STATUS + Windows Host Logs Profile for Kubernetes Windows Nodes Log Collection. Collects ETW, Event Logs and Text logs etc. See + aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + type: object metrics: description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfileMetrics_STATUS - Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileMetrics_STATUS + Metrics profile for the prometheus service addon properties: $propertyBag: additionalProperties: @@ -26547,14 +27723,29 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + appMonitoringOpenTelemetryMetrics: + description: |- + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics_STATUS + Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects + OpenTelemetry metrics through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object enabled: type: boolean kubeStateMetrics: description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS - Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. + Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + Kube State Metrics for prometheus addon profile for the container service cluster properties: $propertyBag: additionalProperties: @@ -26615,6 +27806,21 @@ spec: - type type: object type: array + creationData: + description: |- + Storage version of v1api20231102preview.CreationData_STATUS + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: + type: string + type: object currentKubernetesVersion: type: string disableLocalAccounts: @@ -26623,13 +27829,15 @@ spec: type: string dnsPrefix: type: string + enableNamespaceResources: + type: boolean enablePodSecurityPolicy: type: boolean enableRBAC: type: boolean extendedLocation: description: |- - Storage version of v1api20231001.ExtendedLocation_STATUS + Storage version of v1api20231102preview.ExtendedLocation_STATUS The complex type of the extended location. properties: $propertyBag: @@ -26650,7 +27858,7 @@ spec: type: string httpProxyConfig: description: |- - Storage version of v1api20231001.ManagedClusterHTTPProxyConfig_STATUS + Storage version of v1api20231102preview.ManagedClusterHTTPProxyConfig_STATUS Cluster HTTP proxy configuration. properties: $propertyBag: @@ -26660,6 +27868,10 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + effectiveNoProxy: + items: + type: string + type: array httpProxy: type: string httpsProxy: @@ -26675,7 +27887,7 @@ spec: type: string identity: description: |- - Storage version of v1api20231001.ManagedClusterIdentity_STATUS + Storage version of v1api20231102preview.ManagedClusterIdentity_STATUS Identity for the managed cluster. properties: $propertyBag: @@ -26688,7 +27900,7 @@ spec: delegatedResources: additionalProperties: description: |- - Storage version of v1api20231001.DelegatedResource_STATUS + Storage version of v1api20231102preview.DelegatedResource_STATUS Delegated resource properties - internal use only. properties: $propertyBag: @@ -26716,7 +27928,7 @@ spec: type: string userAssignedIdentities: additionalProperties: - description: Storage version of v1api20231001.ManagedClusterIdentity_UserAssignedIdentities_STATUS + description: Storage version of v1api20231102preview.ManagedClusterIdentity_UserAssignedIdentities_STATUS properties: $propertyBag: additionalProperties: @@ -26735,7 +27947,7 @@ spec: identityProfile: additionalProperties: description: |- - Storage version of v1api20231001.UserAssignedIdentity_STATUS + Storage version of v1api20231102preview.UserAssignedIdentity_STATUS Details about a user assigned identity. properties: $propertyBag: @@ -26753,11 +27965,62 @@ spec: type: string type: object type: object + ingressProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterIngressProfile_STATUS + Ingress profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + webAppRouting: + description: |- + Storage version of v1api20231102preview.ManagedClusterIngressProfileWebAppRouting_STATUS + Web App Routing settings for the ingress profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsZoneResourceIds: + items: + type: string + type: array + enabled: + type: boolean + identity: + description: |- + Storage version of v1api20231102preview.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + type: object + type: object kubernetesVersion: type: string linuxProfile: description: |- - Storage version of v1api20231001.ContainerServiceLinuxProfile_STATUS + Storage version of v1api20231102preview.ContainerServiceLinuxProfile_STATUS Profile for Linux VMs in the container service cluster. properties: $propertyBag: @@ -26771,7 +28034,7 @@ spec: type: string ssh: description: |- - Storage version of v1api20231001.ContainerServiceSshConfiguration_STATUS + Storage version of v1api20231102preview.ContainerServiceSshConfiguration_STATUS SSH configuration for Linux-based VMs running on Azure. properties: $propertyBag: @@ -26784,7 +28047,7 @@ spec: publicKeys: items: description: |- - Storage version of v1api20231001.ContainerServiceSshPublicKey_STATUS + Storage version of v1api20231102preview.ContainerServiceSshPublicKey_STATUS Contains information about SSH certificate public key data. properties: $propertyBag: @@ -26804,11 +28067,39 @@ spec: type: string maxAgentPools: type: integer + metricsProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterMetricsProfile_STATUS + The metrics profile for the ManagedCluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + costAnalysis: + description: |- + Storage version of v1api20231102preview.ManagedClusterCostAnalysis_STATUS + The cost analysis configuration for the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object name: type: string networkProfile: description: |- - Storage version of v1api20231001.ContainerServiceNetworkProfile_STATUS + Storage version of v1api20231102preview.ContainerServiceNetworkProfile_STATUS Profile of network configuration. properties: $propertyBag: @@ -26824,9 +28115,43 @@ spec: items: type: string type: array + kubeProxyConfig: + description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + ipvsConfig: + description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scheduler: + type: string + tcpFinTimeoutSeconds: + type: integer + tcpTimeoutSeconds: + type: integer + udpTimeoutSeconds: + type: integer + type: object + mode: + type: string + type: object loadBalancerProfile: description: |- - Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_STATUS + Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_STATUS Profile of the managed cluster load balancer. properties: $propertyBag: @@ -26843,7 +28168,7 @@ spec: effectiveOutboundIPs: items: description: |- - Storage version of v1api20231001.ResourceReference_STATUS + Storage version of v1api20231102preview.ResourceReference_STATUS A reference to an Azure resource. properties: $propertyBag: @@ -26862,7 +28187,7 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS properties: $propertyBag: additionalProperties: @@ -26877,7 +28202,7 @@ spec: type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS properties: $propertyBag: additionalProperties: @@ -26889,7 +28214,7 @@ spec: publicIPPrefixes: items: description: |- - Storage version of v1api20231001.ResourceReference_STATUS + Storage version of v1api20231102preview.ResourceReference_STATUS A reference to an Azure resource. properties: $propertyBag: @@ -26905,7 +28230,7 @@ spec: type: array type: object outboundIPs: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS properties: $propertyBag: additionalProperties: @@ -26917,7 +28242,7 @@ spec: publicIPs: items: description: |- - Storage version of v1api20231001.ResourceReference_STATUS + Storage version of v1api20231102preview.ResourceReference_STATUS A reference to an Azure resource. properties: $propertyBag: @@ -26935,9 +28260,24 @@ spec: type: object loadBalancerSku: type: string + monitoring: + description: |- + Storage version of v1api20231102preview.NetworkMonitoring_STATUS + This addon can be used to configure network monitoring and generate network monitoring data in Prometheus format + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object natGatewayProfile: description: |- - Storage version of v1api20231001.ManagedClusterNATGatewayProfile_STATUS + Storage version of v1api20231102preview.ManagedClusterNATGatewayProfile_STATUS Profile of the managed cluster NAT gateway. properties: $propertyBag: @@ -26950,7 +28290,7 @@ spec: effectiveOutboundIPs: items: description: |- - Storage version of v1api20231001.ResourceReference_STATUS + Storage version of v1api20231102preview.ResourceReference_STATUS A reference to an Azure resource. properties: $propertyBag: @@ -26968,7 +28308,7 @@ spec: type: integer managedOutboundIPProfile: description: |- - Storage version of v1api20231001.ManagedClusterManagedOutboundIPProfile_STATUS + Storage version of v1api20231102preview.ManagedClusterManagedOutboundIPProfile_STATUS Profile of the managed outbound IP resources of the managed cluster. properties: $propertyBag: @@ -27007,11 +28347,39 @@ spec: type: string type: array type: object + nodeProvisioningProfile: + description: Storage version of v1api20231102preview.ManagedClusterNodeProvisioningProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + mode: + type: string + type: object nodeResourceGroup: type: string + nodeResourceGroupProfile: + description: |- + Storage version of v1api20231102preview.ManagedClusterNodeResourceGroupProfile_STATUS + Node resource group lockdown profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + restrictionLevel: + type: string + type: object oidcIssuerProfile: description: |- - Storage version of v1api20231001.ManagedClusterOIDCIssuerProfile_STATUS + Storage version of v1api20231102preview.ManagedClusterOIDCIssuerProfile_STATUS The OIDC issuer profile of the Managed Cluster. properties: $propertyBag: @@ -27028,7 +28396,7 @@ spec: type: object podIdentityProfile: description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityProfile_STATUS + Storage version of v1api20231102preview.ManagedClusterPodIdentityProfile_STATUS See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod identity integration. properties: @@ -27046,7 +28414,7 @@ spec: userAssignedIdentities: items: description: |- - Storage version of v1api20231001.ManagedClusterPodIdentity_STATUS + Storage version of v1api20231102preview.ManagedClusterPodIdentity_STATUS Details about the pod identity assigned to the Managed Cluster. properties: $propertyBag: @@ -27060,7 +28428,7 @@ spec: type: string identity: description: |- - Storage version of v1api20231001.UserAssignedIdentity_STATUS + Storage version of v1api20231102preview.UserAssignedIdentity_STATUS Details about a user assigned identity. properties: $propertyBag: @@ -27082,7 +28450,7 @@ spec: namespace: type: string provisioningInfo: - description: Storage version of v1api20231001.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + description: Storage version of v1api20231102preview.ManagedClusterPodIdentity_ProvisioningInfo_STATUS properties: $propertyBag: additionalProperties: @@ -27093,7 +28461,7 @@ spec: type: object error: description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningError_STATUS + Storage version of v1api20231102preview.ManagedClusterPodIdentityProvisioningError_STATUS An error response from the pod identity provisioning. properties: $propertyBag: @@ -27105,7 +28473,7 @@ spec: type: object error: description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + Storage version of v1api20231102preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS An error response from the pod identity provisioning. properties: $propertyBag: @@ -27119,7 +28487,7 @@ spec: type: string details: items: - description: Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + description: Storage version of v1api20231102preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled properties: $propertyBag: additionalProperties: @@ -27150,7 +28518,7 @@ spec: userAssignedIdentityExceptions: items: description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityException_STATUS + Storage version of v1api20231102preview.ManagedClusterPodIdentityException_STATUS See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: @@ -27174,7 +28542,7 @@ spec: type: object powerState: description: |- - Storage version of v1api20231001.PowerState_STATUS + Storage version of v1api20231102preview.PowerState_STATUS Describes the Power State of the cluster properties: $propertyBag: @@ -27192,7 +28560,7 @@ spec: privateLinkResources: items: description: |- - Storage version of v1api20231001.PrivateLinkResource_STATUS + Storage version of v1api20231102preview.PrivateLinkResource_STATUS A private link resource properties: $propertyBag: @@ -27224,9 +28592,34 @@ spec: type: string resourceUID: type: string + safeguardsProfile: + description: |- + Storage version of v1api20231102preview.SafeguardsProfile_STATUS + The Safeguards profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + excludedNamespaces: + items: + type: string + type: array + level: + type: string + systemExcludedNamespaces: + items: + type: string + type: array + version: + type: string + type: object securityProfile: description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfile_STATUS + Storage version of v1api20231102preview.ManagedClusterSecurityProfile_STATUS Security profile for the container service cluster. properties: $propertyBag: @@ -27238,7 +28631,7 @@ spec: type: object azureKeyVaultKms: description: |- - Storage version of v1api20231001.AzureKeyVaultKms_STATUS + Storage version of v1api20231102preview.AzureKeyVaultKms_STATUS Azure Key Vault key management service settings for the security profile. properties: $propertyBag: @@ -27257,9 +28650,13 @@ spec: keyVaultResourceId: type: string type: object + customCATrustCertificates: + items: + type: string + type: array defender: description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileDefender_STATUS + Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefender_STATUS Microsoft Defender settings for the security profile. properties: $propertyBag: @@ -27273,7 +28670,7 @@ spec: type: string securityMonitoring: description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS Microsoft Defender settings for the security profile threat detection. properties: $propertyBag: @@ -27289,7 +28686,7 @@ spec: type: object imageCleaner: description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileImageCleaner_STATUS + Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageCleaner_STATUS Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here are settings for the security profile. properties: @@ -27305,9 +28702,39 @@ spec: intervalHours: type: integer type: object + imageIntegrity: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageIntegrity_STATUS + Image integrity related settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + nodeRestriction: + description: |- + Storage version of v1api20231102preview.ManagedClusterSecurityProfileNodeRestriction_STATUS + Node Restriction settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object workloadIdentity: description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + Storage version of v1api20231102preview.ManagedClusterSecurityProfileWorkloadIdentity_STATUS Workload identity settings for the security profile. properties: $propertyBag: @@ -27323,7 +28750,7 @@ spec: type: object serviceMeshProfile: description: |- - Storage version of v1api20231001.ServiceMeshProfile_STATUS + Storage version of v1api20231102preview.ServiceMeshProfile_STATUS Service mesh profile for a managed cluster. properties: $propertyBag: @@ -27335,7 +28762,7 @@ spec: type: object istio: description: |- - Storage version of v1api20231001.IstioServiceMesh_STATUS + Storage version of v1api20231102preview.IstioServiceMesh_STATUS Istio service mesh configuration. properties: $propertyBag: @@ -27347,7 +28774,7 @@ spec: type: object certificateAuthority: description: |- - Storage version of v1api20231001.IstioCertificateAuthority_STATUS + Storage version of v1api20231102preview.IstioCertificateAuthority_STATUS Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described here https://aka.ms/asm-plugin-ca properties: @@ -27360,7 +28787,7 @@ spec: type: object plugin: description: |- - Storage version of v1api20231001.IstioPluginCertificateAuthority_STATUS + Storage version of v1api20231102preview.IstioPluginCertificateAuthority_STATUS Plugin certificates information for Service Mesh. properties: $propertyBag: @@ -27384,7 +28811,7 @@ spec: type: object components: description: |- - Storage version of v1api20231001.IstioComponents_STATUS + Storage version of v1api20231102preview.IstioComponents_STATUS Istio components configuration. properties: $propertyBag: @@ -27397,7 +28824,7 @@ spec: egressGateways: items: description: |- - Storage version of v1api20231001.IstioEgressGateway_STATUS + Storage version of v1api20231102preview.IstioEgressGateway_STATUS Istio egress gateway configuration. properties: $propertyBag: @@ -27418,7 +28845,7 @@ spec: ingressGateways: items: description: |- - Storage version of v1api20231001.IstioIngressGateway_STATUS + Storage version of v1api20231102preview.IstioIngressGateway_STATUS Istio ingress gateway configuration. For now, we support up to one external ingress gateway named `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: @@ -27446,7 +28873,7 @@ spec: type: object servicePrincipalProfile: description: |- - Storage version of v1api20231001.ManagedClusterServicePrincipalProfile_STATUS + Storage version of v1api20231102preview.ManagedClusterServicePrincipalProfile_STATUS Information about a service principal identity for the cluster to use for manipulating Azure APIs. properties: $propertyBag: @@ -27461,7 +28888,7 @@ spec: type: object sku: description: |- - Storage version of v1api20231001.ManagedClusterSKU_STATUS + Storage version of v1api20231102preview.ManagedClusterSKU_STATUS The SKU of a Managed Cluster. properties: $propertyBag: @@ -27478,7 +28905,7 @@ spec: type: object storageProfile: description: |- - Storage version of v1api20231001.ManagedClusterStorageProfile_STATUS + Storage version of v1api20231102preview.ManagedClusterStorageProfile_STATUS Storage profile for the container service cluster. properties: $propertyBag: @@ -27490,7 +28917,7 @@ spec: type: object blobCSIDriver: description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileBlobCSIDriver_STATUS + Storage version of v1api20231102preview.ManagedClusterStorageProfileBlobCSIDriver_STATUS AzureBlob CSI Driver settings for the storage profile. properties: $propertyBag: @@ -27505,7 +28932,7 @@ spec: type: object diskCSIDriver: description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileDiskCSIDriver_STATUS + Storage version of v1api20231102preview.ManagedClusterStorageProfileDiskCSIDriver_STATUS AzureDisk CSI Driver settings for the storage profile. properties: $propertyBag: @@ -27517,10 +28944,12 @@ spec: type: object enabled: type: boolean + version: + type: string type: object fileCSIDriver: description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileFileCSIDriver_STATUS + Storage version of v1api20231102preview.ManagedClusterStorageProfileFileCSIDriver_STATUS AzureFile CSI Driver settings for the storage profile. properties: $propertyBag: @@ -27535,7 +28964,7 @@ spec: type: object snapshotController: description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileSnapshotController_STATUS + Storage version of v1api20231102preview.ManagedClusterStorageProfileSnapshotController_STATUS Snapshot Controller settings for the storage profile. properties: $propertyBag: @@ -27553,7 +28982,7 @@ spec: type: string systemData: description: |- - Storage version of v1api20231001.SystemData_STATUS + Storage version of v1api20231102preview.SystemData_STATUS Metadata pertaining to creation and last modification of the resource. properties: $propertyBag: @@ -27584,7 +29013,7 @@ spec: type: string upgradeSettings: description: |- - Storage version of v1api20231001.ClusterUpgradeSettings_STATUS + Storage version of v1api20231102preview.ClusterUpgradeSettings_STATUS Settings for upgrading a cluster. properties: $propertyBag: @@ -27596,7 +29025,7 @@ spec: type: object overrideSettings: description: |- - Storage version of v1api20231001.UpgradeOverrideSettings_STATUS + Storage version of v1api20231102preview.UpgradeOverrideSettings_STATUS Settings for overrides when upgrading a cluster. properties: $propertyBag: @@ -27614,7 +29043,7 @@ spec: type: object windowsProfile: description: |- - Storage version of v1api20231001.ManagedClusterWindowsProfile_STATUS + Storage version of v1api20231102preview.ManagedClusterWindowsProfile_STATUS Profile for Windows VMs in the managed cluster. properties: $propertyBag: @@ -27630,7 +29059,7 @@ spec: type: boolean gmsaProfile: description: |- - Storage version of v1api20231001.WindowsGmsaProfile_STATUS + Storage version of v1api20231102preview.WindowsGmsaProfile_STATUS Windows gMSA Profile in the managed cluster. properties: $propertyBag: @@ -27652,7 +29081,7 @@ spec: type: object workloadAutoScalerProfile: description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfile_STATUS + Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfile_STATUS Workload Auto-scaler profile for the managed cluster. properties: $propertyBag: @@ -27664,7 +29093,7 @@ spec: type: object keda: description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. properties: $propertyBag: @@ -27678,9 +29107,7 @@ spec: type: boolean type: object verticalPodAutoscaler: - description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS - VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. + description: Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS properties: $propertyBag: additionalProperties: @@ -27689,6 +29116,8 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + addonAutoscaling: + type: string enabled: type: boolean type: object @@ -27696,7 +29125,7 @@ spec: type: object type: object served: true - storage: true + storage: false subresources: status: {} - additionalPrinterColumns: @@ -27712,12 +29141,12 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20231102preview + name: v1api20240402preview schema: openAPIV3Schema: description: |- Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-11-02-preview/managedClusters.json + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} properties: apiVersion: @@ -27888,6 +29317,22 @@ spec: enableUltraSSD: description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean + gatewayProfile: + description: |- + GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is + not Gateway. + properties: + publicIPPrefixSize: + description: |- + PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide + public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with + one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure + public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 + nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. + maximum: 31 + minimum: 28 + type: integer + type: object gpuInstanceProfile: description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' enum: @@ -28122,6 +29567,7 @@ spec: Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools enum: + - Gateway - System - User type: string @@ -28283,6 +29729,14 @@ spec: - Linux - Windows type: string + podIPAllocationMode: + description: |- + PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is + 'DynamicIndividual'. + enum: + - DynamicIndividual + - StaticBlock + type: string podSubnetReference: description: |- PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). @@ -28422,6 +29876,15 @@ spec: maximum: 30 minimum: 0 type: integer + undrainableNodeBehavior: + description: |- + UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable + nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the + remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. + enum: + - Cordon + - Schedule + type: string type: object virtualMachineNodesStatus: items: @@ -28441,20 +29904,44 @@ spec: scale: description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' properties: + autoscale: + description: |- + Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, + at most one AutoScaleProfile is allowed. + items: + description: Specifications on auto-scaling. + properties: + maxCount: + description: 'MaxCount: The maximum number of nodes of the specified sizes.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes of the specified sizes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS + will use the next size. + items: + type: string + type: array + type: object + type: array manual: - description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' + description: |- + Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size. Currently, at most one + ManualScaleProfile is allowed. items: description: Specifications on number of machines. properties: count: description: 'Count: Number of nodes.' - maximum: 1000 - minimum: 0 type: integer sizes: description: |- - Sizes: The list of allowed vm sizes. AKS will use the first available one when scaling. If a VM size is unavailable - (e.g. due to quota or regional capacity reasons), AKS will use the next size. + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will + use the next size. items: type: string type: array @@ -28673,75 +30160,98 @@ spec: azureMonitorProfile: description: 'AzureMonitorProfile: Prometheus addon profile for the container service cluster' properties: - logs: + appMonitoring: description: |- - Logs: Logs profile for the Azure Monitor Infrastructure and Application Logs. Collect out-of-the-box Kubernetes - infrastructure & application logs to send to Azure Monitor. See aka.ms/AzureMonitorContainerInsights for an overview. + AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics + and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: - appMonitoring: + autoInstrumentation: description: |- - AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics - and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. + AutoInstrumentation: Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook + to auto-instrument Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the + application. See aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: enabled: - description: 'Enabled: Indicates if Application Monitoring enabled or not.' + description: 'Enabled: Indicates if Application Monitoring Auto Instrumentation is enabled or not.' type: boolean type: object - containerInsights: + openTelemetryLogs: description: |- - ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & - stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. + OpenTelemetryLogs: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and + Traces. Collects OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: enabled: - description: 'Enabled: Indicates if Azure Monitor Container Insights Logs Addon is enabled or not.' + description: 'Enabled: Indicates if Application Monitoring Open Telemetry Logs and traces is enabled or not.' type: boolean - logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing - Azure Monitor Container Insights Logs. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - windowsHostLogs: - description: |- - WindowsHostLogs: Windows Host Logs Profile for Kubernetes Windows Nodes Log Collection. Collects ETW, Event Logs and - Text logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. - properties: - enabled: - description: 'Enabled: Indicates if Windows Host Log Collection is enabled or not for Azure Monitor Container Insights Logs Addon.' - type: boolean - type: object + port: + description: 'Port: The Open Telemetry host port for Open Telemetry logs and traces. If not specified, the default port is 28331.' + type: integer type: object - type: object - metrics: - description: 'Metrics: Metrics profile for the prometheus service addon' - properties: - appMonitoringOpenTelemetryMetrics: + openTelemetryMetrics: description: |- - AppMonitoringOpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application - Container Metrics. Collects OpenTelemetry metrics through auto-instrumentation of the application using Azure Monitor - OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview. + OpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container + Metrics. Collects OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: enabled: description: 'Enabled: Indicates if Application Monitoring Open Telemetry Metrics is enabled or not.' type: boolean + port: + description: 'Port: The Open Telemetry host port for Open Telemetry metrics. If not specified, the default port is 28333.' + type: integer + type: object + type: object + containerInsights: + description: |- + ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & + stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + disableCustomMetrics: + description: |- + DisableCustomMetrics: Indicates whether custom metrics collection has to be disabled or not. If not specified the + default is false. No custom metrics will be emitted if this field is false but the container insights enabled field is + false + type: boolean + disablePrometheusMetricsScraping: + description: |- + DisablePrometheusMetricsScraping: Indicates whether prometheus metrics scraping is disabled or not. If not specified the + default is false. No prometheus metrics will be emitted if this field is false but the container insights enabled field + is false + type: boolean + enabled: + description: 'Enabled: Indicates if Azure Monitor Container Insights Logs Addon is enabled or not.' + type: boolean + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing + Azure Monitor Container Insights Logs. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string type: object + syslogPort: + description: 'SyslogPort: The syslog host port. If not specified, the default port is 28330.' + type: integer + type: object + metrics: + description: 'Metrics: Metrics profile for the prometheus service addon' + properties: enabled: description: 'Enabled: Whether to enable the Prometheus collector' type: boolean @@ -28771,6 +30281,38 @@ spec: minLength: 1 pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ type: string + bootstrapProfile: + description: 'BootstrapProfile: Profile of the cluster bootstrap configuration.' + properties: + artifactSource: + description: 'ArtifactSource: The source where the artifacts are downloaded from.' + enum: + - Cache + - Direct + type: string + containerRegistryReference: + description: |- + ContainerRegistryReference: The resource Id of Azure Container Registry. The registry must have private network access, + premium SKU and zone redundancy. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object creationData: description: |- CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a @@ -29027,6 +30569,9 @@ spec: type: boolean type: object type: object + kind: + description: 'Kind: This is primarily used to expose different UI experiences in the portal for different kinds' + type: string kubernetesVersion: description: |- KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades @@ -29076,8 +30621,8 @@ spec: properties: enabled: description: |- - Enabled: The Managed Cluster sku.tier must be set to 'Standard' to enable this feature. Enabling this will add - Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the + Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will + add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the default is false. For more information see aka.ms/aks/docs/cost-analysis. type: boolean type: object @@ -29085,6 +30630,19 @@ spec: networkProfile: description: 'NetworkProfile: The network configuration profile.' properties: + advancedNetworking: + description: |- + AdvancedNetworking: Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced + networking features may incur additional costs. For more information see aka.ms/aksadvancednetworking. + properties: + observability: + description: 'Observability: Observability profile to enable advanced network metrics and flow logs with historical contexts.' + properties: + enabled: + description: 'Enabled: Indicates the enablement of Advanced Networking observability functionalities on clusters.' + type: boolean + type: object + type: object dnsServiceIP: description: |- DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address @@ -29157,6 +30715,12 @@ spec: - NodeIP - NodeIPConfiguration type: string + clusterServiceLoadBalancerHealthProbeMode: + description: 'ClusterServiceLoadBalancerHealthProbeMode: The health probing behavior for External Traffic Policy Cluster services.' + enum: + - ServiceNodePort + - Shared + type: string effectiveOutboundIPs: description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: @@ -29284,15 +30848,6 @@ spec: - basic - standard type: string - monitoring: - description: |- - Monitoring: This addon can be used to configure network monitoring and generate network monitoring data in Prometheus - format - properties: - enabled: - description: 'Enabled: Enable or disable the network monitoring plugin on the cluster' - type: boolean - type: object natGatewayProfile: description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: @@ -29381,6 +30936,7 @@ spec: enum: - loadBalancer - managedNATGateway + - none - userAssignedNATGateway - userDefinedRouting type: string @@ -29395,6 +30951,14 @@ spec: items: type: string type: array + podLinkLocalAccess: + description: |- + PodLinkLocalAccess: Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods + with hostNetwork=false. if not specified, the default is 'IMDS'. + enum: + - IMDS + - None + type: string serviceCidr: description: |- ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP @@ -29408,6 +30972,15 @@ spec: items: type: string type: array + staticEgressGatewayProfile: + description: |- + StaticEgressGatewayProfile: The profile for Static Egress Gateway addon. For more details about Static Egress Gateway, + see https://aka.ms/aks/static-egress-gateway. + properties: + enabled: + description: 'Enabled: Indicates if Static Egress Gateway addon is enabled or not.' + type: boolean + type: object type: object nodeProvisioningProfile: description: 'NodeProvisioningProfile: Node provisioning settings that apply to the whole cluster.' @@ -29871,11 +31444,6 @@ spec: enabled: description: 'Enabled: Whether to enable the egress gateway.' type: boolean - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector: NodeSelector for scheduling the egress gateway.' - type: object required: - enabled type: object @@ -29953,6 +31521,7 @@ spec: name: description: 'Name: The name of a managed cluster SKU.' enum: + - Automatic - Base type: string tier: @@ -30236,6 +31805,12 @@ spec: exactly equal to it. If orchestratorVersion was , this field will contain the full version being used. type: string + eTag: + description: |- + ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is + updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic + concurrency per the normal etag convention. + type: string enableAutoScaling: description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean @@ -30267,6 +31842,20 @@ spec: enableUltraSSD: description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean + gatewayProfile: + description: |- + GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is + not Gateway. + properties: + publicIPPrefixSize: + description: |- + PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide + public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with + one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure + public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 + nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. + type: integer + type: object gpuInstanceProfile: description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string @@ -30568,6 +32157,11 @@ spec: osType: description: 'OsType: The operating system type. The default is Linux.' type: string + podIPAllocationMode: + description: |- + PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is + 'DynamicIndividual'. + type: string podSubnetID: description: |- PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is @@ -30653,6 +32247,12 @@ spec: NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and moving on to next node. If not specified, the default is 0 minutes. type: integer + undrainableNodeBehavior: + description: |- + UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable + nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the + remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. + type: string type: object virtualMachineNodesStatus: items: @@ -30672,8 +32272,33 @@ spec: scale: description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' properties: + autoscale: + description: |- + Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, + at most one AutoScaleProfile is allowed. + items: + description: Specifications on auto-scaling. + properties: + maxCount: + description: 'MaxCount: The maximum number of nodes of the specified sizes.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes of the specified sizes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS + will use the next size. + items: + type: string + type: array + type: object + type: array manual: - description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' + description: |- + Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size. Currently, at most one + ManualScaleProfile is allowed. items: description: Specifications on number of machines. properties: @@ -30682,8 +32307,9 @@ spec: type: integer sizes: description: |- - Sizes: The list of allowed vm sizes. AKS will use the first available one when scaling. If a VM size is unavailable - (e.g. due to quota or regional capacity reasons), AKS will use the next size. + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will + use the next size. items: type: string type: array @@ -30863,58 +32489,81 @@ spec: azureMonitorProfile: description: 'AzureMonitorProfile: Prometheus addon profile for the container service cluster' properties: - logs: + appMonitoring: description: |- - Logs: Logs profile for the Azure Monitor Infrastructure and Application Logs. Collect out-of-the-box Kubernetes - infrastructure & application logs to send to Azure Monitor. See aka.ms/AzureMonitorContainerInsights for an overview. + AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics + and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: - appMonitoring: + autoInstrumentation: description: |- - AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics - and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. + AutoInstrumentation: Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook + to auto-instrument Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the + application. See aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: enabled: - description: 'Enabled: Indicates if Application Monitoring enabled or not.' + description: 'Enabled: Indicates if Application Monitoring Auto Instrumentation is enabled or not.' type: boolean type: object - containerInsights: + openTelemetryLogs: description: |- - ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & - stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. + OpenTelemetryLogs: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and + Traces. Collects OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: enabled: - description: 'Enabled: Indicates if Azure Monitor Container Insights Logs Addon is enabled or not.' + description: 'Enabled: Indicates if Application Monitoring Open Telemetry Logs and traces is enabled or not.' type: boolean - logAnalyticsWorkspaceResourceId: - description: |- - LogAnalyticsWorkspaceResourceId: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing Azure - Monitor Container Insights Logs. - type: string - windowsHostLogs: - description: |- - WindowsHostLogs: Windows Host Logs Profile for Kubernetes Windows Nodes Log Collection. Collects ETW, Event Logs and - Text logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. - properties: - enabled: - description: 'Enabled: Indicates if Windows Host Log Collection is enabled or not for Azure Monitor Container Insights Logs Addon.' - type: boolean - type: object + port: + description: 'Port: The Open Telemetry host port for Open Telemetry logs and traces. If not specified, the default port is 28331.' + type: integer type: object - type: object - metrics: - description: 'Metrics: Metrics profile for the prometheus service addon' - properties: - appMonitoringOpenTelemetryMetrics: + openTelemetryMetrics: description: |- - AppMonitoringOpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application - Container Metrics. Collects OpenTelemetry metrics through auto-instrumentation of the application using Azure Monitor - OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview. + OpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container + Metrics. Collects OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: enabled: description: 'Enabled: Indicates if Application Monitoring Open Telemetry Metrics is enabled or not.' type: boolean + port: + description: 'Port: The Open Telemetry host port for Open Telemetry metrics. If not specified, the default port is 28333.' + type: integer type: object + type: object + containerInsights: + description: |- + ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & + stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. + properties: + disableCustomMetrics: + description: |- + DisableCustomMetrics: Indicates whether custom metrics collection has to be disabled or not. If not specified the + default is false. No custom metrics will be emitted if this field is false but the container insights enabled field is + false + type: boolean + disablePrometheusMetricsScraping: + description: |- + DisablePrometheusMetricsScraping: Indicates whether prometheus metrics scraping is disabled or not. If not specified the + default is false. No prometheus metrics will be emitted if this field is false but the container insights enabled field + is false + type: boolean + enabled: + description: 'Enabled: Indicates if Azure Monitor Container Insights Logs Addon is enabled or not.' + type: boolean + logAnalyticsWorkspaceResourceId: + description: |- + LogAnalyticsWorkspaceResourceId: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing Azure + Monitor Container Insights Logs. + type: string + syslogPort: + description: 'SyslogPort: The syslog host port. If not specified, the default port is 28330.' + type: integer + type: object + metrics: + description: 'Metrics: Metrics profile for the prometheus service addon' + properties: enabled: description: 'Enabled: Whether to enable the Prometheus collector' type: boolean @@ -30940,6 +32589,18 @@ spec: responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure Portal to function properly. type: string + bootstrapProfile: + description: 'BootstrapProfile: Profile of the cluster bootstrap configuration.' + properties: + artifactSource: + description: 'ArtifactSource: The source where the artifacts are downloaded from.' + type: string + containerRegistryId: + description: |- + ContainerRegistryId: The resource Id of Azure Container Registry. The registry must have private network access, premium + SKU and zone redundancy. + type: string + type: object conditions: description: 'Conditions: The observed state of the resource' items: @@ -31010,6 +32671,12 @@ spec: dnsPrefix: description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' type: string + eTag: + description: |- + ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is + updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic + concurrency per the normal etag convention. + type: string enableNamespaceResources: description: |- EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed @@ -31173,6 +32840,9 @@ spec: type: object type: object type: object + kind: + description: 'Kind: This is primarily used to expose different UI experiences in the portal for different kinds' + type: string kubernetesVersion: description: |- KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades @@ -31217,8 +32887,8 @@ spec: properties: enabled: description: |- - Enabled: The Managed Cluster sku.tier must be set to 'Standard' to enable this feature. Enabling this will add - Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the + Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will + add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the default is false. For more information see aka.ms/aks/docs/cost-analysis. type: boolean type: object @@ -31229,6 +32899,19 @@ spec: networkProfile: description: 'NetworkProfile: The network configuration profile.' properties: + advancedNetworking: + description: |- + AdvancedNetworking: Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced + networking features may incur additional costs. For more information see aka.ms/aksadvancednetworking. + properties: + observability: + description: 'Observability: Observability profile to enable advanced network metrics and flow logs with historical contexts.' + properties: + enabled: + description: 'Enabled: Indicates the enablement of Advanced Networking observability functionalities on clusters.' + type: boolean + type: object + type: object dnsServiceIP: description: |- DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address @@ -31286,6 +32969,9 @@ spec: backendPoolType: description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' type: string + clusterServiceLoadBalancerHealthProbeMode: + description: 'ClusterServiceLoadBalancerHealthProbeMode: The health probing behavior for External Traffic Policy Cluster services.' + type: string effectiveOutboundIPs: description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: @@ -31353,15 +33039,6 @@ spec: SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load balancer SKUs. type: string - monitoring: - description: |- - Monitoring: This addon can be used to configure network monitoring and generate network monitoring data in Prometheus - format - properties: - enabled: - description: 'Enabled: Enable or disable the network monitoring plugin on the cluster' - type: boolean - type: object natGatewayProfile: description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: @@ -31420,6 +33097,11 @@ spec: items: type: string type: array + podLinkLocalAccess: + description: |- + PodLinkLocalAccess: Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods + with hostNetwork=false. if not specified, the default is 'IMDS'. + type: string serviceCidr: description: |- ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP @@ -31432,6 +33114,15 @@ spec: items: type: string type: array + staticEgressGatewayProfile: + description: |- + StaticEgressGatewayProfile: The profile for Static Egress Gateway addon. For more details about Static Egress Gateway, + see https://aka.ms/aks/static-egress-gateway. + properties: + enabled: + description: 'Enabled: Indicates if Static Egress Gateway addon is enabled or not.' + type: boolean + type: object type: object nodeProvisioningProfile: description: 'NodeProvisioningProfile: Node provisioning settings that apply to the whole cluster.' @@ -31770,11 +33461,6 @@ spec: enabled: description: 'Enabled: Whether to enable the egress gateway.' type: boolean - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector: NodeSelector for scheduling the egress gateway.' - type: object type: object type: array ingressGateways: @@ -31994,13 +33680,13 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20231102previewstorage + name: v1api20240402previewstorage schema: openAPIV3Schema: description: |- - Storage version of v1api20231102preview.ManagedCluster + Storage version of v1api20240402preview.ManagedCluster Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-11-02-preview/managedClusters.json + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} properties: apiVersion: @@ -32021,7 +33707,7 @@ spec: metadata: type: object spec: - description: Storage version of v1api20231102preview.ManagedCluster_Spec + description: Storage version of v1api20240402preview.ManagedCluster_Spec properties: $propertyBag: additionalProperties: @@ -32032,7 +33718,7 @@ spec: type: object aadProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterAADProfile + Storage version of v1api20240402preview.ManagedClusterAADProfile For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: $propertyBag: @@ -32062,7 +33748,7 @@ spec: addonProfiles: additionalProperties: description: |- - Storage version of v1api20231102preview.ManagedClusterAddonProfile + Storage version of v1api20240402preview.ManagedClusterAddonProfile A Kubernetes add-on profile for a managed cluster. properties: $propertyBag: @@ -32083,7 +33769,7 @@ spec: agentPoolProfiles: items: description: |- - Storage version of v1api20231102preview.ManagedClusterAgentPoolProfile + Storage version of v1api20240402preview.ManagedClusterAgentPoolProfile Profile for the container service agent pool. properties: $propertyBag: @@ -32094,7 +33780,7 @@ spec: resources, allowing for full fidelity round trip conversions type: object artifactStreamingProfile: - description: Storage version of v1api20231102preview.AgentPoolArtifactStreamingProfile + description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile properties: $propertyBag: additionalProperties: @@ -32134,7 +33820,7 @@ spec: type: integer creationData: description: |- - Storage version of v1api20231102preview.CreationData + Storage version of v1api20240402preview.CreationData Data used when creating a target resource from a source resource. properties: $propertyBag: @@ -32177,10 +33863,25 @@ spec: type: boolean enableUltraSSD: type: boolean + gatewayProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolGatewayProfile + Profile of the managed cluster gateway agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixSize: + type: integer + type: object gpuInstanceProfile: type: string gpuProfile: - description: Storage version of v1api20231102preview.AgentPoolGPUProfile + description: Storage version of v1api20240402preview.AgentPoolGPUProfile properties: $propertyBag: additionalProperties: @@ -32217,7 +33918,7 @@ spec: type: object kubeletConfig: description: |- - Storage version of v1api20231102preview.KubeletConfig + Storage version of v1api20240402preview.KubeletConfig See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: @@ -32256,7 +33957,7 @@ spec: type: string linuxOSConfig: description: |- - Storage version of v1api20231102preview.LinuxOSConfig + Storage version of v1api20240402preview.LinuxOSConfig See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: @@ -32270,7 +33971,7 @@ spec: type: integer sysctls: description: |- - Storage version of v1api20231102preview.SysctlConfig + Storage version of v1api20240402preview.SysctlConfig Sysctl settings for Linux agent nodes. properties: $propertyBag: @@ -32356,7 +34057,7 @@ spec: type: string networkProfile: description: |- - Storage version of v1api20231102preview.AgentPoolNetworkProfile + Storage version of v1api20240402preview.AgentPoolNetworkProfile Network settings of an agent pool. properties: $propertyBag: @@ -32369,7 +34070,7 @@ spec: allowedHostPorts: items: description: |- - Storage version of v1api20231102preview.PortRange + Storage version of v1api20240402preview.PortRange The port range. properties: $propertyBag: @@ -32412,7 +34113,7 @@ spec: nodePublicIPTags: items: description: |- - Storage version of v1api20231102preview.IPTag + Storage version of v1api20240402preview.IPTag Contains the IPTag associated with the object. properties: $propertyBag: @@ -32473,6 +34174,8 @@ spec: type: string osType: type: string + podIPAllocationMode: + type: string podSubnetReference: description: |- PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). @@ -32498,7 +34201,7 @@ spec: type: object powerState: description: |- - Storage version of v1api20231102preview.PowerState + Storage version of v1api20240402preview.PowerState Describes the Power State of the cluster properties: $propertyBag: @@ -32539,7 +34242,7 @@ spec: type: string securityProfile: description: |- - Storage version of v1api20231102preview.AgentPoolSecurityProfile + Storage version of v1api20240402preview.AgentPoolSecurityProfile The security settings of an agent pool. properties: $propertyBag: @@ -32566,7 +34269,7 @@ spec: type: string upgradeSettings: description: |- - Storage version of v1api20231102preview.AgentPoolUpgradeSettings + Storage version of v1api20240402preview.AgentPoolUpgradeSettings Settings for upgrading an agentpool properties: $propertyBag: @@ -32582,11 +34285,13 @@ spec: type: string nodeSoakDurationInMinutes: type: integer + undrainableNodeBehavior: + type: string type: object virtualMachineNodesStatus: items: description: |- - Storage version of v1api20231102preview.VirtualMachineNodes + Storage version of v1api20240402preview.VirtualMachineNodes Current status on a group of nodes of the same vm size. properties: $propertyBag: @@ -32604,7 +34309,7 @@ spec: type: array virtualMachinesProfile: description: |- - Storage version of v1api20231102preview.VirtualMachinesProfile + Storage version of v1api20240402preview.VirtualMachinesProfile Specifications on VirtualMachines agent pool. properties: $propertyBag: @@ -32616,7 +34321,7 @@ spec: type: object scale: description: |- - Storage version of v1api20231102preview.ScaleProfile + Storage version of v1api20240402preview.ScaleProfile Specifications on how to scale a VirtualMachines agent pool. properties: $propertyBag: @@ -32626,10 +34331,33 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + autoscale: + items: + description: |- + Storage version of v1api20240402preview.AutoScaleProfile + Specifications on auto-scaling. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxCount: + type: integer + minCount: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array manual: items: description: |- - Storage version of v1api20231102preview.ManualScaleProfile + Storage version of v1api20240402preview.ManualScaleProfile Specifications on number of machines. properties: $propertyBag: @@ -32676,7 +34404,7 @@ spec: type: object windowsProfile: description: |- - Storage version of v1api20231102preview.AgentPoolWindowsProfile + Storage version of v1api20240402preview.AgentPoolWindowsProfile The Windows agent pool's specific profile. properties: $propertyBag: @@ -32695,7 +34423,7 @@ spec: type: array aiToolchainOperatorProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterAIToolchainOperatorProfile + Storage version of v1api20240402preview.ManagedClusterAIToolchainOperatorProfile When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and enables distributed inference against them. @@ -32712,7 +34440,7 @@ spec: type: object apiServerAccessProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterAPIServerAccessProfile + Storage version of v1api20240402preview.ManagedClusterAPIServerAccessProfile Access profile for managed cluster API server. properties: $propertyBag: @@ -32740,7 +34468,7 @@ spec: type: string type: object autoScalerProfile: - description: Storage version of v1api20231102preview.ManagedClusterProperties_AutoScalerProfile + description: Storage version of v1api20240402preview.ManagedClusterProperties_AutoScalerProfile properties: $propertyBag: additionalProperties: @@ -32792,7 +34520,7 @@ spec: type: object autoUpgradeProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterAutoUpgradeProfile + Storage version of v1api20240402preview.ManagedClusterAutoUpgradeProfile Auto upgrade profile for a managed cluster. properties: $propertyBag: @@ -32809,7 +34537,7 @@ spec: type: object azureMonitorProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfile + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfile Prometheus addon profile for the container service cluster properties: $propertyBag: @@ -32819,11 +34547,12 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - logs: + appMonitoring: description: |- - Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileLogs - Logs profile for the Azure Monitor Infrastructure and Application Logs. Collect out-of-the-box Kubernetes infrastructure - & application logs to send to Azure Monitor. See aka.ms/AzureMonitorContainerInsights for an overview. + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoring + Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces + through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: $propertyBag: additionalProperties: @@ -32832,11 +34561,11 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - appMonitoring: + autoInstrumentation: description: |- - Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoring - Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces - through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation + Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook to auto-instrument + Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the application. See aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: $propertyBag: @@ -32849,11 +34578,12 @@ spec: enabled: type: boolean type: object - containerInsights: + openTelemetryLogs: description: |- - Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileContainerInsights - Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See - aka.ms/AzureMonitorContainerInsights for an overview. + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogs + Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and Traces. Collects + OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: $propertyBag: additionalProperties: @@ -32864,50 +34594,34 @@ spec: type: object enabled: type: boolean - logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing - Azure Monitor Container Insights Logs. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - windowsHostLogs: + port: + type: integer + type: object + openTelemetryMetrics: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics + Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects + OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string description: |- - Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileWindowsHostLogs - Windows Host Logs Profile for Kubernetes Windows Nodes Log Collection. Collects ETW, Event Logs and Text logs etc. See - aka.ms/AzureMonitorContainerInsights for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + enabled: + type: boolean + port: + type: integer type: object type: object - metrics: + containerInsights: description: |- - Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileMetrics - Metrics profile for the prometheus service addon + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileContainerInsights + Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See + aka.ms/AzureMonitorContainerInsights for an overview. properties: $propertyBag: additionalProperties: @@ -32916,28 +34630,54 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - appMonitoringOpenTelemetryMetrics: + disableCustomMetrics: + type: boolean + disablePrometheusMetricsScraping: + type: boolean + enabled: + type: boolean + logAnalyticsWorkspaceResourceReference: description: |- - Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics - Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects - OpenTelemetry metrics through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. + LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing + Azure Monitor Container Insights Logs. properties: - $propertyBag: - additionalProperties: - type: string + armId: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + syslogPort: + type: integer + type: object + metrics: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileMetrics + Metrics profile for the prometheus service addon + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean kubeStateMetrics: description: |- - Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileKubeStateMetrics + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileKubeStateMetrics Kube State Metrics for prometheus addon profile for the container service cluster properties: $propertyBag: @@ -32959,9 +34699,46 @@ spec: AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn't have to be. type: string + bootstrapProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterBootstrapProfile + The bootstrap profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactSource: + type: string + containerRegistryReference: + description: |- + ContainerRegistryReference: The resource Id of Azure Container Registry. The registry must have private network access, + premium SKU and zone redundancy. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object creationData: description: |- - Storage version of v1api20231102preview.CreationData + Storage version of v1api20240402preview.CreationData Data used when creating a target resource from a source resource. properties: $propertyBag: @@ -33026,7 +34803,7 @@ spec: type: boolean extendedLocation: description: |- - Storage version of v1api20231102preview.ExtendedLocation + Storage version of v1api20240402preview.ExtendedLocation The complex type of the extended location. properties: $propertyBag: @@ -33045,7 +34822,7 @@ spec: type: string httpProxyConfig: description: |- - Storage version of v1api20231102preview.ManagedClusterHTTPProxyConfig + Storage version of v1api20240402preview.ManagedClusterHTTPProxyConfig Cluster HTTP proxy configuration. properties: $propertyBag: @@ -33068,7 +34845,7 @@ spec: type: object identity: description: |- - Storage version of v1api20231102preview.ManagedClusterIdentity + Storage version of v1api20240402preview.ManagedClusterIdentity Identity for the managed cluster. properties: $propertyBag: @@ -33081,7 +34858,7 @@ spec: delegatedResources: additionalProperties: description: |- - Storage version of v1api20231102preview.DelegatedResource + Storage version of v1api20240402preview.DelegatedResource Delegated resource properties - internal use only. properties: $propertyBag: @@ -33124,7 +34901,7 @@ spec: userAssignedIdentities: items: description: |- - Storage version of v1api20231102preview.UserAssignedIdentityDetails + Storage version of v1api20240402preview.UserAssignedIdentityDetails Information about the user assigned identity for the resource properties: $propertyBag: @@ -33160,7 +34937,7 @@ spec: identityProfile: additionalProperties: description: |- - Storage version of v1api20231102preview.UserAssignedIdentity + Storage version of v1api20240402preview.UserAssignedIdentity Details about a user assigned identity. properties: $propertyBag: @@ -33198,7 +34975,7 @@ spec: type: object ingressProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterIngressProfile + Storage version of v1api20240402preview.ManagedClusterIngressProfile Ingress profile for the container service cluster. properties: $propertyBag: @@ -33210,7 +34987,7 @@ spec: type: object webAppRouting: description: |- - Storage version of v1api20231102preview.ManagedClusterIngressProfileWebAppRouting + Storage version of v1api20240402preview.ManagedClusterIngressProfileWebAppRouting Web App Routing settings for the ingress profile. properties: $propertyBag: @@ -33246,11 +35023,13 @@ spec: type: boolean type: object type: object + kind: + type: string kubernetesVersion: type: string linuxProfile: description: |- - Storage version of v1api20231102preview.ContainerServiceLinuxProfile + Storage version of v1api20240402preview.ContainerServiceLinuxProfile Profile for Linux VMs in the container service cluster. properties: $propertyBag: @@ -33264,7 +35043,7 @@ spec: type: string ssh: description: |- - Storage version of v1api20231102preview.ContainerServiceSshConfiguration + Storage version of v1api20240402preview.ContainerServiceSshConfiguration SSH configuration for Linux-based VMs running on Azure. properties: $propertyBag: @@ -33277,7 +35056,7 @@ spec: publicKeys: items: description: |- - Storage version of v1api20231102preview.ContainerServiceSshPublicKey + Storage version of v1api20240402preview.ContainerServiceSshPublicKey Contains information about SSH certificate public key data. properties: $propertyBag: @@ -33297,7 +35076,7 @@ spec: type: string metricsProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterMetricsProfile + Storage version of v1api20240402preview.ManagedClusterMetricsProfile The metrics profile for the ManagedCluster. properties: $propertyBag: @@ -33309,7 +35088,7 @@ spec: type: object costAnalysis: description: |- - Storage version of v1api20231102preview.ManagedClusterCostAnalysis + Storage version of v1api20240402preview.ManagedClusterCostAnalysis The cost analysis configuration for the cluster properties: $propertyBag: @@ -33325,7 +35104,7 @@ spec: type: object networkProfile: description: |- - Storage version of v1api20231102preview.ContainerServiceNetworkProfile + Storage version of v1api20240402preview.ContainerServiceNetworkProfile Profile of network configuration. properties: $propertyBag: @@ -33335,6 +35114,35 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + advancedNetworking: + description: |- + Storage version of v1api20240402preview.AdvancedNetworking + Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced networking features may + incur additional costs. For more information see aka.ms/aksadvancednetworking. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + observability: + description: |- + Storage version of v1api20240402preview.AdvancedNetworkingObservability + Observability profile to enable advanced network metrics and flow logs with historical contexts. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object dnsServiceIP: type: string ipFamilies: @@ -33342,7 +35150,7 @@ spec: type: string type: array kubeProxyConfig: - description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig + description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig properties: $propertyBag: additionalProperties: @@ -33354,7 +35162,7 @@ spec: enabled: type: boolean ipvsConfig: - description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig + description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig properties: $propertyBag: additionalProperties: @@ -33377,7 +35185,7 @@ spec: type: object loadBalancerProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile + Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile Profile of the managed cluster load balancer. properties: $propertyBag: @@ -33391,10 +35199,12 @@ spec: type: integer backendPoolType: type: string + clusterServiceLoadBalancerHealthProbeMode: + type: string effectiveOutboundIPs: items: description: |- - Storage version of v1api20231102preview.ResourceReference + Storage version of v1api20240402preview.ResourceReference A reference to an Azure resource. properties: $propertyBag: @@ -33431,7 +35241,7 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs properties: $propertyBag: additionalProperties: @@ -33446,7 +35256,7 @@ spec: type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes properties: $propertyBag: additionalProperties: @@ -33458,7 +35268,7 @@ spec: publicIPPrefixes: items: description: |- - Storage version of v1api20231102preview.ResourceReference + Storage version of v1api20240402preview.ResourceReference A reference to an Azure resource. properties: $propertyBag: @@ -33492,7 +35302,7 @@ spec: type: array type: object outboundIPs: - description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPs + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPs properties: $propertyBag: additionalProperties: @@ -33504,7 +35314,7 @@ spec: publicIPs: items: description: |- - Storage version of v1api20231102preview.ResourceReference + Storage version of v1api20240402preview.ResourceReference A reference to an Azure resource. properties: $propertyBag: @@ -33540,24 +35350,9 @@ spec: type: object loadBalancerSku: type: string - monitoring: - description: |- - Storage version of v1api20231102preview.NetworkMonitoring - This addon can be used to configure network monitoring and generate network monitoring data in Prometheus format - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object natGatewayProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterNATGatewayProfile + Storage version of v1api20240402preview.ManagedClusterNATGatewayProfile Profile of the managed cluster NAT gateway. properties: $propertyBag: @@ -33570,7 +35365,7 @@ spec: effectiveOutboundIPs: items: description: |- - Storage version of v1api20231102preview.ResourceReference + Storage version of v1api20240402preview.ResourceReference A reference to an Azure resource. properties: $propertyBag: @@ -33606,7 +35401,7 @@ spec: type: integer managedOutboundIPProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterManagedOutboundIPProfile + Storage version of v1api20240402preview.ManagedClusterManagedOutboundIPProfile Profile of the managed outbound IP resources of the managed cluster. properties: $propertyBag: @@ -33638,15 +35433,32 @@ spec: items: type: string type: array + podLinkLocalAccess: + type: string serviceCidr: type: string serviceCidrs: items: type: string type: array + staticEgressGatewayProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterStaticEgressGatewayProfile + The Static Egress Gateway addon configuration for the cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object type: object nodeProvisioningProfile: - description: Storage version of v1api20231102preview.ManagedClusterNodeProvisioningProfile + description: Storage version of v1api20240402preview.ManagedClusterNodeProvisioningProfile properties: $propertyBag: additionalProperties: @@ -33662,7 +35474,7 @@ spec: type: string nodeResourceGroupProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterNodeResourceGroupProfile + Storage version of v1api20240402preview.ManagedClusterNodeResourceGroupProfile Node resource group lockdown profile for a managed cluster. properties: $propertyBag: @@ -33677,7 +35489,7 @@ spec: type: object oidcIssuerProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterOIDCIssuerProfile + Storage version of v1api20240402preview.ManagedClusterOIDCIssuerProfile The OIDC issuer profile of the Managed Cluster. properties: $propertyBag: @@ -33692,7 +35504,7 @@ spec: type: object operatorSpec: description: |- - Storage version of v1api20231102preview.ManagedClusterOperatorSpec + Storage version of v1api20240402preview.ManagedClusterOperatorSpec Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: @@ -33703,7 +35515,7 @@ spec: resources, allowing for full fidelity round trip conversions type: object configMaps: - description: Storage version of v1api20231102preview.ManagedClusterOperatorConfigMaps + description: Storage version of v1api20240402preview.ManagedClusterOperatorConfigMaps properties: $propertyBag: additionalProperties: @@ -33731,7 +35543,7 @@ spec: type: object type: object secrets: - description: Storage version of v1api20231102preview.ManagedClusterOperatorSecrets + description: Storage version of v1api20240402preview.ManagedClusterOperatorSecrets properties: $propertyBag: additionalProperties: @@ -33793,7 +35605,7 @@ spec: type: object podIdentityProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterPodIdentityProfile + Storage version of v1api20240402preview.ManagedClusterPodIdentityProfile See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod identity integration. properties: @@ -33811,7 +35623,7 @@ spec: userAssignedIdentities: items: description: |- - Storage version of v1api20231102preview.ManagedClusterPodIdentity + Storage version of v1api20240402preview.ManagedClusterPodIdentity Details about the pod identity assigned to the Managed Cluster. properties: $propertyBag: @@ -33825,7 +35637,7 @@ spec: type: string identity: description: |- - Storage version of v1api20231102preview.UserAssignedIdentity + Storage version of v1api20240402preview.UserAssignedIdentity Details about a user assigned identity. properties: $propertyBag: @@ -33869,7 +35681,7 @@ spec: userAssignedIdentityExceptions: items: description: |- - Storage version of v1api20231102preview.ManagedClusterPodIdentityException + Storage version of v1api20240402preview.ManagedClusterPodIdentityException See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: @@ -33894,7 +35706,7 @@ spec: privateLinkResources: items: description: |- - Storage version of v1api20231102preview.PrivateLinkResource + Storage version of v1api20240402preview.PrivateLinkResource A private link resource properties: $propertyBag: @@ -33940,7 +35752,7 @@ spec: type: string safeguardsProfile: description: |- - Storage version of v1api20231102preview.SafeguardsProfile + Storage version of v1api20240402preview.SafeguardsProfile The Safeguards profile. properties: $propertyBag: @@ -33961,7 +35773,7 @@ spec: type: object securityProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterSecurityProfile + Storage version of v1api20240402preview.ManagedClusterSecurityProfile Security profile for the container service cluster. properties: $propertyBag: @@ -33973,7 +35785,7 @@ spec: type: object azureKeyVaultKms: description: |- - Storage version of v1api20231102preview.AzureKeyVaultKms + Storage version of v1api20240402preview.AzureKeyVaultKms Azure Key Vault key management service settings for the security profile. properties: $propertyBag: @@ -34018,7 +35830,7 @@ spec: type: array defender: description: |- - Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefender + Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefender Microsoft Defender settings for the security profile. properties: $propertyBag: @@ -34053,7 +35865,7 @@ spec: type: object securityMonitoring: description: |- - Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring + Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring Microsoft Defender settings for the security profile threat detection. properties: $propertyBag: @@ -34069,7 +35881,7 @@ spec: type: object imageCleaner: description: |- - Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageCleaner + Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageCleaner Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here are settings for the security profile. properties: @@ -34087,7 +35899,7 @@ spec: type: object imageIntegrity: description: |- - Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageIntegrity + Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageIntegrity Image integrity related settings for the security profile. properties: $propertyBag: @@ -34102,7 +35914,7 @@ spec: type: object nodeRestriction: description: |- - Storage version of v1api20231102preview.ManagedClusterSecurityProfileNodeRestriction + Storage version of v1api20240402preview.ManagedClusterSecurityProfileNodeRestriction Node Restriction settings for the security profile. properties: $propertyBag: @@ -34117,7 +35929,7 @@ spec: type: object workloadIdentity: description: |- - Storage version of v1api20231102preview.ManagedClusterSecurityProfileWorkloadIdentity + Storage version of v1api20240402preview.ManagedClusterSecurityProfileWorkloadIdentity Workload identity settings for the security profile. properties: $propertyBag: @@ -34133,7 +35945,7 @@ spec: type: object serviceMeshProfile: description: |- - Storage version of v1api20231102preview.ServiceMeshProfile + Storage version of v1api20240402preview.ServiceMeshProfile Service mesh profile for a managed cluster. properties: $propertyBag: @@ -34145,7 +35957,7 @@ spec: type: object istio: description: |- - Storage version of v1api20231102preview.IstioServiceMesh + Storage version of v1api20240402preview.IstioServiceMesh Istio service mesh configuration. properties: $propertyBag: @@ -34157,7 +35969,7 @@ spec: type: object certificateAuthority: description: |- - Storage version of v1api20231102preview.IstioCertificateAuthority + Storage version of v1api20240402preview.IstioCertificateAuthority Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described here https://aka.ms/asm-plugin-ca properties: @@ -34170,7 +35982,7 @@ spec: type: object plugin: description: |- - Storage version of v1api20231102preview.IstioPluginCertificateAuthority + Storage version of v1api20240402preview.IstioPluginCertificateAuthority Plugin certificates information for Service Mesh. properties: $propertyBag: @@ -34212,7 +36024,7 @@ spec: type: object components: description: |- - Storage version of v1api20231102preview.IstioComponents + Storage version of v1api20240402preview.IstioComponents Istio components configuration. properties: $propertyBag: @@ -34225,7 +36037,7 @@ spec: egressGateways: items: description: |- - Storage version of v1api20231102preview.IstioEgressGateway + Storage version of v1api20240402preview.IstioEgressGateway Istio egress gateway configuration. properties: $propertyBag: @@ -34237,16 +36049,12 @@ spec: type: object enabled: type: boolean - nodeSelector: - additionalProperties: - type: string - type: object type: object type: array ingressGateways: items: description: |- - Storage version of v1api20231102preview.IstioIngressGateway + Storage version of v1api20240402preview.IstioIngressGateway Istio ingress gateway configuration. For now, we support up to one external ingress gateway named `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: @@ -34274,7 +36082,7 @@ spec: type: object servicePrincipalProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterServicePrincipalProfile + Storage version of v1api20240402preview.ManagedClusterServicePrincipalProfile Information about a service principal identity for the cluster to use for manipulating Azure APIs. properties: $propertyBag: @@ -34306,7 +36114,7 @@ spec: type: object sku: description: |- - Storage version of v1api20231102preview.ManagedClusterSKU + Storage version of v1api20240402preview.ManagedClusterSKU The SKU of a Managed Cluster. properties: $propertyBag: @@ -34323,7 +36131,7 @@ spec: type: object storageProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterStorageProfile + Storage version of v1api20240402preview.ManagedClusterStorageProfile Storage profile for the container service cluster. properties: $propertyBag: @@ -34335,7 +36143,7 @@ spec: type: object blobCSIDriver: description: |- - Storage version of v1api20231102preview.ManagedClusterStorageProfileBlobCSIDriver + Storage version of v1api20240402preview.ManagedClusterStorageProfileBlobCSIDriver AzureBlob CSI Driver settings for the storage profile. properties: $propertyBag: @@ -34350,7 +36158,7 @@ spec: type: object diskCSIDriver: description: |- - Storage version of v1api20231102preview.ManagedClusterStorageProfileDiskCSIDriver + Storage version of v1api20240402preview.ManagedClusterStorageProfileDiskCSIDriver AzureDisk CSI Driver settings for the storage profile. properties: $propertyBag: @@ -34367,7 +36175,7 @@ spec: type: object fileCSIDriver: description: |- - Storage version of v1api20231102preview.ManagedClusterStorageProfileFileCSIDriver + Storage version of v1api20240402preview.ManagedClusterStorageProfileFileCSIDriver AzureFile CSI Driver settings for the storage profile. properties: $propertyBag: @@ -34382,7 +36190,7 @@ spec: type: object snapshotController: description: |- - Storage version of v1api20231102preview.ManagedClusterStorageProfileSnapshotController + Storage version of v1api20240402preview.ManagedClusterStorageProfileSnapshotController Snapshot Controller settings for the storage profile. properties: $propertyBag: @@ -34404,7 +36212,7 @@ spec: type: object upgradeSettings: description: |- - Storage version of v1api20231102preview.ClusterUpgradeSettings + Storage version of v1api20240402preview.ClusterUpgradeSettings Settings for upgrading a cluster. properties: $propertyBag: @@ -34416,7 +36224,7 @@ spec: type: object overrideSettings: description: |- - Storage version of v1api20231102preview.UpgradeOverrideSettings + Storage version of v1api20240402preview.UpgradeOverrideSettings Settings for overrides when upgrading a cluster. properties: $propertyBag: @@ -34434,7 +36242,7 @@ spec: type: object windowsProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterWindowsProfile + Storage version of v1api20240402preview.ManagedClusterWindowsProfile Profile for Windows VMs in the managed cluster. properties: $propertyBag: @@ -34467,7 +36275,7 @@ spec: type: boolean gmsaProfile: description: |- - Storage version of v1api20231102preview.WindowsGmsaProfile + Storage version of v1api20240402preview.WindowsGmsaProfile Windows gMSA Profile in the managed cluster. properties: $propertyBag: @@ -34489,7 +36297,7 @@ spec: type: object workloadAutoScalerProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfile + Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfile Workload Auto-scaler profile for the managed cluster. properties: $propertyBag: @@ -34501,7 +36309,7 @@ spec: type: object keda: description: |- - Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileKeda + Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileKeda KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. properties: $propertyBag: @@ -34515,7 +36323,7 @@ spec: type: boolean type: object verticalPodAutoscaler: - description: Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler + description: Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler properties: $propertyBag: additionalProperties: @@ -34535,7 +36343,7 @@ spec: type: object status: description: |- - Storage version of v1api20231102preview.ManagedCluster_STATUS + Storage version of v1api20240402preview.ManagedCluster_STATUS Managed cluster. properties: $propertyBag: @@ -34547,7 +36355,7 @@ spec: type: object aadProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterAADProfile_STATUS + Storage version of v1api20240402preview.ManagedClusterAADProfile_STATUS For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: $propertyBag: @@ -34577,7 +36385,7 @@ spec: addonProfiles: additionalProperties: description: |- - Storage version of v1api20231102preview.ManagedClusterAddonProfile_STATUS + Storage version of v1api20240402preview.ManagedClusterAddonProfile_STATUS A Kubernetes add-on profile for a managed cluster. properties: $propertyBag: @@ -34595,7 +36403,7 @@ spec: type: boolean identity: description: |- - Storage version of v1api20231102preview.UserAssignedIdentity_STATUS + Storage version of v1api20240402preview.UserAssignedIdentity_STATUS Details about a user assigned identity. properties: $propertyBag: @@ -34617,7 +36425,7 @@ spec: agentPoolProfiles: items: description: |- - Storage version of v1api20231102preview.ManagedClusterAgentPoolProfile_STATUS + Storage version of v1api20240402preview.ManagedClusterAgentPoolProfile_STATUS Profile for the container service agent pool. properties: $propertyBag: @@ -34628,7 +36436,7 @@ spec: resources, allowing for full fidelity round trip conversions type: object artifactStreamingProfile: - description: Storage version of v1api20231102preview.AgentPoolArtifactStreamingProfile_STATUS + description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile_STATUS properties: $propertyBag: additionalProperties: @@ -34650,7 +36458,7 @@ spec: type: integer creationData: description: |- - Storage version of v1api20231102preview.CreationData_STATUS + Storage version of v1api20240402preview.CreationData_STATUS Data used when creating a target resource from a source resource. properties: $propertyBag: @@ -34665,6 +36473,8 @@ spec: type: object currentOrchestratorVersion: type: string + eTag: + type: string enableAutoScaling: type: boolean enableCustomCATrust: @@ -34677,10 +36487,25 @@ spec: type: boolean enableUltraSSD: type: boolean + gatewayProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolGatewayProfile_STATUS + Profile of the managed cluster gateway agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixSize: + type: integer + type: object gpuInstanceProfile: type: string gpuProfile: - description: Storage version of v1api20231102preview.AgentPoolGPUProfile_STATUS + description: Storage version of v1api20240402preview.AgentPoolGPUProfile_STATUS properties: $propertyBag: additionalProperties: @@ -34696,7 +36521,7 @@ spec: type: string kubeletConfig: description: |- - Storage version of v1api20231102preview.KubeletConfig_STATUS + Storage version of v1api20240402preview.KubeletConfig_STATUS See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: @@ -34735,7 +36560,7 @@ spec: type: string linuxOSConfig: description: |- - Storage version of v1api20231102preview.LinuxOSConfig_STATUS + Storage version of v1api20240402preview.LinuxOSConfig_STATUS See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: @@ -34749,7 +36574,7 @@ spec: type: integer sysctls: description: |- - Storage version of v1api20231102preview.SysctlConfig_STATUS + Storage version of v1api20240402preview.SysctlConfig_STATUS Sysctl settings for Linux agent nodes. properties: $propertyBag: @@ -34835,7 +36660,7 @@ spec: type: string networkProfile: description: |- - Storage version of v1api20231102preview.AgentPoolNetworkProfile_STATUS + Storage version of v1api20240402preview.AgentPoolNetworkProfile_STATUS Network settings of an agent pool. properties: $propertyBag: @@ -34848,7 +36673,7 @@ spec: allowedHostPorts: items: description: |- - Storage version of v1api20231102preview.PortRange_STATUS + Storage version of v1api20240402preview.PortRange_STATUS The port range. properties: $propertyBag: @@ -34873,7 +36698,7 @@ spec: nodePublicIPTags: items: description: |- - Storage version of v1api20231102preview.IPTag_STATUS + Storage version of v1api20240402preview.IPTag_STATUS Contains the IPTag associated with the object. properties: $propertyBag: @@ -34916,11 +36741,13 @@ spec: type: string osType: type: string + podIPAllocationMode: + type: string podSubnetID: type: string powerState: description: |- - Storage version of v1api20231102preview.PowerState_STATUS + Storage version of v1api20240402preview.PowerState_STATUS Describes the Power State of the cluster properties: $propertyBag: @@ -34945,7 +36772,7 @@ spec: type: string securityProfile: description: |- - Storage version of v1api20231102preview.AgentPoolSecurityProfile_STATUS + Storage version of v1api20240402preview.AgentPoolSecurityProfile_STATUS The security settings of an agent pool. properties: $propertyBag: @@ -34972,7 +36799,7 @@ spec: type: string upgradeSettings: description: |- - Storage version of v1api20231102preview.AgentPoolUpgradeSettings_STATUS + Storage version of v1api20240402preview.AgentPoolUpgradeSettings_STATUS Settings for upgrading an agentpool properties: $propertyBag: @@ -34988,11 +36815,13 @@ spec: type: string nodeSoakDurationInMinutes: type: integer + undrainableNodeBehavior: + type: string type: object virtualMachineNodesStatus: items: description: |- - Storage version of v1api20231102preview.VirtualMachineNodes_STATUS + Storage version of v1api20240402preview.VirtualMachineNodes_STATUS Current status on a group of nodes of the same vm size. properties: $propertyBag: @@ -35010,7 +36839,7 @@ spec: type: array virtualMachinesProfile: description: |- - Storage version of v1api20231102preview.VirtualMachinesProfile_STATUS + Storage version of v1api20240402preview.VirtualMachinesProfile_STATUS Specifications on VirtualMachines agent pool. properties: $propertyBag: @@ -35022,7 +36851,7 @@ spec: type: object scale: description: |- - Storage version of v1api20231102preview.ScaleProfile_STATUS + Storage version of v1api20240402preview.ScaleProfile_STATUS Specifications on how to scale a VirtualMachines agent pool. properties: $propertyBag: @@ -35032,10 +36861,33 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + autoscale: + items: + description: |- + Storage version of v1api20240402preview.AutoScaleProfile_STATUS + Specifications on auto-scaling. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxCount: + type: integer + minCount: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array manual: items: description: |- - Storage version of v1api20231102preview.ManualScaleProfile_STATUS + Storage version of v1api20240402preview.ManualScaleProfile_STATUS Specifications on number of machines. properties: $propertyBag: @@ -35061,7 +36913,7 @@ spec: type: string windowsProfile: description: |- - Storage version of v1api20231102preview.AgentPoolWindowsProfile_STATUS + Storage version of v1api20240402preview.AgentPoolWindowsProfile_STATUS The Windows agent pool's specific profile. properties: $propertyBag: @@ -35080,7 +36932,7 @@ spec: type: array aiToolchainOperatorProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterAIToolchainOperatorProfile_STATUS + Storage version of v1api20240402preview.ManagedClusterAIToolchainOperatorProfile_STATUS When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and enables distributed inference against them. @@ -35097,7 +36949,7 @@ spec: type: object apiServerAccessProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterAPIServerAccessProfile_STATUS + Storage version of v1api20240402preview.ManagedClusterAPIServerAccessProfile_STATUS Access profile for managed cluster API server. properties: $propertyBag: @@ -35125,7 +36977,7 @@ spec: type: string type: object autoScalerProfile: - description: Storage version of v1api20231102preview.ManagedClusterProperties_AutoScalerProfile_STATUS + description: Storage version of v1api20240402preview.ManagedClusterProperties_AutoScalerProfile_STATUS properties: $propertyBag: additionalProperties: @@ -35177,7 +37029,7 @@ spec: type: object autoUpgradeProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterAutoUpgradeProfile_STATUS + Storage version of v1api20240402preview.ManagedClusterAutoUpgradeProfile_STATUS Auto upgrade profile for a managed cluster. properties: $propertyBag: @@ -35194,7 +37046,7 @@ spec: type: object azureMonitorProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfile_STATUS + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfile_STATUS Prometheus addon profile for the container service cluster properties: $propertyBag: @@ -35204,11 +37056,12 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - logs: + appMonitoring: description: |- - Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileLogs_STATUS - Logs profile for the Azure Monitor Infrastructure and Application Logs. Collect out-of-the-box Kubernetes infrastructure - & application logs to send to Azure Monitor. See aka.ms/AzureMonitorContainerInsights for an overview. + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoring_STATUS + Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces + through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: $propertyBag: additionalProperties: @@ -35217,11 +37070,11 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - appMonitoring: + autoInstrumentation: description: |- - Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoring_STATUS - Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces - through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation_STATUS + Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook to auto-instrument + Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the application. See aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: $propertyBag: @@ -35234,11 +37087,12 @@ spec: enabled: type: boolean type: object - containerInsights: + openTelemetryLogs: description: |- - Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileContainerInsights_STATUS - Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See - aka.ms/AzureMonitorContainerInsights for an overview. + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogs_STATUS + Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and Traces. Collects + OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: $propertyBag: additionalProperties: @@ -35249,43 +37103,14 @@ spec: type: object enabled: type: boolean - logAnalyticsWorkspaceResourceId: - type: string - windowsHostLogs: - description: |- - Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileWindowsHostLogs_STATUS - Windows Host Logs Profile for Kubernetes Windows Nodes Log Collection. Collects ETW, Event Logs and Text logs etc. See - aka.ms/AzureMonitorContainerInsights for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - type: object - metrics: - description: |- - Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileMetrics_STATUS - Metrics profile for the prometheus service addon - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + port: + type: integer type: object - appMonitoringOpenTelemetryMetrics: + openTelemetryMetrics: description: |- - Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics_STATUS + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics_STATUS Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects - OpenTelemetry metrics through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: $propertyBag: @@ -35297,12 +37122,51 @@ spec: type: object enabled: type: boolean + port: + type: integer + type: object + type: object + containerInsights: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileContainerInsights_STATUS + Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See + aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableCustomMetrics: + type: boolean + disablePrometheusMetricsScraping: + type: boolean + enabled: + type: boolean + logAnalyticsWorkspaceResourceId: + type: string + syslogPort: + type: integer + type: object + metrics: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileMetrics_STATUS + Metrics profile for the prometheus service addon + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean kubeStateMetrics: description: |- - Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS Kube State Metrics for prometheus addon profile for the container service cluster properties: $propertyBag: @@ -35321,6 +37185,23 @@ spec: type: object azurePortalFQDN: type: string + bootstrapProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterBootstrapProfile_STATUS + The bootstrap profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactSource: + type: string + containerRegistryId: + type: string + type: object conditions: items: description: Condition defines an extension to status (an observation) of a resource @@ -35366,7 +37247,7 @@ spec: type: array creationData: description: |- - Storage version of v1api20231102preview.CreationData_STATUS + Storage version of v1api20240402preview.CreationData_STATUS Data used when creating a target resource from a source resource. properties: $propertyBag: @@ -35387,6 +37268,8 @@ spec: type: string dnsPrefix: type: string + eTag: + type: string enableNamespaceResources: type: boolean enablePodSecurityPolicy: @@ -35395,7 +37278,7 @@ spec: type: boolean extendedLocation: description: |- - Storage version of v1api20231102preview.ExtendedLocation_STATUS + Storage version of v1api20240402preview.ExtendedLocation_STATUS The complex type of the extended location. properties: $propertyBag: @@ -35416,7 +37299,7 @@ spec: type: string httpProxyConfig: description: |- - Storage version of v1api20231102preview.ManagedClusterHTTPProxyConfig_STATUS + Storage version of v1api20240402preview.ManagedClusterHTTPProxyConfig_STATUS Cluster HTTP proxy configuration. properties: $propertyBag: @@ -35445,7 +37328,7 @@ spec: type: string identity: description: |- - Storage version of v1api20231102preview.ManagedClusterIdentity_STATUS + Storage version of v1api20240402preview.ManagedClusterIdentity_STATUS Identity for the managed cluster. properties: $propertyBag: @@ -35458,7 +37341,7 @@ spec: delegatedResources: additionalProperties: description: |- - Storage version of v1api20231102preview.DelegatedResource_STATUS + Storage version of v1api20240402preview.DelegatedResource_STATUS Delegated resource properties - internal use only. properties: $propertyBag: @@ -35486,7 +37369,7 @@ spec: type: string userAssignedIdentities: additionalProperties: - description: Storage version of v1api20231102preview.ManagedClusterIdentity_UserAssignedIdentities_STATUS + description: Storage version of v1api20240402preview.ManagedClusterIdentity_UserAssignedIdentities_STATUS properties: $propertyBag: additionalProperties: @@ -35505,7 +37388,7 @@ spec: identityProfile: additionalProperties: description: |- - Storage version of v1api20231102preview.UserAssignedIdentity_STATUS + Storage version of v1api20240402preview.UserAssignedIdentity_STATUS Details about a user assigned identity. properties: $propertyBag: @@ -35525,7 +37408,7 @@ spec: type: object ingressProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterIngressProfile_STATUS + Storage version of v1api20240402preview.ManagedClusterIngressProfile_STATUS Ingress profile for the container service cluster. properties: $propertyBag: @@ -35537,7 +37420,7 @@ spec: type: object webAppRouting: description: |- - Storage version of v1api20231102preview.ManagedClusterIngressProfileWebAppRouting_STATUS + Storage version of v1api20240402preview.ManagedClusterIngressProfileWebAppRouting_STATUS Web App Routing settings for the ingress profile. properties: $propertyBag: @@ -35555,7 +37438,7 @@ spec: type: boolean identity: description: |- - Storage version of v1api20231102preview.UserAssignedIdentity_STATUS + Storage version of v1api20240402preview.UserAssignedIdentity_STATUS Details about a user assigned identity. properties: $propertyBag: @@ -35574,11 +37457,13 @@ spec: type: object type: object type: object + kind: + type: string kubernetesVersion: type: string linuxProfile: description: |- - Storage version of v1api20231102preview.ContainerServiceLinuxProfile_STATUS + Storage version of v1api20240402preview.ContainerServiceLinuxProfile_STATUS Profile for Linux VMs in the container service cluster. properties: $propertyBag: @@ -35592,7 +37477,7 @@ spec: type: string ssh: description: |- - Storage version of v1api20231102preview.ContainerServiceSshConfiguration_STATUS + Storage version of v1api20240402preview.ContainerServiceSshConfiguration_STATUS SSH configuration for Linux-based VMs running on Azure. properties: $propertyBag: @@ -35605,7 +37490,7 @@ spec: publicKeys: items: description: |- - Storage version of v1api20231102preview.ContainerServiceSshPublicKey_STATUS + Storage version of v1api20240402preview.ContainerServiceSshPublicKey_STATUS Contains information about SSH certificate public key data. properties: $propertyBag: @@ -35627,7 +37512,7 @@ spec: type: integer metricsProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterMetricsProfile_STATUS + Storage version of v1api20240402preview.ManagedClusterMetricsProfile_STATUS The metrics profile for the ManagedCluster. properties: $propertyBag: @@ -35639,7 +37524,7 @@ spec: type: object costAnalysis: description: |- - Storage version of v1api20231102preview.ManagedClusterCostAnalysis_STATUS + Storage version of v1api20240402preview.ManagedClusterCostAnalysis_STATUS The cost analysis configuration for the cluster properties: $propertyBag: @@ -35657,7 +37542,7 @@ spec: type: string networkProfile: description: |- - Storage version of v1api20231102preview.ContainerServiceNetworkProfile_STATUS + Storage version of v1api20240402preview.ContainerServiceNetworkProfile_STATUS Profile of network configuration. properties: $propertyBag: @@ -35667,6 +37552,35 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + advancedNetworking: + description: |- + Storage version of v1api20240402preview.AdvancedNetworking_STATUS + Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced networking features may + incur additional costs. For more information see aka.ms/aksadvancednetworking. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + observability: + description: |- + Storage version of v1api20240402preview.AdvancedNetworkingObservability_STATUS + Observability profile to enable advanced network metrics and flow logs with historical contexts. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object dnsServiceIP: type: string ipFamilies: @@ -35674,7 +37588,7 @@ spec: type: string type: array kubeProxyConfig: - description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig_STATUS + description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_STATUS properties: $propertyBag: additionalProperties: @@ -35686,7 +37600,7 @@ spec: enabled: type: boolean ipvsConfig: - description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig_STATUS + description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig_STATUS properties: $propertyBag: additionalProperties: @@ -35709,7 +37623,7 @@ spec: type: object loadBalancerProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_STATUS + Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_STATUS Profile of the managed cluster load balancer. properties: $propertyBag: @@ -35723,10 +37637,12 @@ spec: type: integer backendPoolType: type: string + clusterServiceLoadBalancerHealthProbeMode: + type: string effectiveOutboundIPs: items: description: |- - Storage version of v1api20231102preview.ResourceReference_STATUS + Storage version of v1api20240402preview.ResourceReference_STATUS A reference to an Azure resource. properties: $propertyBag: @@ -35745,7 +37661,7 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS properties: $propertyBag: additionalProperties: @@ -35760,7 +37676,7 @@ spec: type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS properties: $propertyBag: additionalProperties: @@ -35772,7 +37688,7 @@ spec: publicIPPrefixes: items: description: |- - Storage version of v1api20231102preview.ResourceReference_STATUS + Storage version of v1api20240402preview.ResourceReference_STATUS A reference to an Azure resource. properties: $propertyBag: @@ -35788,7 +37704,7 @@ spec: type: array type: object outboundIPs: - description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS properties: $propertyBag: additionalProperties: @@ -35800,7 +37716,7 @@ spec: publicIPs: items: description: |- - Storage version of v1api20231102preview.ResourceReference_STATUS + Storage version of v1api20240402preview.ResourceReference_STATUS A reference to an Azure resource. properties: $propertyBag: @@ -35818,24 +37734,9 @@ spec: type: object loadBalancerSku: type: string - monitoring: - description: |- - Storage version of v1api20231102preview.NetworkMonitoring_STATUS - This addon can be used to configure network monitoring and generate network monitoring data in Prometheus format - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object natGatewayProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterNATGatewayProfile_STATUS + Storage version of v1api20240402preview.ManagedClusterNATGatewayProfile_STATUS Profile of the managed cluster NAT gateway. properties: $propertyBag: @@ -35848,7 +37749,7 @@ spec: effectiveOutboundIPs: items: description: |- - Storage version of v1api20231102preview.ResourceReference_STATUS + Storage version of v1api20240402preview.ResourceReference_STATUS A reference to an Azure resource. properties: $propertyBag: @@ -35866,7 +37767,7 @@ spec: type: integer managedOutboundIPProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterManagedOutboundIPProfile_STATUS + Storage version of v1api20240402preview.ManagedClusterManagedOutboundIPProfile_STATUS Profile of the managed outbound IP resources of the managed cluster. properties: $propertyBag: @@ -35898,15 +37799,32 @@ spec: items: type: string type: array + podLinkLocalAccess: + type: string serviceCidr: type: string serviceCidrs: items: type: string type: array + staticEgressGatewayProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterStaticEgressGatewayProfile_STATUS + The Static Egress Gateway addon configuration for the cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object type: object nodeProvisioningProfile: - description: Storage version of v1api20231102preview.ManagedClusterNodeProvisioningProfile_STATUS + description: Storage version of v1api20240402preview.ManagedClusterNodeProvisioningProfile_STATUS properties: $propertyBag: additionalProperties: @@ -35922,7 +37840,7 @@ spec: type: string nodeResourceGroupProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterNodeResourceGroupProfile_STATUS + Storage version of v1api20240402preview.ManagedClusterNodeResourceGroupProfile_STATUS Node resource group lockdown profile for a managed cluster. properties: $propertyBag: @@ -35937,7 +37855,7 @@ spec: type: object oidcIssuerProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterOIDCIssuerProfile_STATUS + Storage version of v1api20240402preview.ManagedClusterOIDCIssuerProfile_STATUS The OIDC issuer profile of the Managed Cluster. properties: $propertyBag: @@ -35954,7 +37872,7 @@ spec: type: object podIdentityProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterPodIdentityProfile_STATUS + Storage version of v1api20240402preview.ManagedClusterPodIdentityProfile_STATUS See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod identity integration. properties: @@ -35972,7 +37890,7 @@ spec: userAssignedIdentities: items: description: |- - Storage version of v1api20231102preview.ManagedClusterPodIdentity_STATUS + Storage version of v1api20240402preview.ManagedClusterPodIdentity_STATUS Details about the pod identity assigned to the Managed Cluster. properties: $propertyBag: @@ -35986,7 +37904,7 @@ spec: type: string identity: description: |- - Storage version of v1api20231102preview.UserAssignedIdentity_STATUS + Storage version of v1api20240402preview.UserAssignedIdentity_STATUS Details about a user assigned identity. properties: $propertyBag: @@ -36008,7 +37926,7 @@ spec: namespace: type: string provisioningInfo: - description: Storage version of v1api20231102preview.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + description: Storage version of v1api20240402preview.ManagedClusterPodIdentity_ProvisioningInfo_STATUS properties: $propertyBag: additionalProperties: @@ -36019,7 +37937,7 @@ spec: type: object error: description: |- - Storage version of v1api20231102preview.ManagedClusterPodIdentityProvisioningError_STATUS + Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningError_STATUS An error response from the pod identity provisioning. properties: $propertyBag: @@ -36031,7 +37949,7 @@ spec: type: object error: description: |- - Storage version of v1api20231102preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS An error response from the pod identity provisioning. properties: $propertyBag: @@ -36045,7 +37963,7 @@ spec: type: string details: items: - description: Storage version of v1api20231102preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + description: Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled properties: $propertyBag: additionalProperties: @@ -36076,7 +37994,7 @@ spec: userAssignedIdentityExceptions: items: description: |- - Storage version of v1api20231102preview.ManagedClusterPodIdentityException_STATUS + Storage version of v1api20240402preview.ManagedClusterPodIdentityException_STATUS See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: @@ -36100,7 +38018,7 @@ spec: type: object powerState: description: |- - Storage version of v1api20231102preview.PowerState_STATUS + Storage version of v1api20240402preview.PowerState_STATUS Describes the Power State of the cluster properties: $propertyBag: @@ -36118,7 +38036,7 @@ spec: privateLinkResources: items: description: |- - Storage version of v1api20231102preview.PrivateLinkResource_STATUS + Storage version of v1api20240402preview.PrivateLinkResource_STATUS A private link resource properties: $propertyBag: @@ -36152,7 +38070,7 @@ spec: type: string safeguardsProfile: description: |- - Storage version of v1api20231102preview.SafeguardsProfile_STATUS + Storage version of v1api20240402preview.SafeguardsProfile_STATUS The Safeguards profile. properties: $propertyBag: @@ -36177,7 +38095,7 @@ spec: type: object securityProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterSecurityProfile_STATUS + Storage version of v1api20240402preview.ManagedClusterSecurityProfile_STATUS Security profile for the container service cluster. properties: $propertyBag: @@ -36189,7 +38107,7 @@ spec: type: object azureKeyVaultKms: description: |- - Storage version of v1api20231102preview.AzureKeyVaultKms_STATUS + Storage version of v1api20240402preview.AzureKeyVaultKms_STATUS Azure Key Vault key management service settings for the security profile. properties: $propertyBag: @@ -36214,7 +38132,7 @@ spec: type: array defender: description: |- - Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefender_STATUS + Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefender_STATUS Microsoft Defender settings for the security profile. properties: $propertyBag: @@ -36228,7 +38146,7 @@ spec: type: string securityMonitoring: description: |- - Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS Microsoft Defender settings for the security profile threat detection. properties: $propertyBag: @@ -36244,7 +38162,7 @@ spec: type: object imageCleaner: description: |- - Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageCleaner_STATUS + Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageCleaner_STATUS Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here are settings for the security profile. properties: @@ -36262,7 +38180,7 @@ spec: type: object imageIntegrity: description: |- - Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageIntegrity_STATUS + Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageIntegrity_STATUS Image integrity related settings for the security profile. properties: $propertyBag: @@ -36277,7 +38195,7 @@ spec: type: object nodeRestriction: description: |- - Storage version of v1api20231102preview.ManagedClusterSecurityProfileNodeRestriction_STATUS + Storage version of v1api20240402preview.ManagedClusterSecurityProfileNodeRestriction_STATUS Node Restriction settings for the security profile. properties: $propertyBag: @@ -36292,7 +38210,7 @@ spec: type: object workloadIdentity: description: |- - Storage version of v1api20231102preview.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + Storage version of v1api20240402preview.ManagedClusterSecurityProfileWorkloadIdentity_STATUS Workload identity settings for the security profile. properties: $propertyBag: @@ -36308,7 +38226,7 @@ spec: type: object serviceMeshProfile: description: |- - Storage version of v1api20231102preview.ServiceMeshProfile_STATUS + Storage version of v1api20240402preview.ServiceMeshProfile_STATUS Service mesh profile for a managed cluster. properties: $propertyBag: @@ -36320,7 +38238,7 @@ spec: type: object istio: description: |- - Storage version of v1api20231102preview.IstioServiceMesh_STATUS + Storage version of v1api20240402preview.IstioServiceMesh_STATUS Istio service mesh configuration. properties: $propertyBag: @@ -36332,7 +38250,7 @@ spec: type: object certificateAuthority: description: |- - Storage version of v1api20231102preview.IstioCertificateAuthority_STATUS + Storage version of v1api20240402preview.IstioCertificateAuthority_STATUS Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described here https://aka.ms/asm-plugin-ca properties: @@ -36345,7 +38263,7 @@ spec: type: object plugin: description: |- - Storage version of v1api20231102preview.IstioPluginCertificateAuthority_STATUS + Storage version of v1api20240402preview.IstioPluginCertificateAuthority_STATUS Plugin certificates information for Service Mesh. properties: $propertyBag: @@ -36369,7 +38287,7 @@ spec: type: object components: description: |- - Storage version of v1api20231102preview.IstioComponents_STATUS + Storage version of v1api20240402preview.IstioComponents_STATUS Istio components configuration. properties: $propertyBag: @@ -36382,7 +38300,7 @@ spec: egressGateways: items: description: |- - Storage version of v1api20231102preview.IstioEgressGateway_STATUS + Storage version of v1api20240402preview.IstioEgressGateway_STATUS Istio egress gateway configuration. properties: $propertyBag: @@ -36394,16 +38312,12 @@ spec: type: object enabled: type: boolean - nodeSelector: - additionalProperties: - type: string - type: object type: object type: array ingressGateways: items: description: |- - Storage version of v1api20231102preview.IstioIngressGateway_STATUS + Storage version of v1api20240402preview.IstioIngressGateway_STATUS Istio ingress gateway configuration. For now, we support up to one external ingress gateway named `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: @@ -36431,7 +38345,7 @@ spec: type: object servicePrincipalProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterServicePrincipalProfile_STATUS + Storage version of v1api20240402preview.ManagedClusterServicePrincipalProfile_STATUS Information about a service principal identity for the cluster to use for manipulating Azure APIs. properties: $propertyBag: @@ -36446,7 +38360,7 @@ spec: type: object sku: description: |- - Storage version of v1api20231102preview.ManagedClusterSKU_STATUS + Storage version of v1api20240402preview.ManagedClusterSKU_STATUS The SKU of a Managed Cluster. properties: $propertyBag: @@ -36463,7 +38377,7 @@ spec: type: object storageProfile: description: |- - Storage version of v1api20231102preview.ManagedClusterStorageProfile_STATUS + Storage version of v1api20240402preview.ManagedClusterStorageProfile_STATUS Storage profile for the container service cluster. properties: $propertyBag: @@ -36475,7 +38389,7 @@ spec: type: object blobCSIDriver: description: |- - Storage version of v1api20231102preview.ManagedClusterStorageProfileBlobCSIDriver_STATUS + Storage version of v1api20240402preview.ManagedClusterStorageProfileBlobCSIDriver_STATUS AzureBlob CSI Driver settings for the storage profile. properties: $propertyBag: @@ -36490,7 +38404,7 @@ spec: type: object diskCSIDriver: description: |- - Storage version of v1api20231102preview.ManagedClusterStorageProfileDiskCSIDriver_STATUS + Storage version of v1api20240402preview.ManagedClusterStorageProfileDiskCSIDriver_STATUS AzureDisk CSI Driver settings for the storage profile. properties: $propertyBag: @@ -36507,7 +38421,7 @@ spec: type: object fileCSIDriver: description: |- - Storage version of v1api20231102preview.ManagedClusterStorageProfileFileCSIDriver_STATUS + Storage version of v1api20240402preview.ManagedClusterStorageProfileFileCSIDriver_STATUS AzureFile CSI Driver settings for the storage profile. properties: $propertyBag: @@ -36522,7 +38436,7 @@ spec: type: object snapshotController: description: |- - Storage version of v1api20231102preview.ManagedClusterStorageProfileSnapshotController_STATUS + Storage version of v1api20240402preview.ManagedClusterStorageProfileSnapshotController_STATUS Snapshot Controller settings for the storage profile. properties: $propertyBag: @@ -36534,10912 +38448,14 @@ spec: type: object enabled: type: boolean - type: object - type: object - supportPlan: - type: string - systemData: - description: |- - Storage version of v1api20231102preview.SystemData_STATUS - Metadata pertaining to creation and last modification of the resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - createdAt: - type: string - createdBy: - type: string - createdByType: - type: string - lastModifiedAt: - type: string - lastModifiedBy: - type: string - lastModifiedByType: - type: string - type: object - tags: - additionalProperties: - type: string - type: object - type: - type: string - upgradeSettings: - description: |- - Storage version of v1api20231102preview.ClusterUpgradeSettings_STATUS - Settings for upgrading a cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - overrideSettings: - description: |- - Storage version of v1api20231102preview.UpgradeOverrideSettings_STATUS - Settings for overrides when upgrading a cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - forceUpgrade: - type: boolean - until: - type: string - type: object - type: object - windowsProfile: - description: |- - Storage version of v1api20231102preview.ManagedClusterWindowsProfile_STATUS - Profile for Windows VMs in the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminUsername: - type: string - enableCSIProxy: - type: boolean - gmsaProfile: - description: |- - Storage version of v1api20231102preview.WindowsGmsaProfile_STATUS - Windows gMSA Profile in the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - dnsServer: - type: string - enabled: - type: boolean - rootDomainName: - type: string - type: object - licenseType: - type: string - type: object - workloadAutoScalerProfile: - description: |- - Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfile_STATUS - Workload Auto-scaler profile for the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - keda: - description: |- - Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS - KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - verticalPodAutoscaler: - description: Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - addonAutoscaling: - type: string - enabled: - type: boolean - type: object - type: object - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - type: string - name: v1api20240402preview - schema: - openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - aadProfile: - description: 'AadProfile: The Azure Active Directory configuration.' - properties: - adminGroupObjectIDs: - description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' - items: - type: string - type: array - clientAppID: - description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' - type: string - enableAzureRBAC: - description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' - type: boolean - managed: - description: 'Managed: Whether to enable managed AAD.' - type: boolean - serverAppID: - description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' - type: string - serverAppSecret: - description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' - type: string - tenantID: - description: |- - TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment - subscription. - type: string - type: object - addonProfiles: - additionalProperties: - description: A Kubernetes add-on profile for a managed cluster. - properties: - config: - additionalProperties: - type: string - description: 'Config: Key-value pairs for configuring an add-on.' - type: object - enabled: - description: 'Enabled: Whether the add-on is enabled or not.' - type: boolean - required: - - enabled - type: object - description: 'AddonProfiles: The profile of managed cluster add-on.' - type: object - agentPoolProfiles: - description: 'AgentPoolProfiles: The agent pool properties.' - items: - description: Profile for the container service agent pool. - properties: - artifactStreamingProfile: - description: 'ArtifactStreamingProfile: Configuration for using artifact streaming on AKS.' - properties: - enabled: - description: |- - Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use - this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. - type: boolean - type: object - availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. - items: - type: string - type: array - capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. - type: integer - creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. - properties: - sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' - type: boolean - enableCustomCATrust: - description: |- - EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a - daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded - certificates into node trust stores. Defaults to false. - type: boolean - enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption - type: boolean - enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. - type: boolean - enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. - type: boolean - enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' - type: boolean - gatewayProfile: - description: |- - GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is - not Gateway. - properties: - publicIPPrefixSize: - description: |- - PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide - public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with - one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure - public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 - nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. - maximum: 31 - minimum: 28 - type: integer - type: object - gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' - enum: - - MIG1g - - MIG2g - - MIG3g - - MIG4g - - MIG7g - type: string - gpuProfile: - description: 'GpuProfile: The GPU settings of an agent pool.' - properties: - installGPUDriver: - description: |- - InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU - Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents - automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver - installation themselves. - type: boolean - type: object - hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' - properties: - allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' - items: - type: string - type: array - containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. - minimum: 2 - type: integer - containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' - type: integer - cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' - type: boolean - cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. - type: string - cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. - type: string - failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' - type: boolean - imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' - type: integer - imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' - type: integer - podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' - type: integer - topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. - type: string - type: object - kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. - enum: - - OS - - Temporary - type: string - linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' - properties: - swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' - type: integer - sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' - properties: - fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' - type: integer - fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' - type: integer - fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' - type: integer - fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' - type: integer - kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' - type: integer - netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' - type: integer - netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' - type: integer - netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' - type: integer - netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' - type: integer - netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' - type: integer - netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' - type: integer - netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' - type: integer - netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' - type: string - netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' - type: integer - netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' - type: integer - netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' - type: integer - netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' - type: integer - netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' - type: integer - netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' - type: integer - netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' - type: integer - netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' - type: integer - netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' - type: boolean - netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' - maximum: 90 - minimum: 10 - type: integer - netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' - maximum: 524288 - minimum: 65536 - type: integer - netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' - maximum: 2097152 - minimum: 131072 - type: integer - vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' - type: integer - vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' - type: integer - vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' - type: integer - type: object - transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). - type: string - transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). - type: string - type: object - maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' - type: integer - maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' - type: integer - messageOfTheDay: - description: |- - MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of - the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., - will be printed raw and not be executed as a script). - type: string - minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' - type: integer - mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools - enum: - - Gateway - - System - - User - type: string - name: - description: 'Name: Windows agent pool names must be 6 characters or less.' - pattern: ^[a-z][a-z0-9]{0,11}$ - type: string - networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' - properties: - allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' - items: - description: The port range. - properties: - portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. - maximum: 65535 - minimum: 1 - type: integer - portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. - maximum: 65535 - minimum: 1 - type: integer - protocol: - description: 'Protocol: The network protocol of the port.' - enum: - - TCP - - UDP - type: string - type: object - type: array - applicationSecurityGroupsReferences: - description: |- - ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when - created. - items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: array - nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' - items: - description: Contains the IPTag associated with the object. - properties: - ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' - type: string - tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' - type: string - type: object - type: array - type: object - nodeInitializationTaints: - description: |- - NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field - can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that - requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the - node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint - nodes node1 key1=value1:NoSchedule-` - items: - type: string - type: array - nodeLabels: - additionalProperties: - type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' - type: object - nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' - items: - type: string - type: array - orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version and are supported. When is - specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same - once it has been created will not trigger an upgrade, even if a newer patch version is available. As a - best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version - must have the same major version as the control plane. The node pool minor version must be within two minor versions of - the control plane version. The node pool version cannot be greater than the control plane version. For more information - see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). - type: string - osDiskSizeGB: - maximum: 2048 - minimum: 0 - type: integer - osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). - enum: - - Ephemeral - - Managed - type: string - osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or - Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is - deprecated. - enum: - - AzureLinux - - CBLMariner - - Mariner - - Ubuntu - - Windows2019 - - Windows2022 - - WindowsAnnual - type: string - osType: - description: 'OsType: The operating system type. The default is Linux.' - enum: - - Linux - - Windows - type: string - podIPAllocationMode: - description: |- - PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is - 'DynamicIndividual'. - enum: - - DynamicIndividual - - StaticBlock - type: string - podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded - properties: - code: - description: 'Code: Tells whether the cluster is Running or Stopped' - enum: - - Running - - Stopped - type: string - type: object - proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' - enum: - - Deallocate - - Delete - type: string - scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. - enum: - - Deallocate - - Delete - type: string - scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' - enum: - - Regular - - Spot - type: string - securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' - properties: - enableSecureBoot: - description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. - type: boolean - enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. - type: boolean - sshAccess: - description: 'SshAccess: SSH access method of an agent pool.' - enum: - - Disabled - - LocalUser - type: string - type: object - spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) - type: number - tags: - additionalProperties: - type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' - type: object - type: - description: 'Type: The type of Agent Pool.' - enum: - - AvailabilitySet - - VirtualMachineScaleSets - - VirtualMachines - type: string - upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' - properties: - drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. - maximum: 1440 - minimum: 1 - type: integer - maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade - type: string - nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. - maximum: 30 - minimum: 0 - type: integer - undrainableNodeBehavior: - description: |- - UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable - nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the - remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. - enum: - - Cordon - - Schedule - type: string - type: object - virtualMachineNodesStatus: - items: - description: Current status on a group of nodes of the same vm size. - properties: - count: - description: 'Count: Number of nodes.' - type: integer - size: - description: 'Size: The VM size of the agents used to host this group of nodes.' - type: string - type: object - type: array - virtualMachinesProfile: - description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' - properties: - scale: - description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' - properties: - autoscale: - description: |- - Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, - at most one AutoScaleProfile is allowed. - items: - description: Specifications on auto-scaling. - properties: - maxCount: - description: 'MaxCount: The maximum number of nodes of the specified sizes.' - type: integer - minCount: - description: 'MinCount: The minimum number of nodes of the specified sizes.' - type: integer - sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS - will use the next size. - items: - type: string - type: array - type: object - type: array - manual: - description: |- - Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size. Currently, at most one - ManualScaleProfile is allowed. - items: - description: Specifications on number of machines. - properties: - count: - description: 'Count: Number of nodes.' - type: integer - sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will - use the next size. - items: - type: string - type: array - type: object - type: array - type: object - type: object - vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions - type: string - vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' - properties: - disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. - type: boolean - type: object - workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' - enum: - - KataMshvVmIsolation - - OCIContainer - - WasmWasi - type: string - required: - - name - type: object - type: array - aiToolchainOperatorProfile: - description: 'AiToolchainOperatorProfile: AI toolchain operator settings that apply to the whole cluster.' - properties: - enabled: - description: 'Enabled: Indicates if AI toolchain operator enabled or not.' - type: boolean - type: object - apiServerAccessProfile: - description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' - properties: - authorizedIPRanges: - description: |- - AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with - clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API - server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). - items: - type: string - type: array - disableRunCommand: - description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' - type: boolean - enablePrivateCluster: - description: |- - EnablePrivateCluster: For more details, see [Creating a private AKS - cluster](https://docs.microsoft.com/azure/aks/private-clusters). - type: boolean - enablePrivateClusterPublicFQDN: - description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' - type: boolean - enableVnetIntegration: - description: 'EnableVnetIntegration: Whether to enable apiserver vnet integration for the cluster or not.' - type: boolean - privateDNSZone: - description: |- - PrivateDNSZone: The default is System. For more details see [configure private DNS - zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and - 'none'. - type: string - subnetId: - description: |- - SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable - apiserver vnet integration. - type: string - type: object - autoScalerProfile: - description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' - properties: - balance-similar-node-groups: - description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' - type: string - daemonset-eviction-for-empty-nodes: - description: |- - DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the - node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be - deleted without ensuring that daemonset pods are deleted or evicted. - type: boolean - daemonset-eviction-for-occupied-nodes: - description: |- - DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion - of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node - will be deleted without ensuring that daemonset pods are deleted or evicted. - type: boolean - expander: - description: 'Expander: Available values are: ''least-waste'', ''most-pods'', ''priority'', ''random''.' - enum: - - least-waste - - most-pods - - priority - - random - type: string - ignore-daemonsets-utilization: - description: |- - IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making - scaling down decisions. - type: boolean - max-empty-bulk-delete: - description: 'MaxEmptyBulkDelete: The default is 10.' - type: string - max-graceful-termination-sec: - description: 'MaxGracefulTerminationSec: The default is 600.' - type: string - max-node-provision-time: - description: |- - MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. - type: string - max-total-unready-percentage: - description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' - type: string - new-pod-scale-up-delay: - description: |- - NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler - could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is - '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). - type: string - ok-total-unready-count: - description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' - type: string - scale-down-delay-after-add: - description: |- - ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. - type: string - scale-down-delay-after-delete: - description: |- - ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of - time other than minutes (m) is supported. - type: string - scale-down-delay-after-failure: - description: |- - ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. - type: string - scale-down-unneeded-time: - description: |- - ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. - type: string - scale-down-unready-time: - description: |- - ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. - type: string - scale-down-utilization-threshold: - description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' - type: string - scan-interval: - description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' - type: string - skip-nodes-with-local-storage: - description: 'SkipNodesWithLocalStorage: The default is true.' - type: string - skip-nodes-with-system-pods: - description: 'SkipNodesWithSystemPods: The default is true.' - type: string - type: object - autoUpgradeProfile: - description: 'AutoUpgradeProfile: The auto upgrade configuration.' - properties: - nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: The default is Unmanaged, but may change to either NodeImage or SecurityPatch at GA.' - enum: - - NodeImage - - None - - SecurityPatch - - Unmanaged - type: string - upgradeChannel: - description: |- - UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade - channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). - enum: - - node-image - - none - - patch - - rapid - - stable - type: string - type: object - azureMonitorProfile: - description: 'AzureMonitorProfile: Prometheus addon profile for the container service cluster' - properties: - appMonitoring: - description: |- - AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics - and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - autoInstrumentation: - description: |- - AutoInstrumentation: Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook - to auto-instrument Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the - application. See aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - enabled: - description: 'Enabled: Indicates if Application Monitoring Auto Instrumentation is enabled or not.' - type: boolean - type: object - openTelemetryLogs: - description: |- - OpenTelemetryLogs: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and - Traces. Collects OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - enabled: - description: 'Enabled: Indicates if Application Monitoring Open Telemetry Logs and traces is enabled or not.' - type: boolean - port: - description: 'Port: The Open Telemetry host port for Open Telemetry logs and traces. If not specified, the default port is 28331.' - type: integer - type: object - openTelemetryMetrics: - description: |- - OpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container - Metrics. Collects OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - enabled: - description: 'Enabled: Indicates if Application Monitoring Open Telemetry Metrics is enabled or not.' - type: boolean - port: - description: 'Port: The Open Telemetry host port for Open Telemetry metrics. If not specified, the default port is 28333.' - type: integer - type: object - type: object - containerInsights: - description: |- - ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & - stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. - properties: - disableCustomMetrics: - description: |- - DisableCustomMetrics: Indicates whether custom metrics collection has to be disabled or not. If not specified the - default is false. No custom metrics will be emitted if this field is false but the container insights enabled field is - false - type: boolean - disablePrometheusMetricsScraping: - description: |- - DisablePrometheusMetricsScraping: Indicates whether prometheus metrics scraping is disabled or not. If not specified the - default is false. No prometheus metrics will be emitted if this field is false but the container insights enabled field - is false - type: boolean - enabled: - description: 'Enabled: Indicates if Azure Monitor Container Insights Logs Addon is enabled or not.' - type: boolean - logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing - Azure Monitor Container Insights Logs. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - syslogPort: - description: 'SyslogPort: The syslog host port. If not specified, the default port is 28330.' - type: integer - type: object - metrics: - description: 'Metrics: Metrics profile for the prometheus service addon' - properties: - enabled: - description: 'Enabled: Whether to enable the Prometheus collector' - type: boolean - kubeStateMetrics: - description: 'KubeStateMetrics: Kube State Metrics for prometheus addon profile for the container service cluster' - properties: - metricAnnotationsAllowList: - description: |- - MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric. - type: string - metricLabelsAllowlist: - description: |- - MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels - metric. - type: string - type: object - required: - - enabled - type: object - type: object - azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ - type: string - bootstrapProfile: - description: 'BootstrapProfile: Profile of the cluster bootstrap configuration.' - properties: - artifactSource: - description: 'ArtifactSource: The source where the artifacts are downloaded from.' - enum: - - Cache - - Direct - type: string - containerRegistryReference: - description: |- - ContainerRegistryReference: The resource Id of Azure Container Registry. The registry must have private network access, - premium SKU and zone redundancy. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a - snapshot. - properties: - sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - disableLocalAccounts: - description: |- - DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be - used on Managed Clusters that are AAD enabled. For more details see [disable local - accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). - type: boolean - diskEncryptionSetReference: - description: |- - DiskEncryptionSetReference: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - dnsPrefix: - description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' - type: string - enableNamespaceResources: - description: |- - EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed - cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as - a ARM Resource. - type: boolean - enablePodSecurityPolicy: - description: |- - EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was - deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and - https://aka.ms/aks/psp. - type: boolean - enableRBAC: - description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' - type: boolean - extendedLocation: - description: 'ExtendedLocation: The extended location of the Virtual Machine.' - properties: - name: - description: 'Name: The name of the extended location.' - type: string - type: - description: 'Type: The type of the extended location.' - enum: - - EdgeZone - type: string - type: object - fqdnSubdomain: - description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' - type: string - httpProxyConfig: - description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' - properties: - httpProxy: - description: 'HttpProxy: The HTTP proxy server endpoint to use.' - type: string - httpsProxy: - description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' - type: string - noProxy: - description: 'NoProxy: The endpoints that should not go through proxy.' - items: - type: string - type: array - trustedCa: - description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' - type: string - type: object - identity: - description: 'Identity: The identity of the managed cluster, if configured.' - properties: - delegatedResources: - additionalProperties: - description: Delegated resource properties - internal use only. - properties: - location: - description: 'Location: The source resource location - internal use only.' - type: string - referralResource: - description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' - type: string - resourceReference: - description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - tenantId: - description: 'TenantId: The tenant id of the delegated resource - internal use only.' - pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ - type: string - type: object - description: |- - DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another - Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. - type: object - type: - description: |- - Type: For more information see [use managed identities in - AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). - enum: - - None - - SystemAssigned - - UserAssigned - type: string - userAssignedIdentities: - description: |- - UserAssignedIdentities: The keys must be ARM resource IDs in the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. - items: - description: Information about the user assigned identity for the resource - properties: - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - type: object - identityProfile: - additionalProperties: - description: Details about a user assigned identity. - properties: - clientId: - description: 'ClientId: The client ID of the user assigned identity.' - type: string - objectId: - description: 'ObjectId: The object ID of the user assigned identity.' - type: string - resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - description: 'IdentityProfile: Identities associated with the cluster.' - type: object - ingressProfile: - description: 'IngressProfile: Ingress profile for the managed cluster.' - properties: - webAppRouting: - description: 'WebAppRouting: Web App Routing settings for the ingress profile.' - properties: - dnsZoneResourceReferences: - description: |- - DnsZoneResourceReferences: Resource IDs of the DNS zones to be associated with the Web App Routing add-on. Used only - when Web App Routing is enabled. Public and private DNS zones can be in different resource groups, but all public DNS - zones must be in the same resource group and all private DNS zones must be in the same resource group. - items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: array - enabled: - description: 'Enabled: Whether to enable Web App Routing.' - type: boolean - type: object - type: object - kind: - description: 'Kind: This is primarily used to expose different UI experiences in the portal for different kinds' - type: string - kubernetesVersion: - description: |- - KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades - must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> - 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS - cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. - type: string - linuxProfile: - description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' - properties: - adminUsername: - description: 'AdminUsername: The administrator username to use for Linux VMs.' - pattern: ^[A-Za-z][-A-Za-z0-9_]*$ - type: string - ssh: - description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' - properties: - publicKeys: - description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' - items: - description: Contains information about SSH certificate public key data. - properties: - keyData: - description: |- - KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or - without headers. - type: string - required: - - keyData - type: object - type: array - required: - - publicKeys - type: object - required: - - adminUsername - - ssh - type: object - location: - description: 'Location: The geo-location where the resource lives' - type: string - metricsProfile: - description: 'MetricsProfile: Optional cluster metrics configuration.' - properties: - costAnalysis: - description: 'CostAnalysis: The cost analysis configuration for the cluster' - properties: - enabled: - description: |- - Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will - add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the - default is false. For more information see aka.ms/aks/docs/cost-analysis. - type: boolean - type: object - type: object - networkProfile: - description: 'NetworkProfile: The network configuration profile.' - properties: - advancedNetworking: - description: |- - AdvancedNetworking: Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced - networking features may incur additional costs. For more information see aka.ms/aksadvancednetworking. - properties: - observability: - description: 'Observability: Observability profile to enable advanced network metrics and flow logs with historical contexts.' - properties: - enabled: - description: 'Enabled: Indicates the enablement of Advanced Networking observability functionalities on clusters.' - type: boolean - type: object - type: object - dnsServiceIP: - description: |- - DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address - range specified in serviceCidr. - pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ - type: string - ipFamilies: - description: |- - IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value - is IPv4. For dual-stack, the expected values are IPv4 and IPv6. - items: - description: To determine if address belongs IPv4 or IPv6 family. - enum: - - IPv4 - - IPv6 - type: string - type: array - kubeProxyConfig: - description: |- - KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy - defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ - where is represented by a - string. Kubernetes version 1.23 would be '1-23'. - properties: - enabled: - description: |- - Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by - default without these customizations). - type: boolean - ipvsConfig: - description: 'IpvsConfig: Holds configuration customizations for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' - properties: - scheduler: - description: 'Scheduler: IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html.' - enum: - - LeastConnection - - RoundRobin - type: string - tcpFinTimeoutSeconds: - description: |- - TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive - integer value. - type: integer - tcpTimeoutSeconds: - description: 'TcpTimeoutSeconds: The timeout value used for idle IPVS TCP sessions in seconds. Must be a positive integer value.' - type: integer - udpTimeoutSeconds: - description: 'UdpTimeoutSeconds: The timeout value used for IPVS UDP packets in seconds. Must be a positive integer value.' - type: integer - type: object - mode: - description: 'Mode: Specify which proxy mode to use (''IPTABLES'' or ''IPVS'')' - enum: - - IPTABLES - - IPVS - type: string - type: object - loadBalancerProfile: - description: 'LoadBalancerProfile: Profile of the cluster load balancer.' - properties: - allocatedOutboundPorts: - description: |- - AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 - (inclusive). The default value is 0 which results in Azure dynamically allocating ports. - maximum: 64000 - minimum: 0 - type: integer - backendPoolType: - description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' - enum: - - NodeIP - - NodeIPConfiguration - type: string - clusterServiceLoadBalancerHealthProbeMode: - description: 'ClusterServiceLoadBalancerHealthProbeMode: The health probing behavior for External Traffic Policy Cluster services.' - enum: - - ServiceNodePort - - Shared - type: string - effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' - items: - description: A reference to an Azure resource. - properties: - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - enableMultipleStandardLoadBalancers: - description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' - type: boolean - idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 30 minutes. - maximum: 120 - minimum: 4 - type: integer - managedOutboundIPs: - description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' - properties: - count: - description: |- - Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values - must be in the range of 1 to 100 (inclusive). The default value is 1. - maximum: 100 - minimum: 1 - type: integer - countIPv6: - description: |- - CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed - values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. - maximum: 100 - minimum: 0 - type: integer - type: object - outboundIPPrefixes: - description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' - properties: - publicIPPrefixes: - description: 'PublicIPPrefixes: A list of public IP prefix resources.' - items: - description: A reference to an Azure resource. - properties: - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - type: object - outboundIPs: - description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' - properties: - publicIPs: - description: 'PublicIPs: A list of public IP resources.' - items: - description: A reference to an Azure resource. - properties: - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - type: object - type: object - loadBalancerSku: - description: |- - LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer - SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load - balancer SKUs. - enum: - - basic - - standard - type: string - natGatewayProfile: - description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' - properties: - effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' - items: - description: A reference to an Azure resource. - properties: - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 4 minutes. - maximum: 120 - minimum: 4 - type: integer - managedOutboundIPProfile: - description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' - properties: - count: - description: |- - Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 - (inclusive). The default value is 1. - maximum: 16 - minimum: 1 - type: integer - type: object - type: object - networkDataplane: - description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' - enum: - - azure - - cilium - type: string - networkMode: - description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' - enum: - - bridge - - transparent - type: string - networkPlugin: - description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' - enum: - - azure - - kubenet - - none - type: string - networkPluginMode: - description: 'NetworkPluginMode: Network plugin mode used for building the Kubernetes network.' - enum: - - overlay - type: string - networkPolicy: - description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' - enum: - - azure - - calico - - cilium - - none - type: string - outboundType: - description: |- - OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see - [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). - enum: - - loadBalancer - - managedNATGateway - - none - - userAssignedNATGateway - - userDefinedRouting - type: string - podCidr: - description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ - type: string - podCidrs: - description: |- - PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. - items: - type: string - type: array - podLinkLocalAccess: - description: |- - PodLinkLocalAccess: Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods - with hostNetwork=false. if not specified, the default is 'IMDS'. - enum: - - IMDS - - None - type: string - serviceCidr: - description: |- - ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP - ranges. - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ - type: string - serviceCidrs: - description: |- - ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. They must not overlap with any Subnet IP ranges. - items: - type: string - type: array - staticEgressGatewayProfile: - description: |- - StaticEgressGatewayProfile: The profile for Static Egress Gateway addon. For more details about Static Egress Gateway, - see https://aka.ms/aks/static-egress-gateway. - properties: - enabled: - description: 'Enabled: Indicates if Static Egress Gateway addon is enabled or not.' - type: boolean - type: object - type: object - nodeProvisioningProfile: - description: 'NodeProvisioningProfile: Node provisioning settings that apply to the whole cluster.' - properties: - mode: - description: 'Mode: Once the mode it set to Auto, it cannot be changed back to Manual.' - enum: - - Auto - - Manual - type: string - type: object - nodeResourceGroup: - description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' - type: string - nodeResourceGroupProfile: - description: 'NodeResourceGroupProfile: The node resource group configuration profile.' - properties: - restrictionLevel: - description: 'RestrictionLevel: The restriction level applied to the cluster''s node resource group' - enum: - - ReadOnly - - Unrestricted - type: string - type: object - oidcIssuerProfile: - description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' - properties: - enabled: - description: 'Enabled: Whether the OIDC issuer is enabled.' - type: boolean - type: object - operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure - properties: - configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' - properties: - oidcIssuerProfile: - description: |- - OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be - created. - properties: - key: - description: Key is the key in the ConfigMap being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes ConfigMap being referenced. - The ConfigMap must be in the same namespace as the resource - type: string - required: - - key - - name - type: object - type: object - secrets: - description: 'Secrets: configures where to place Azure generated secrets.' - properties: - adminCredentials: - description: |- - AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object - userCredentials: - description: |- - UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object - type: object - type: object - owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource - properties: - armId: - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - name: - description: This is the name of the Kubernetes resource to reference. - type: string - type: object - podIdentityProfile: - description: |- - PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more - details on AAD pod identity integration. - properties: - allowNetworkPluginKubenet: - description: |- - AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod - Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod - Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) - for more information. - type: boolean - enabled: - description: 'Enabled: Whether the pod identity addon is enabled.' - type: boolean - userAssignedIdentities: - description: 'UserAssignedIdentities: The pod identities to use in the cluster.' - items: - description: Details about the pod identity assigned to the Managed Cluster. - properties: - bindingSelector: - description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' - type: string - identity: - description: 'Identity: The user assigned identity details.' - properties: - clientId: - description: 'ClientId: The client ID of the user assigned identity.' - type: string - objectId: - description: 'ObjectId: The object ID of the user assigned identity.' - type: string - resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - name: - description: 'Name: The name of the pod identity.' - type: string - namespace: - description: 'Namespace: The namespace of the pod identity.' - type: string - required: - - identity - - name - - namespace - type: object - type: array - userAssignedIdentityExceptions: - description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' - items: - description: |- - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. - properties: - name: - description: 'Name: The name of the pod identity exception.' - type: string - namespace: - description: 'Namespace: The namespace of the pod identity exception.' - type: string - podLabels: - additionalProperties: - type: string - description: 'PodLabels: The pod labels to match.' - type: object - required: - - name - - namespace - - podLabels - type: object - type: array - type: object - privateLinkResources: - description: 'PrivateLinkResources: Private link resources associated with the cluster.' - items: - description: A private link resource - properties: - groupId: - description: 'GroupId: The group ID of the resource.' - type: string - name: - description: 'Name: The name of the private link resource.' - type: string - reference: - description: 'Reference: The ID of the private link resource.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - requiredMembers: - description: 'RequiredMembers: The RequiredMembers of the resource' - items: - type: string - type: array - type: - description: 'Type: The resource type.' - type: string - type: object - type: array - publicNetworkAccess: - description: 'PublicNetworkAccess: Allow or deny public network access for AKS' - enum: - - Disabled - - Enabled - - SecuredByPerimeter - type: string - safeguardsProfile: - description: 'SafeguardsProfile: The Safeguards profile holds all the safeguards information for a given cluster' - properties: - excludedNamespaces: - description: 'ExcludedNamespaces: List of namespaces excluded from Safeguards checks' - items: - type: string - type: array - level: - description: |- - Level: The Safeguards level to be used. By default, Safeguards is enabled for all namespaces except those that AKS - excludes via systemExcludedNamespaces - enum: - - Enforcement - - "Off" - - Warning - type: string - version: - description: 'Version: The version of constraints to use' - type: string - required: - - level - type: object - securityProfile: - description: 'SecurityProfile: Security profile for the managed cluster.' - properties: - azureKeyVaultKms: - description: |- - AzureKeyVaultKms: Azure Key Vault [key management - service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. - properties: - enabled: - description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' - type: boolean - keyId: - description: |- - KeyId: Identifier of Azure Key Vault key. See [key identifier - format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) - for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key - identifier. When Azure Key Vault key management service is disabled, leave the field empty. - type: string - keyVaultNetworkAccess: - description: |- - KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the - key vault allows public access from all networks. `Private` means the key vault disables public access and enables - private link. The default value is `Public`. - enum: - - Private - - Public - type: string - keyVaultResourceReference: - description: |- - KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and - must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - customCATrustCertificates: - description: |- - CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the - Custom CA Trust feature enabled. For more information see [Custom CA Trust - Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) - items: - type: string - maxItems: 10 - minItems: 0 - type: array - defender: - description: 'Defender: Microsoft Defender settings for the security profile.' - properties: - logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft - Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When - Microsoft Defender is disabled, leave the field empty. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - securityMonitoring: - description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' - properties: - enabled: - description: 'Enabled: Whether to enable Defender threat detection' - type: boolean - type: object - type: object - imageCleaner: - description: 'ImageCleaner: Image Cleaner settings for the security profile.' - properties: - enabled: - description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' - type: boolean - intervalHours: - description: 'IntervalHours: Image Cleaner scanning interval in hours.' - type: integer - type: object - imageIntegrity: - description: |- - ImageIntegrity: Image integrity is a feature that works with Azure Policy to verify image integrity by signature. This - will not have any effect unless Azure Policy is applied to enforce image signatures. See - https://aka.ms/aks/image-integrity for how to use this feature via policy. - properties: - enabled: - description: 'Enabled: Whether to enable image integrity. The default value is false.' - type: boolean - type: object - nodeRestriction: - description: |- - NodeRestriction: [Node - Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings - for the security profile. - properties: - enabled: - description: 'Enabled: Whether to enable Node Restriction' - type: boolean - type: object - workloadIdentity: - description: |- - WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications - to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. - properties: - enabled: - description: 'Enabled: Whether to enable workload identity.' - type: boolean - type: object - type: object - serviceMeshProfile: - description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' - properties: - istio: - description: 'Istio: Istio service mesh configuration.' - properties: - certificateAuthority: - description: |- - CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin - certificates as described here https://aka.ms/asm-plugin-ca - properties: - plugin: - description: 'Plugin: Plugin certificates information for Service Mesh.' - properties: - certChainObjectName: - description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' - type: string - certObjectName: - description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' - type: string - keyObjectName: - description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' - type: string - keyVaultReference: - description: 'KeyVaultReference: The resource ID of the Key Vault.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - rootCertObjectName: - description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' - type: string - type: object - type: object - components: - description: 'Components: Istio components configuration.' - properties: - egressGateways: - description: 'EgressGateways: Istio egress gateways.' - items: - description: Istio egress gateway configuration. - properties: - enabled: - description: 'Enabled: Whether to enable the egress gateway.' - type: boolean - required: - - enabled - type: object - type: array - ingressGateways: - description: 'IngressGateways: Istio ingress gateways.' - items: - description: |- - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. - properties: - enabled: - description: 'Enabled: Whether to enable the ingress gateway.' - type: boolean - mode: - description: 'Mode: Mode of an ingress gateway.' - enum: - - External - - Internal - type: string - required: - - enabled - - mode - type: object - type: array - type: object - revisions: - description: |- - Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. - When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: - https://learn.microsoft.com/en-us/azure/aks/istio-upgrade - items: - type: string - maxItems: 2 - type: array - type: object - mode: - description: 'Mode: Mode of the service mesh.' - enum: - - Disabled - - Istio - type: string - required: - - mode - type: object - servicePrincipalProfile: - description: |- - ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure - APIs. - properties: - clientId: - description: 'ClientId: The ID for the service principal.' - type: string - secret: - description: 'Secret: The secret password associated with the service principal in plain text.' - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object - required: - - clientId - type: object - sku: - description: 'Sku: The managed cluster SKU.' - properties: - name: - description: 'Name: The name of a managed cluster SKU.' - enum: - - Automatic - - Base - type: string - tier: - description: |- - Tier: If not specified, the default is 'Free'. See [AKS Pricing - Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. - enum: - - Free - - Premium - - Standard - type: string - type: object - storageProfile: - description: 'StorageProfile: Storage profile for the managed cluster.' - properties: - blobCSIDriver: - description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' - properties: - enabled: - description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' - type: boolean - type: object - diskCSIDriver: - description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' - properties: - enabled: - description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' - type: boolean - version: - description: 'Version: The version of AzureDisk CSI Driver. The default value is v1.' - type: string - type: object - fileCSIDriver: - description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' - properties: - enabled: - description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' - type: boolean - type: object - snapshotController: - description: 'SnapshotController: Snapshot Controller settings for the storage profile.' - properties: - enabled: - description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' - type: boolean - type: object - type: object - supportPlan: - description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' - enum: - - AKSLongTermSupport - - KubernetesOfficial - type: string - tags: - additionalProperties: - type: string - description: 'Tags: Resource tags.' - type: object - upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading a cluster.' - properties: - overrideSettings: - description: 'OverrideSettings: Settings for overrides.' - properties: - forceUpgrade: - description: |- - ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade - protections such as checking for deprecated API usage. Enable this option only with caution. - type: boolean - until: - description: |- - Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the - effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set - by default. It must be set for the overrides to take effect. - type: string - type: object - type: object - windowsProfile: - description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' - properties: - adminPassword: - description: |- - AdminPassword: Specifies the password of the administrator account. - Minimum-length: 8 characters - Max-length: 123 characters - Complexity requirements: 3 out of 4 conditions below need to be fulfilled - Has lower characters - Has upper characters - Has a digit - Has a special character (Regex match [\W_]) - Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", - "Password22", "iloveyou!" - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object - adminUsername: - description: |- - AdminUsername: Specifies the name of the administrator account. - Restriction: Cannot end in "." - Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", - "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", - "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". - Minimum-length: 1 character - Max-length: 20 characters - type: string - enableCSIProxy: - description: |- - EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub - repo](https://github.com/kubernetes-csi/csi-proxy). - type: boolean - gmsaProfile: - description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' - properties: - dnsServer: - description: |- - DnsServer: Specifies the DNS server for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. - type: string - enabled: - description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' - type: boolean - rootDomainName: - description: |- - RootDomainName: Specifies the root domain name for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. - type: string - type: object - licenseType: - description: |- - LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User - Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. - enum: - - None - - Windows_Server - type: string - required: - - adminUsername - type: object - workloadAutoScalerProfile: - description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' - properties: - keda: - description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' - properties: - enabled: - description: 'Enabled: Whether to enable KEDA.' - type: boolean - required: - - enabled - type: object - verticalPodAutoscaler: - properties: - addonAutoscaling: - description: 'AddonAutoscaling: Whether VPA add-on is enabled and configured to scale AKS-managed add-ons.' - enum: - - Disabled - - Enabled - type: string - enabled: - description: 'Enabled: Whether to enable VPA add-on in cluster. Default value is false.' - type: boolean - required: - - enabled - type: object - type: object - required: - - location - - owner - type: object - status: - description: Managed cluster. - properties: - aadProfile: - description: 'AadProfile: The Azure Active Directory configuration.' - properties: - adminGroupObjectIDs: - description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' - items: - type: string - type: array - clientAppID: - description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' - type: string - enableAzureRBAC: - description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' - type: boolean - managed: - description: 'Managed: Whether to enable managed AAD.' - type: boolean - serverAppID: - description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' - type: string - serverAppSecret: - description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' - type: string - tenantID: - description: |- - TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment - subscription. - type: string - type: object - addonProfiles: - additionalProperties: - description: A Kubernetes add-on profile for a managed cluster. - properties: - config: - additionalProperties: - type: string - description: 'Config: Key-value pairs for configuring an add-on.' - type: object - enabled: - description: 'Enabled: Whether the add-on is enabled or not.' - type: boolean - identity: - description: 'Identity: Information of user assigned identity used by this add-on.' - properties: - clientId: - description: 'ClientId: The client ID of the user assigned identity.' - type: string - objectId: - description: 'ObjectId: The object ID of the user assigned identity.' - type: string - resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' - type: string - type: object - type: object - description: 'AddonProfiles: The profile of managed cluster add-on.' - type: object - agentPoolProfiles: - description: 'AgentPoolProfiles: The agent pool properties.' - items: - description: Profile for the container service agent pool. - properties: - artifactStreamingProfile: - description: 'ArtifactStreamingProfile: Configuration for using artifact streaming on AKS.' - properties: - enabled: - description: |- - Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use - this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. - type: boolean - type: object - availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. - items: - type: string - type: array - capacityReservationGroupID: - description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' - type: string - count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. - type: integer - creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. - properties: - sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' - type: string - type: object - currentOrchestratorVersion: - description: |- - CurrentOrchestratorVersion: If orchestratorVersion was a fully specified version , this field will be - exactly equal to it. If orchestratorVersion was , this field will contain the full - version being used. - type: string - eTag: - description: |- - ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is - updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic - concurrency per the normal etag convention. - type: string - enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' - type: boolean - enableCustomCATrust: - description: |- - EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a - daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded - certificates into node trust stores. Defaults to false. - type: boolean - enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption - type: boolean - enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. - type: boolean - enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. - type: boolean - enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' - type: boolean - gatewayProfile: - description: |- - GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is - not Gateway. - properties: - publicIPPrefixSize: - description: |- - PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide - public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with - one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure - public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 - nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. - type: integer - type: object - gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' - type: string - gpuProfile: - description: 'GpuProfile: The GPU settings of an agent pool.' - properties: - installGPUDriver: - description: |- - InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU - Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents - automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver - installation themselves. - type: boolean - type: object - hostGroupID: - description: |- - HostGroupID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). - type: string - kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' - properties: - allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' - items: - type: string - type: array - containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. - type: integer - containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' - type: integer - cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' - type: boolean - cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. - type: string - cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. - type: string - failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' - type: boolean - imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' - type: integer - imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' - type: integer - podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' - type: integer - topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. - type: string - type: object - kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. - type: string - linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' - properties: - swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' - type: integer - sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' - properties: - fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' - type: integer - fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' - type: integer - fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' - type: integer - fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' - type: integer - kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' - type: integer - netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' - type: integer - netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' - type: integer - netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' - type: integer - netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' - type: integer - netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' - type: integer - netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' - type: integer - netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' - type: integer - netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' - type: string - netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' - type: integer - netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' - type: integer - netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' - type: integer - netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' - type: integer - netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' - type: integer - netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' - type: integer - netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' - type: integer - netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' - type: integer - netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' - type: boolean - netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' - type: integer - netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' - type: integer - netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' - type: integer - vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' - type: integer - vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' - type: integer - vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' - type: integer - type: object - transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). - type: string - transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). - type: string - type: object - maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' - type: integer - maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' - type: integer - messageOfTheDay: - description: |- - MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of - the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., - will be printed raw and not be executed as a script). - type: string - minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' - type: integer - mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools - type: string - name: - description: 'Name: Windows agent pool names must be 6 characters or less.' - type: string - networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' - properties: - allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' - items: - description: The port range. - properties: - portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. - type: integer - portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. - type: integer - protocol: - description: 'Protocol: The network protocol of the port.' - type: string - type: object - type: array - applicationSecurityGroups: - description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' - items: - type: string - type: array - nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' - items: - description: Contains the IPTag associated with the object. - properties: - ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' - type: string - tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' - type: string - type: object - type: array - type: object - nodeImageVersion: - description: 'NodeImageVersion: The version of node image' - type: string - nodeInitializationTaints: - description: |- - NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field - can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that - requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the - node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint - nodes node1 key1=value1:NoSchedule-` - items: - type: string - type: array - nodeLabels: - additionalProperties: - type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' - type: object - nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} - type: string - nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' - items: - type: string - type: array - orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version and are supported. When is - specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same - once it has been created will not trigger an upgrade, even if a newer patch version is available. As a - best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version - must have the same major version as the control plane. The node pool minor version must be within two minor versions of - the control plane version. The node pool version cannot be greater than the control plane version. For more information - see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). - type: string - osDiskSizeGB: - type: integer - osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). - type: string - osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or - Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is - deprecated. - type: string - osType: - description: 'OsType: The operating system type. The default is Linux.' - type: string - podIPAllocationMode: - description: |- - PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is - 'DynamicIndividual'. - type: string - podSubnetID: - description: |- - PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is - of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - type: string - powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded - properties: - code: - description: 'Code: Tells whether the cluster is Running or Stopped' - type: string - type: object - provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' - type: string - proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' - type: string - scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' - type: string - scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. - type: string - scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' - type: string - securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' - properties: - enableSecureBoot: - description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. - type: boolean - enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. - type: boolean - sshAccess: - description: 'SshAccess: SSH access method of an agent pool.' - type: string - type: object - spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) - type: number - tags: - additionalProperties: - type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' - type: object - type: - description: 'Type: The type of Agent Pool.' - type: string - upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' - properties: - drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. - type: integer - maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade - type: string - nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. - type: integer - undrainableNodeBehavior: - description: |- - UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable - nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the - remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. - type: string - type: object - virtualMachineNodesStatus: - items: - description: Current status on a group of nodes of the same vm size. - properties: - count: - description: 'Count: Number of nodes.' - type: integer - size: - description: 'Size: The VM size of the agents used to host this group of nodes.' - type: string - type: object - type: array - virtualMachinesProfile: - description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' - properties: - scale: - description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' - properties: - autoscale: - description: |- - Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, - at most one AutoScaleProfile is allowed. - items: - description: Specifications on auto-scaling. - properties: - maxCount: - description: 'MaxCount: The maximum number of nodes of the specified sizes.' - type: integer - minCount: - description: 'MinCount: The minimum number of nodes of the specified sizes.' - type: integer - sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS - will use the next size. - items: - type: string - type: array - type: object - type: array - manual: - description: |- - Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size. Currently, at most one - ManualScaleProfile is allowed. - items: - description: Specifications on number of machines. - properties: - count: - description: 'Count: Number of nodes.' - type: integer - sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will - use the next size. - items: - type: string - type: array - type: object - type: array - type: object - type: object - vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions - type: string - vnetSubnetID: - description: |- - VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, - this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - type: string - windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' - properties: - disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. - type: boolean - type: object - workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' - type: string - type: object - type: array - aiToolchainOperatorProfile: - description: 'AiToolchainOperatorProfile: AI toolchain operator settings that apply to the whole cluster.' - properties: - enabled: - description: 'Enabled: Indicates if AI toolchain operator enabled or not.' - type: boolean - type: object - apiServerAccessProfile: - description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' - properties: - authorizedIPRanges: - description: |- - AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with - clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API - server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). - items: - type: string - type: array - disableRunCommand: - description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' - type: boolean - enablePrivateCluster: - description: |- - EnablePrivateCluster: For more details, see [Creating a private AKS - cluster](https://docs.microsoft.com/azure/aks/private-clusters). - type: boolean - enablePrivateClusterPublicFQDN: - description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' - type: boolean - enableVnetIntegration: - description: 'EnableVnetIntegration: Whether to enable apiserver vnet integration for the cluster or not.' - type: boolean - privateDNSZone: - description: |- - PrivateDNSZone: The default is System. For more details see [configure private DNS - zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and - 'none'. - type: string - subnetId: - description: |- - SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable - apiserver vnet integration. - type: string - type: object - autoScalerProfile: - description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' - properties: - balance-similar-node-groups: - description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' - type: string - daemonset-eviction-for-empty-nodes: - description: |- - DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the - node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be - deleted without ensuring that daemonset pods are deleted or evicted. - type: boolean - daemonset-eviction-for-occupied-nodes: - description: |- - DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion - of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node - will be deleted without ensuring that daemonset pods are deleted or evicted. - type: boolean - expander: - description: 'Expander: Available values are: ''least-waste'', ''most-pods'', ''priority'', ''random''.' - type: string - ignore-daemonsets-utilization: - description: |- - IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making - scaling down decisions. - type: boolean - max-empty-bulk-delete: - description: 'MaxEmptyBulkDelete: The default is 10.' - type: string - max-graceful-termination-sec: - description: 'MaxGracefulTerminationSec: The default is 600.' - type: string - max-node-provision-time: - description: |- - MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. - type: string - max-total-unready-percentage: - description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' - type: string - new-pod-scale-up-delay: - description: |- - NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler - could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is - '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). - type: string - ok-total-unready-count: - description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' - type: string - scale-down-delay-after-add: - description: |- - ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. - type: string - scale-down-delay-after-delete: - description: |- - ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of - time other than minutes (m) is supported. - type: string - scale-down-delay-after-failure: - description: |- - ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. - type: string - scale-down-unneeded-time: - description: |- - ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. - type: string - scale-down-unready-time: - description: |- - ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. - type: string - scale-down-utilization-threshold: - description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' - type: string - scan-interval: - description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' - type: string - skip-nodes-with-local-storage: - description: 'SkipNodesWithLocalStorage: The default is true.' - type: string - skip-nodes-with-system-pods: - description: 'SkipNodesWithSystemPods: The default is true.' - type: string - type: object - autoUpgradeProfile: - description: 'AutoUpgradeProfile: The auto upgrade configuration.' - properties: - nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: The default is Unmanaged, but may change to either NodeImage or SecurityPatch at GA.' - type: string - upgradeChannel: - description: |- - UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade - channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). - type: string - type: object - azureMonitorProfile: - description: 'AzureMonitorProfile: Prometheus addon profile for the container service cluster' - properties: - appMonitoring: - description: |- - AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics - and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - autoInstrumentation: - description: |- - AutoInstrumentation: Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook - to auto-instrument Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the - application. See aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - enabled: - description: 'Enabled: Indicates if Application Monitoring Auto Instrumentation is enabled or not.' - type: boolean - type: object - openTelemetryLogs: - description: |- - OpenTelemetryLogs: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and - Traces. Collects OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - enabled: - description: 'Enabled: Indicates if Application Monitoring Open Telemetry Logs and traces is enabled or not.' - type: boolean - port: - description: 'Port: The Open Telemetry host port for Open Telemetry logs and traces. If not specified, the default port is 28331.' - type: integer - type: object - openTelemetryMetrics: - description: |- - OpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container - Metrics. Collects OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - enabled: - description: 'Enabled: Indicates if Application Monitoring Open Telemetry Metrics is enabled or not.' - type: boolean - port: - description: 'Port: The Open Telemetry host port for Open Telemetry metrics. If not specified, the default port is 28333.' - type: integer - type: object - type: object - containerInsights: - description: |- - ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & - stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. - properties: - disableCustomMetrics: - description: |- - DisableCustomMetrics: Indicates whether custom metrics collection has to be disabled or not. If not specified the - default is false. No custom metrics will be emitted if this field is false but the container insights enabled field is - false - type: boolean - disablePrometheusMetricsScraping: - description: |- - DisablePrometheusMetricsScraping: Indicates whether prometheus metrics scraping is disabled or not. If not specified the - default is false. No prometheus metrics will be emitted if this field is false but the container insights enabled field - is false - type: boolean - enabled: - description: 'Enabled: Indicates if Azure Monitor Container Insights Logs Addon is enabled or not.' - type: boolean - logAnalyticsWorkspaceResourceId: - description: |- - LogAnalyticsWorkspaceResourceId: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing Azure - Monitor Container Insights Logs. - type: string - syslogPort: - description: 'SyslogPort: The syslog host port. If not specified, the default port is 28330.' - type: integer - type: object - metrics: - description: 'Metrics: Metrics profile for the prometheus service addon' - properties: - enabled: - description: 'Enabled: Whether to enable the Prometheus collector' - type: boolean - kubeStateMetrics: - description: 'KubeStateMetrics: Kube State Metrics for prometheus addon profile for the container service cluster' - properties: - metricAnnotationsAllowList: - description: |- - MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric. - type: string - metricLabelsAllowlist: - description: |- - MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels - metric. - type: string - type: object - type: object - type: object - azurePortalFQDN: - description: |- - AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some - responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure - Portal to function properly. - type: string - bootstrapProfile: - description: 'BootstrapProfile: Profile of the cluster bootstrap configuration.' - properties: - artifactSource: - description: 'ArtifactSource: The source where the artifacts are downloaded from.' - type: string - containerRegistryId: - description: |- - ContainerRegistryId: The resource Id of Azure Container Registry. The registry must have private network access, premium - SKU and zone redundancy. - type: string - type: object - conditions: - description: 'Conditions: The observed state of the resource' - items: - description: Condition defines an extension to status (an observation) of a resource - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human readable message indicating details about the transition. This field may be empty. - type: string - observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. - type: string - severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown - type: string - status: - description: Status of the condition, one of True, False, or Unknown. - type: string - type: - description: Type of condition. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a - snapshot. - properties: - sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' - type: string - type: object - currentKubernetesVersion: - description: 'CurrentKubernetesVersion: The version of Kubernetes the Managed Cluster is running.' - type: string - disableLocalAccounts: - description: |- - DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be - used on Managed Clusters that are AAD enabled. For more details see [disable local - accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). - type: boolean - diskEncryptionSetID: - description: |- - DiskEncryptionSetID: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' - type: string - dnsPrefix: - description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' - type: string - eTag: - description: |- - ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is - updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic - concurrency per the normal etag convention. - type: string - enableNamespaceResources: - description: |- - EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed - cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as - a ARM Resource. - type: boolean - enablePodSecurityPolicy: - description: |- - EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was - deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and - https://aka.ms/aks/psp. - type: boolean - enableRBAC: - description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' - type: boolean - extendedLocation: - description: 'ExtendedLocation: The extended location of the Virtual Machine.' - properties: - name: - description: 'Name: The name of the extended location.' - type: string - type: - description: 'Type: The type of the extended location.' - type: string - type: object - fqdn: - description: 'Fqdn: The FQDN of the master pool.' - type: string - fqdnSubdomain: - description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' - type: string - httpProxyConfig: - description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' - properties: - effectiveNoProxy: - description: |- - EffectiveNoProxy: A read-only list of all endpoints for which traffic should not be sent to the proxy. This list is a - superset of noProxy and values injected by AKS. - items: - type: string - type: array - httpProxy: - description: 'HttpProxy: The HTTP proxy server endpoint to use.' - type: string - httpsProxy: - description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' - type: string - noProxy: - description: 'NoProxy: The endpoints that should not go through proxy.' - items: - type: string - type: array - trustedCa: - description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' - type: string - type: object - id: - description: |- - Id: Fully qualified resource ID for the resource. E.g. - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" - type: string - identity: - description: 'Identity: The identity of the managed cluster, if configured.' - properties: - delegatedResources: - additionalProperties: - description: Delegated resource properties - internal use only. - properties: - location: - description: 'Location: The source resource location - internal use only.' - type: string - referralResource: - description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' - type: string - resourceId: - description: 'ResourceId: The ARM resource id of the delegated resource - internal use only.' - type: string - tenantId: - description: 'TenantId: The tenant id of the delegated resource - internal use only.' - type: string - type: object - description: |- - DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another - Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. - type: object - principalId: - description: 'PrincipalId: The principal id of the system assigned identity which is used by master components.' - type: string - tenantId: - description: 'TenantId: The tenant id of the system assigned identity which is used by master components.' - type: string - type: - description: |- - Type: For more information see [use managed identities in - AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). - type: string - userAssignedIdentities: - additionalProperties: - properties: - clientId: - description: 'ClientId: The client id of user assigned identity.' - type: string - principalId: - description: 'PrincipalId: The principal id of user assigned identity.' - type: string - type: object - description: |- - UserAssignedIdentities: The keys must be ARM resource IDs in the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. - type: object - type: object - identityProfile: - additionalProperties: - description: Details about a user assigned identity. - properties: - clientId: - description: 'ClientId: The client ID of the user assigned identity.' - type: string - objectId: - description: 'ObjectId: The object ID of the user assigned identity.' - type: string - resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' - type: string - type: object - description: 'IdentityProfile: Identities associated with the cluster.' - type: object - ingressProfile: - description: 'IngressProfile: Ingress profile for the managed cluster.' - properties: - webAppRouting: - description: 'WebAppRouting: Web App Routing settings for the ingress profile.' - properties: - dnsZoneResourceIds: - description: |- - DnsZoneResourceIds: Resource IDs of the DNS zones to be associated with the Web App Routing add-on. Used only when Web - App Routing is enabled. Public and private DNS zones can be in different resource groups, but all public DNS zones must - be in the same resource group and all private DNS zones must be in the same resource group. - items: - type: string - type: array - enabled: - description: 'Enabled: Whether to enable Web App Routing.' - type: boolean - identity: - description: |- - Identity: Managed identity of the Web Application Routing add-on. This is the identity that should be granted - permissions, for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See - [this overview of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) for more - instructions. - properties: - clientId: - description: 'ClientId: The client ID of the user assigned identity.' - type: string - objectId: - description: 'ObjectId: The object ID of the user assigned identity.' - type: string - resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' - type: string - type: object - type: object - type: object - kind: - description: 'Kind: This is primarily used to expose different UI experiences in the portal for different kinds' - type: string - kubernetesVersion: - description: |- - KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades - must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> - 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS - cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. - type: string - linuxProfile: - description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' - properties: - adminUsername: - description: 'AdminUsername: The administrator username to use for Linux VMs.' - type: string - ssh: - description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' - properties: - publicKeys: - description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' - items: - description: Contains information about SSH certificate public key data. - properties: - keyData: - description: |- - KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or - without headers. - type: string - type: object - type: array - type: object - type: object - location: - description: 'Location: The geo-location where the resource lives' - type: string - maxAgentPools: - description: 'MaxAgentPools: The max number of agent pools for the managed cluster.' - type: integer - metricsProfile: - description: 'MetricsProfile: Optional cluster metrics configuration.' - properties: - costAnalysis: - description: 'CostAnalysis: The cost analysis configuration for the cluster' - properties: - enabled: - description: |- - Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will - add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the - default is false. For more information see aka.ms/aks/docs/cost-analysis. - type: boolean - type: object - type: object - name: - description: 'Name: The name of the resource' - type: string - networkProfile: - description: 'NetworkProfile: The network configuration profile.' - properties: - advancedNetworking: - description: |- - AdvancedNetworking: Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced - networking features may incur additional costs. For more information see aka.ms/aksadvancednetworking. - properties: - observability: - description: 'Observability: Observability profile to enable advanced network metrics and flow logs with historical contexts.' - properties: - enabled: - description: 'Enabled: Indicates the enablement of Advanced Networking observability functionalities on clusters.' - type: boolean - type: object - type: object - dnsServiceIP: - description: |- - DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address - range specified in serviceCidr. - type: string - ipFamilies: - description: |- - IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value - is IPv4. For dual-stack, the expected values are IPv4 and IPv6. - items: - description: To determine if address belongs IPv4 or IPv6 family. - type: string - type: array - kubeProxyConfig: - description: |- - KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy - defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ - where is represented by a - string. Kubernetes version 1.23 would be '1-23'. - properties: - enabled: - description: |- - Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by - default without these customizations). - type: boolean - ipvsConfig: - description: 'IpvsConfig: Holds configuration customizations for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' - properties: - scheduler: - description: 'Scheduler: IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html.' - type: string - tcpFinTimeoutSeconds: - description: |- - TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive - integer value. - type: integer - tcpTimeoutSeconds: - description: 'TcpTimeoutSeconds: The timeout value used for idle IPVS TCP sessions in seconds. Must be a positive integer value.' - type: integer - udpTimeoutSeconds: - description: 'UdpTimeoutSeconds: The timeout value used for IPVS UDP packets in seconds. Must be a positive integer value.' - type: integer - type: object - mode: - description: 'Mode: Specify which proxy mode to use (''IPTABLES'' or ''IPVS'')' - type: string - type: object - loadBalancerProfile: - description: 'LoadBalancerProfile: Profile of the cluster load balancer.' - properties: - allocatedOutboundPorts: - description: |- - AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 - (inclusive). The default value is 0 which results in Azure dynamically allocating ports. - type: integer - backendPoolType: - description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' - type: string - clusterServiceLoadBalancerHealthProbeMode: - description: 'ClusterServiceLoadBalancerHealthProbeMode: The health probing behavior for External Traffic Policy Cluster services.' - type: string - effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' - items: - description: A reference to an Azure resource. - properties: - id: - description: 'Id: The fully qualified Azure resource id.' - type: string - type: object - type: array - enableMultipleStandardLoadBalancers: - description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' - type: boolean - idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 30 minutes. - type: integer - managedOutboundIPs: - description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' - properties: - count: - description: |- - Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values - must be in the range of 1 to 100 (inclusive). The default value is 1. - type: integer - countIPv6: - description: |- - CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed - values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. - type: integer - type: object - outboundIPPrefixes: - description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' - properties: - publicIPPrefixes: - description: 'PublicIPPrefixes: A list of public IP prefix resources.' - items: - description: A reference to an Azure resource. - properties: - id: - description: 'Id: The fully qualified Azure resource id.' - type: string - type: object - type: array - type: object - outboundIPs: - description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' - properties: - publicIPs: - description: 'PublicIPs: A list of public IP resources.' - items: - description: A reference to an Azure resource. - properties: - id: - description: 'Id: The fully qualified Azure resource id.' - type: string - type: object - type: array - type: object - type: object - loadBalancerSku: - description: |- - LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer - SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load - balancer SKUs. - type: string - natGatewayProfile: - description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' - properties: - effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' - items: - description: A reference to an Azure resource. - properties: - id: - description: 'Id: The fully qualified Azure resource id.' - type: string - type: object - type: array - idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 4 minutes. - type: integer - managedOutboundIPProfile: - description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' - properties: - count: - description: |- - Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 - (inclusive). The default value is 1. - type: integer - type: object - type: object - networkDataplane: - description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' - type: string - networkMode: - description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' - type: string - networkPlugin: - description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' - type: string - networkPluginMode: - description: 'NetworkPluginMode: Network plugin mode used for building the Kubernetes network.' - type: string - networkPolicy: - description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' - type: string - outboundType: - description: |- - OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see - [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). - type: string - podCidr: - description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' - type: string - podCidrs: - description: |- - PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. - items: - type: string - type: array - podLinkLocalAccess: - description: |- - PodLinkLocalAccess: Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods - with hostNetwork=false. if not specified, the default is 'IMDS'. - type: string - serviceCidr: - description: |- - ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP - ranges. - type: string - serviceCidrs: - description: |- - ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. They must not overlap with any Subnet IP ranges. - items: - type: string - type: array - staticEgressGatewayProfile: - description: |- - StaticEgressGatewayProfile: The profile for Static Egress Gateway addon. For more details about Static Egress Gateway, - see https://aka.ms/aks/static-egress-gateway. - properties: - enabled: - description: 'Enabled: Indicates if Static Egress Gateway addon is enabled or not.' - type: boolean - type: object - type: object - nodeProvisioningProfile: - description: 'NodeProvisioningProfile: Node provisioning settings that apply to the whole cluster.' - properties: - mode: - description: 'Mode: Once the mode it set to Auto, it cannot be changed back to Manual.' - type: string - type: object - nodeResourceGroup: - description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' - type: string - nodeResourceGroupProfile: - description: 'NodeResourceGroupProfile: The node resource group configuration profile.' - properties: - restrictionLevel: - description: 'RestrictionLevel: The restriction level applied to the cluster''s node resource group' - type: string - type: object - oidcIssuerProfile: - description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' - properties: - enabled: - description: 'Enabled: Whether the OIDC issuer is enabled.' - type: boolean - issuerURL: - description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' - type: string - type: object - podIdentityProfile: - description: |- - PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more - details on AAD pod identity integration. - properties: - allowNetworkPluginKubenet: - description: |- - AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod - Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod - Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) - for more information. - type: boolean - enabled: - description: 'Enabled: Whether the pod identity addon is enabled.' - type: boolean - userAssignedIdentities: - description: 'UserAssignedIdentities: The pod identities to use in the cluster.' - items: - description: Details about the pod identity assigned to the Managed Cluster. - properties: - bindingSelector: - description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' - type: string - identity: - description: 'Identity: The user assigned identity details.' - properties: - clientId: - description: 'ClientId: The client ID of the user assigned identity.' - type: string - objectId: - description: 'ObjectId: The object ID of the user assigned identity.' - type: string - resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' - type: string - type: object - name: - description: 'Name: The name of the pod identity.' - type: string - namespace: - description: 'Namespace: The namespace of the pod identity.' - type: string - provisioningInfo: - properties: - error: - description: 'Error: Pod identity assignment error (if any).' - properties: - error: - description: 'Error: Details about the error.' - properties: - code: - description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' - type: string - details: - description: 'Details: A list of additional details about the error.' - items: - properties: - code: - description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' - type: string - message: - description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' - type: string - target: - description: 'Target: The target of the particular error. For example, the name of the property in error.' - type: string - type: object - type: array - message: - description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' - type: string - target: - description: 'Target: The target of the particular error. For example, the name of the property in error.' - type: string - type: object - type: object - type: object - provisioningState: - description: 'ProvisioningState: The current provisioning state of the pod identity.' - type: string - type: object - type: array - userAssignedIdentityExceptions: - description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' - items: - description: |- - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. - properties: - name: - description: 'Name: The name of the pod identity exception.' - type: string - namespace: - description: 'Namespace: The namespace of the pod identity exception.' - type: string - podLabels: - additionalProperties: - type: string - description: 'PodLabels: The pod labels to match.' - type: object - type: object - type: array - type: object - powerState: - description: 'PowerState: The Power State of the cluster.' - properties: - code: - description: 'Code: Tells whether the cluster is Running or Stopped' - type: string - type: object - privateFQDN: - description: 'PrivateFQDN: The FQDN of private cluster.' - type: string - privateLinkResources: - description: 'PrivateLinkResources: Private link resources associated with the cluster.' - items: - description: A private link resource - properties: - groupId: - description: 'GroupId: The group ID of the resource.' - type: string - id: - description: 'Id: The ID of the private link resource.' - type: string - name: - description: 'Name: The name of the private link resource.' - type: string - privateLinkServiceID: - description: 'PrivateLinkServiceID: The private link service ID of the resource, this field is exposed only to NRP internally.' - type: string - requiredMembers: - description: 'RequiredMembers: The RequiredMembers of the resource' - items: - type: string - type: array - type: - description: 'Type: The resource type.' - type: string - type: object - type: array - provisioningState: - description: 'ProvisioningState: The current provisioning state.' - type: string - publicNetworkAccess: - description: 'PublicNetworkAccess: Allow or deny public network access for AKS' - type: string - resourceUID: - description: |- - ResourceUID: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create - sequence) - type: string - safeguardsProfile: - description: 'SafeguardsProfile: The Safeguards profile holds all the safeguards information for a given cluster' - properties: - excludedNamespaces: - description: 'ExcludedNamespaces: List of namespaces excluded from Safeguards checks' - items: - type: string - type: array - level: - description: |- - Level: The Safeguards level to be used. By default, Safeguards is enabled for all namespaces except those that AKS - excludes via systemExcludedNamespaces - type: string - systemExcludedNamespaces: - description: 'SystemExcludedNamespaces: List of namespaces specified by AKS to be excluded from Safeguards' - items: - type: string - type: array - version: - description: 'Version: The version of constraints to use' - type: string - type: object - securityProfile: - description: 'SecurityProfile: Security profile for the managed cluster.' - properties: - azureKeyVaultKms: - description: |- - AzureKeyVaultKms: Azure Key Vault [key management - service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. - properties: - enabled: - description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' - type: boolean - keyId: - description: |- - KeyId: Identifier of Azure Key Vault key. See [key identifier - format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) - for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key - identifier. When Azure Key Vault key management service is disabled, leave the field empty. - type: string - keyVaultNetworkAccess: - description: |- - KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the - key vault allows public access from all networks. `Private` means the key vault disables public access and enables - private link. The default value is `Public`. - type: string - keyVaultResourceId: - description: |- - KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must - be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. - type: string - type: object - customCATrustCertificates: - description: |- - CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the - Custom CA Trust feature enabled. For more information see [Custom CA Trust - Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) - items: - type: string - type: array - defender: - description: 'Defender: Microsoft Defender settings for the security profile.' - properties: - logAnalyticsWorkspaceResourceId: - description: |- - LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. - When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft - Defender is disabled, leave the field empty. - type: string - securityMonitoring: - description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' - properties: - enabled: - description: 'Enabled: Whether to enable Defender threat detection' - type: boolean - type: object - type: object - imageCleaner: - description: 'ImageCleaner: Image Cleaner settings for the security profile.' - properties: - enabled: - description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' - type: boolean - intervalHours: - description: 'IntervalHours: Image Cleaner scanning interval in hours.' - type: integer - type: object - imageIntegrity: - description: |- - ImageIntegrity: Image integrity is a feature that works with Azure Policy to verify image integrity by signature. This - will not have any effect unless Azure Policy is applied to enforce image signatures. See - https://aka.ms/aks/image-integrity for how to use this feature via policy. - properties: - enabled: - description: 'Enabled: Whether to enable image integrity. The default value is false.' - type: boolean - type: object - nodeRestriction: - description: |- - NodeRestriction: [Node - Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings - for the security profile. - properties: - enabled: - description: 'Enabled: Whether to enable Node Restriction' - type: boolean - type: object - workloadIdentity: - description: |- - WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications - to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. - properties: - enabled: - description: 'Enabled: Whether to enable workload identity.' - type: boolean - type: object - type: object - serviceMeshProfile: - description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' - properties: - istio: - description: 'Istio: Istio service mesh configuration.' - properties: - certificateAuthority: - description: |- - CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin - certificates as described here https://aka.ms/asm-plugin-ca - properties: - plugin: - description: 'Plugin: Plugin certificates information for Service Mesh.' - properties: - certChainObjectName: - description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' - type: string - certObjectName: - description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' - type: string - keyObjectName: - description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' - type: string - keyVaultId: - description: 'KeyVaultId: The resource ID of the Key Vault.' - type: string - rootCertObjectName: - description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' - type: string - type: object - type: object - components: - description: 'Components: Istio components configuration.' - properties: - egressGateways: - description: 'EgressGateways: Istio egress gateways.' - items: - description: Istio egress gateway configuration. - properties: - enabled: - description: 'Enabled: Whether to enable the egress gateway.' - type: boolean - type: object - type: array - ingressGateways: - description: 'IngressGateways: Istio ingress gateways.' - items: - description: |- - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. - properties: - enabled: - description: 'Enabled: Whether to enable the ingress gateway.' - type: boolean - mode: - description: 'Mode: Mode of an ingress gateway.' - type: string - type: object - type: array - type: object - revisions: - description: |- - Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. - When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: - https://learn.microsoft.com/en-us/azure/aks/istio-upgrade - items: - type: string - type: array - type: object - mode: - description: 'Mode: Mode of the service mesh.' - type: string - type: object - servicePrincipalProfile: - description: |- - ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure - APIs. - properties: - clientId: - description: 'ClientId: The ID for the service principal.' - type: string - type: object - sku: - description: 'Sku: The managed cluster SKU.' - properties: - name: - description: 'Name: The name of a managed cluster SKU.' - type: string - tier: - description: |- - Tier: If not specified, the default is 'Free'. See [AKS Pricing - Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. - type: string - type: object - storageProfile: - description: 'StorageProfile: Storage profile for the managed cluster.' - properties: - blobCSIDriver: - description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' - properties: - enabled: - description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' - type: boolean - type: object - diskCSIDriver: - description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' - properties: - enabled: - description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' - type: boolean - version: - description: 'Version: The version of AzureDisk CSI Driver. The default value is v1.' - type: string - type: object - fileCSIDriver: - description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' - properties: - enabled: - description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' - type: boolean - type: object - snapshotController: - description: 'SnapshotController: Snapshot Controller settings for the storage profile.' - properties: - enabled: - description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' - type: boolean - type: object - type: object - supportPlan: - description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' - type: string - systemData: - description: 'SystemData: Azure Resource Manager metadata containing createdBy and modifiedBy information.' - properties: - createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' - type: string - createdBy: - description: 'CreatedBy: The identity that created the resource.' - type: string - createdByType: - description: 'CreatedByType: The type of identity that created the resource.' - type: string - lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' - type: string - lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' - type: string - lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' - type: string - type: object - tags: - additionalProperties: - type: string - description: 'Tags: Resource tags.' - type: object - type: - description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"' - type: string - upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading a cluster.' - properties: - overrideSettings: - description: 'OverrideSettings: Settings for overrides.' - properties: - forceUpgrade: - description: |- - ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade - protections such as checking for deprecated API usage. Enable this option only with caution. - type: boolean - until: - description: |- - Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the - effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set - by default. It must be set for the overrides to take effect. - type: string - type: object - type: object - windowsProfile: - description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' - properties: - adminUsername: - description: |- - AdminUsername: Specifies the name of the administrator account. - Restriction: Cannot end in "." - Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", - "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", - "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". - Minimum-length: 1 character - Max-length: 20 characters - type: string - enableCSIProxy: - description: |- - EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub - repo](https://github.com/kubernetes-csi/csi-proxy). - type: boolean - gmsaProfile: - description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' - properties: - dnsServer: - description: |- - DnsServer: Specifies the DNS server for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. - type: string - enabled: - description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' - type: boolean - rootDomainName: - description: |- - RootDomainName: Specifies the root domain name for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. - type: string - type: object - licenseType: - description: |- - LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User - Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. - type: string - type: object - workloadAutoScalerProfile: - description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' - properties: - keda: - description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' - properties: - enabled: - description: 'Enabled: Whether to enable KEDA.' - type: boolean - type: object - verticalPodAutoscaler: - properties: - addonAutoscaling: - description: 'AddonAutoscaling: Whether VPA add-on is enabled and configured to scale AKS-managed add-ons.' - type: string - enabled: - description: 'Enabled: Whether to enable VPA add-on in cluster. Default value is false.' - type: boolean - type: object - type: object - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - type: string - name: v1api20240402previewstorage - schema: - openAPIV3Schema: - description: |- - Storage version of v1api20240402preview.ManagedCluster - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Storage version of v1api20240402preview.ManagedCluster_Spec - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - aadProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAADProfile - For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminGroupObjectIDs: - items: - type: string - type: array - clientAppID: - type: string - enableAzureRBAC: - type: boolean - managed: - type: boolean - serverAppID: - type: string - serverAppSecret: - type: string - tenantID: - type: string - type: object - addonProfiles: - additionalProperties: - description: |- - Storage version of v1api20240402preview.ManagedClusterAddonProfile - A Kubernetes add-on profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - config: - additionalProperties: - type: string - type: object - enabled: - type: boolean - type: object - type: object - agentPoolProfiles: - items: - description: |- - Storage version of v1api20240402preview.ManagedClusterAgentPoolProfile - Profile for the container service agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - artifactStreamingProfile: - description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - availabilityZones: - items: - type: string - type: array - capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - count: - type: integer - creationData: - description: |- - Storage version of v1api20240402preview.CreationData - Data used when creating a target resource from a source resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - enableAutoScaling: - type: boolean - enableCustomCATrust: - type: boolean - enableEncryptionAtHost: - type: boolean - enableFIPS: - type: boolean - enableNodePublicIP: - type: boolean - enableUltraSSD: - type: boolean - gatewayProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolGatewayProfile - Profile of the managed cluster gateway agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicIPPrefixSize: - type: integer - type: object - gpuInstanceProfile: - type: string - gpuProfile: - description: Storage version of v1api20240402preview.AgentPoolGPUProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - installGPUDriver: - type: boolean - type: object - hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - kubeletConfig: - description: |- - Storage version of v1api20240402preview.KubeletConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowedUnsafeSysctls: - items: - type: string - type: array - containerLogMaxFiles: - type: integer - containerLogMaxSizeMB: - type: integer - cpuCfsQuota: - type: boolean - cpuCfsQuotaPeriod: - type: string - cpuManagerPolicy: - type: string - failSwapOn: - type: boolean - imageGcHighThreshold: - type: integer - imageGcLowThreshold: - type: integer - podMaxPids: - type: integer - topologyManagerPolicy: - type: string - type: object - kubeletDiskType: - type: string - linuxOSConfig: - description: |- - Storage version of v1api20240402preview.LinuxOSConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - swapFileSizeMB: - type: integer - sysctls: - description: |- - Storage version of v1api20240402preview.SysctlConfig - Sysctl settings for Linux agent nodes. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - fsAioMaxNr: - type: integer - fsFileMax: - type: integer - fsInotifyMaxUserWatches: - type: integer - fsNrOpen: - type: integer - kernelThreadsMax: - type: integer - netCoreNetdevMaxBacklog: - type: integer - netCoreOptmemMax: - type: integer - netCoreRmemDefault: - type: integer - netCoreRmemMax: - type: integer - netCoreSomaxconn: - type: integer - netCoreWmemDefault: - type: integer - netCoreWmemMax: - type: integer - netIpv4IpLocalPortRange: - type: string - netIpv4NeighDefaultGcThresh1: - type: integer - netIpv4NeighDefaultGcThresh2: - type: integer - netIpv4NeighDefaultGcThresh3: - type: integer - netIpv4TcpFinTimeout: - type: integer - netIpv4TcpKeepaliveProbes: - type: integer - netIpv4TcpKeepaliveTime: - type: integer - netIpv4TcpMaxSynBacklog: - type: integer - netIpv4TcpMaxTwBuckets: - type: integer - netIpv4TcpTwReuse: - type: boolean - netIpv4TcpkeepaliveIntvl: - type: integer - netNetfilterNfConntrackBuckets: - type: integer - netNetfilterNfConntrackMax: - type: integer - vmMaxMapCount: - type: integer - vmSwappiness: - type: integer - vmVfsCachePressure: - type: integer - type: object - transparentHugePageDefrag: - type: string - transparentHugePageEnabled: - type: string - type: object - maxCount: - type: integer - maxPods: - type: integer - messageOfTheDay: - type: string - minCount: - type: integer - mode: - type: string - name: - type: string - networkProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolNetworkProfile - Network settings of an agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowedHostPorts: - items: - description: |- - Storage version of v1api20240402preview.PortRange - The port range. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - portEnd: - type: integer - portStart: - type: integer - protocol: - type: string - type: object - type: array - applicationSecurityGroupsReferences: - items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: array - nodePublicIPTags: - items: - description: |- - Storage version of v1api20240402preview.IPTag - Contains the IPTag associated with the object. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - ipTagType: - type: string - tag: - type: string - type: object - type: array - type: object - nodeInitializationTaints: - items: - type: string - type: array - nodeLabels: - additionalProperties: - type: string - type: object - nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - nodeTaints: - items: - type: string - type: array - orchestratorVersion: - type: string - osDiskSizeGB: - type: integer - osDiskType: - type: string - osSKU: - type: string - osType: - type: string - podIPAllocationMode: - type: string - podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - powerState: - description: |- - Storage version of v1api20240402preview.PowerState - Describes the Power State of the cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - type: object - proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - scaleDownMode: - type: string - scaleSetEvictionPolicy: - type: string - scaleSetPriority: - type: string - securityProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolSecurityProfile - The security settings of an agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enableSecureBoot: - type: boolean - enableVTPM: - type: boolean - sshAccess: - type: string - type: object - spotMaxPrice: - type: number - tags: - additionalProperties: - type: string - type: object - type: - type: string - upgradeSettings: - description: |- - Storage version of v1api20240402preview.AgentPoolUpgradeSettings - Settings for upgrading an agentpool - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - drainTimeoutInMinutes: - type: integer - maxSurge: - type: string - nodeSoakDurationInMinutes: - type: integer - undrainableNodeBehavior: - type: string - type: object - virtualMachineNodesStatus: - items: - description: |- - Storage version of v1api20240402preview.VirtualMachineNodes - Current status on a group of nodes of the same vm size. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - size: - type: string - type: object - type: array - virtualMachinesProfile: - description: |- - Storage version of v1api20240402preview.VirtualMachinesProfile - Specifications on VirtualMachines agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - scale: - description: |- - Storage version of v1api20240402preview.ScaleProfile - Specifications on how to scale a VirtualMachines agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - autoscale: - items: - description: |- - Storage version of v1api20240402preview.AutoScaleProfile - Specifications on auto-scaling. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - maxCount: - type: integer - minCount: - type: integer - sizes: - items: - type: string - type: array - type: object - type: array - manual: - items: - description: |- - Storage version of v1api20240402preview.ManualScaleProfile - Specifications on number of machines. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - sizes: - items: - type: string - type: array - type: object - type: array - type: object - type: object - vmSize: - type: string - vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - windowsProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolWindowsProfile - The Windows agent pool's specific profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - disableOutboundNat: - type: boolean - type: object - workloadRuntime: - type: string - type: object - type: array - aiToolchainOperatorProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAIToolchainOperatorProfile - When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator - automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and - enables distributed inference against them. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - apiServerAccessProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAPIServerAccessProfile - Access profile for managed cluster API server. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - authorizedIPRanges: - items: - type: string - type: array - disableRunCommand: - type: boolean - enablePrivateCluster: - type: boolean - enablePrivateClusterPublicFQDN: - type: boolean - enableVnetIntegration: - type: boolean - privateDNSZone: - type: string - subnetId: - type: string - type: object - autoScalerProfile: - description: Storage version of v1api20240402preview.ManagedClusterProperties_AutoScalerProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - balance-similar-node-groups: - type: string - daemonset-eviction-for-empty-nodes: - type: boolean - daemonset-eviction-for-occupied-nodes: - type: boolean - expander: - type: string - ignore-daemonsets-utilization: - type: boolean - max-empty-bulk-delete: - type: string - max-graceful-termination-sec: - type: string - max-node-provision-time: - type: string - max-total-unready-percentage: - type: string - new-pod-scale-up-delay: - type: string - ok-total-unready-count: - type: string - scale-down-delay-after-add: - type: string - scale-down-delay-after-delete: - type: string - scale-down-delay-after-failure: - type: string - scale-down-unneeded-time: - type: string - scale-down-unready-time: - type: string - scale-down-utilization-threshold: - type: string - scan-interval: - type: string - skip-nodes-with-local-storage: - type: string - skip-nodes-with-system-pods: - type: string - type: object - autoUpgradeProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAutoUpgradeProfile - Auto upgrade profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - nodeOSUpgradeChannel: - type: string - upgradeChannel: - type: string - type: object - azureMonitorProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfile - Prometheus addon profile for the container service cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - appMonitoring: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoring - Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces - through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - autoInstrumentation: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation - Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook to auto-instrument - Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the application. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - openTelemetryLogs: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogs - Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and Traces. Collects - OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - port: - type: integer - type: object - openTelemetryMetrics: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics - Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects - OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - port: - type: integer - type: object - type: object - containerInsights: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileContainerInsights - Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See - aka.ms/AzureMonitorContainerInsights for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - disableCustomMetrics: - type: boolean - disablePrometheusMetricsScraping: - type: boolean - enabled: - type: boolean - logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing - Azure Monitor Container Insights Logs. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - syslogPort: - type: integer - type: object - metrics: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileMetrics - Metrics profile for the prometheus service addon - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - kubeStateMetrics: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileKubeStateMetrics - Kube State Metrics for prometheus addon profile for the container service cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - metricAnnotationsAllowList: - type: string - metricLabelsAllowlist: - type: string - type: object - type: object - type: object - azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. - type: string - bootstrapProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterBootstrapProfile - The bootstrap profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - artifactSource: - type: string - containerRegistryReference: - description: |- - ContainerRegistryReference: The resource Id of Azure Container Registry. The registry must have private network access, - premium SKU and zone redundancy. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - creationData: - description: |- - Storage version of v1api20240402preview.CreationData - Data used when creating a target resource from a source resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - disableLocalAccounts: - type: boolean - diskEncryptionSetReference: - description: |- - DiskEncryptionSetReference: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - dnsPrefix: - type: string - enableNamespaceResources: - type: boolean - enablePodSecurityPolicy: - type: boolean - enableRBAC: - type: boolean - extendedLocation: - description: |- - Storage version of v1api20240402preview.ExtendedLocation - The complex type of the extended location. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - name: - type: string - type: - type: string - type: object - fqdnSubdomain: - type: string - httpProxyConfig: - description: |- - Storage version of v1api20240402preview.ManagedClusterHTTPProxyConfig - Cluster HTTP proxy configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - httpProxy: - type: string - httpsProxy: - type: string - noProxy: - items: - type: string - type: array - trustedCa: - type: string - type: object - identity: - description: |- - Storage version of v1api20240402preview.ManagedClusterIdentity - Identity for the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - delegatedResources: - additionalProperties: - description: |- - Storage version of v1api20240402preview.DelegatedResource - Delegated resource properties - internal use only. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - location: - type: string - referralResource: - type: string - resourceReference: - description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - tenantId: - type: string - type: object - type: object - type: - type: string - userAssignedIdentities: - items: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentityDetails - Information about the user assigned identity for the resource - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - type: object - identityProfile: - additionalProperties: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentity - Details about a user assigned identity. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: object - ingressProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterIngressProfile - Ingress profile for the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - webAppRouting: - description: |- - Storage version of v1api20240402preview.ManagedClusterIngressProfileWebAppRouting - Web App Routing settings for the ingress profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - dnsZoneResourceReferences: - items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: array - enabled: - type: boolean - type: object - type: object - kind: - type: string - kubernetesVersion: - type: string - linuxProfile: - description: |- - Storage version of v1api20240402preview.ContainerServiceLinuxProfile - Profile for Linux VMs in the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminUsername: - type: string - ssh: - description: |- - Storage version of v1api20240402preview.ContainerServiceSshConfiguration - SSH configuration for Linux-based VMs running on Azure. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicKeys: - items: - description: |- - Storage version of v1api20240402preview.ContainerServiceSshPublicKey - Contains information about SSH certificate public key data. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - keyData: - type: string - type: object - type: array - type: object - type: object - location: - type: string - metricsProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterMetricsProfile - The metrics profile for the ManagedCluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - costAnalysis: - description: |- - Storage version of v1api20240402preview.ManagedClusterCostAnalysis - The cost analysis configuration for the cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - networkProfile: - description: |- - Storage version of v1api20240402preview.ContainerServiceNetworkProfile - Profile of network configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - advancedNetworking: - description: |- - Storage version of v1api20240402preview.AdvancedNetworking - Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced networking features may - incur additional costs. For more information see aka.ms/aksadvancednetworking. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - observability: - description: |- - Storage version of v1api20240402preview.AdvancedNetworkingObservability - Observability profile to enable advanced network metrics and flow logs with historical contexts. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - dnsServiceIP: - type: string - ipFamilies: - items: - type: string - type: array - kubeProxyConfig: - description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - ipvsConfig: - description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - scheduler: - type: string - tcpFinTimeoutSeconds: - type: integer - tcpTimeoutSeconds: - type: integer - udpTimeoutSeconds: - type: integer - type: object - mode: - type: string - type: object - loadBalancerProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile - Profile of the managed cluster load balancer. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allocatedOutboundPorts: - type: integer - backendPoolType: - type: string - clusterServiceLoadBalancerHealthProbeMode: - type: string - effectiveOutboundIPs: - items: - description: |- - Storage version of v1api20240402preview.ResourceReference - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - enableMultipleStandardLoadBalancers: - type: boolean - idleTimeoutInMinutes: - type: integer - managedOutboundIPs: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - countIPv6: - type: integer - type: object - outboundIPPrefixes: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicIPPrefixes: - items: - description: |- - Storage version of v1api20240402preview.ResourceReference - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - type: object - outboundIPs: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPs - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicIPs: - items: - description: |- - Storage version of v1api20240402preview.ResourceReference - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - type: object - type: object - loadBalancerSku: - type: string - natGatewayProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterNATGatewayProfile - Profile of the managed cluster NAT gateway. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - effectiveOutboundIPs: - items: - description: |- - Storage version of v1api20240402preview.ResourceReference - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - idleTimeoutInMinutes: - type: integer - managedOutboundIPProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterManagedOutboundIPProfile - Profile of the managed outbound IP resources of the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - type: object - type: object - networkDataplane: - type: string - networkMode: - type: string - networkPlugin: - type: string - networkPluginMode: - type: string - networkPolicy: - type: string - outboundType: - type: string - podCidr: - type: string - podCidrs: - items: - type: string - type: array - podLinkLocalAccess: - type: string - serviceCidr: - type: string - serviceCidrs: - items: - type: string - type: array - staticEgressGatewayProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterStaticEgressGatewayProfile - The Static Egress Gateway addon configuration for the cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - nodeProvisioningProfile: - description: Storage version of v1api20240402preview.ManagedClusterNodeProvisioningProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - mode: - type: string - type: object - nodeResourceGroup: - type: string - nodeResourceGroupProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterNodeResourceGroupProfile - Node resource group lockdown profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - restrictionLevel: - type: string - type: object - oidcIssuerProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterOIDCIssuerProfile - The OIDC issuer profile of the Managed Cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - operatorSpec: - description: |- - Storage version of v1api20240402preview.ManagedClusterOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - configMaps: - description: Storage version of v1api20240402preview.ManagedClusterOperatorConfigMaps - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - oidcIssuerProfile: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to SecretDestination in secrets.go. Changes to one should likely also be made to the other. - properties: - key: - description: Key is the key in the ConfigMap being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes ConfigMap being referenced. - The ConfigMap must be in the same namespace as the resource - type: string - required: - - key - - name - type: object - type: object - secrets: - description: Storage version of v1api20240402preview.ManagedClusterOperatorSecrets - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to ConfigMapDestination in configmaps.go. Changes to one should likely also be made to the other. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object - userCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to ConfigMapDestination in configmaps.go. Changes to one should likely also be made to the other. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object - type: object - type: object - originalVersion: - type: string - owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource - properties: - armId: - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - name: - description: This is the name of the Kubernetes resource to reference. - type: string - type: object - podIdentityProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityProfile - See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod - identity integration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowNetworkPluginKubenet: - type: boolean - enabled: - type: boolean - userAssignedIdentities: - items: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentity - Details about the pod identity assigned to the Managed Cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - bindingSelector: - type: string - identity: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentity - Details about a user assigned identity. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - name: - type: string - namespace: - type: string - type: object - type: array - userAssignedIdentityExceptions: - items: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityException - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - name: - type: string - namespace: - type: string - podLabels: - additionalProperties: - type: string - type: object - type: object - type: array - type: object - privateLinkResources: - items: - description: |- - Storage version of v1api20240402preview.PrivateLinkResource - A private link resource - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - groupId: - type: string - name: - type: string - reference: - description: 'Reference: The ID of the private link resource.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - requiredMembers: - items: - type: string - type: array - type: - type: string - type: object - type: array - publicNetworkAccess: - type: string - safeguardsProfile: - description: |- - Storage version of v1api20240402preview.SafeguardsProfile - The Safeguards profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - excludedNamespaces: - items: - type: string - type: array - level: - type: string - version: - type: string - type: object - securityProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfile - Security profile for the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - azureKeyVaultKms: - description: |- - Storage version of v1api20240402preview.AzureKeyVaultKms - Azure Key Vault key management service settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - keyId: - type: string - keyVaultNetworkAccess: - type: string - keyVaultResourceReference: - description: |- - KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and - must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - customCATrustCertificates: - items: - type: string - type: array - defender: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefender - Microsoft Defender settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft - Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When - Microsoft Defender is disabled, leave the field empty. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - securityMonitoring: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring - Microsoft Defender settings for the security profile threat detection. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - imageCleaner: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageCleaner - Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here - are settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - intervalHours: - type: integer - type: object - imageIntegrity: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageIntegrity - Image integrity related settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - nodeRestriction: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileNodeRestriction - Node Restriction settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - workloadIdentity: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileWorkloadIdentity - Workload identity settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - serviceMeshProfile: - description: |- - Storage version of v1api20240402preview.ServiceMeshProfile - Service mesh profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - istio: - description: |- - Storage version of v1api20240402preview.IstioServiceMesh - Istio service mesh configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - certificateAuthority: - description: |- - Storage version of v1api20240402preview.IstioCertificateAuthority - Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described - here https://aka.ms/asm-plugin-ca - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - plugin: - description: |- - Storage version of v1api20240402preview.IstioPluginCertificateAuthority - Plugin certificates information for Service Mesh. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - certChainObjectName: - type: string - certObjectName: - type: string - keyObjectName: - type: string - keyVaultReference: - description: 'KeyVaultReference: The resource ID of the Key Vault.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - rootCertObjectName: - type: string - type: object - type: object - components: - description: |- - Storage version of v1api20240402preview.IstioComponents - Istio components configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - egressGateways: - items: - description: |- - Storage version of v1api20240402preview.IstioEgressGateway - Istio egress gateway configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: array - ingressGateways: - items: - description: |- - Storage version of v1api20240402preview.IstioIngressGateway - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - mode: - type: string - type: object - type: array - type: object - revisions: - items: - type: string - type: array - type: object - mode: - type: string - type: object - servicePrincipalProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterServicePrincipalProfile - Information about a service principal identity for the cluster to use for manipulating Azure APIs. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - secret: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object - type: object - sku: - description: |- - Storage version of v1api20240402preview.ManagedClusterSKU - The SKU of a Managed Cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - name: - type: string - tier: - type: string - type: object - storageProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfile - Storage profile for the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - blobCSIDriver: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileBlobCSIDriver - AzureBlob CSI Driver settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - diskCSIDriver: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileDiskCSIDriver - AzureDisk CSI Driver settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - version: - type: string - type: object - fileCSIDriver: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileFileCSIDriver - AzureFile CSI Driver settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - snapshotController: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileSnapshotController - Snapshot Controller settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - supportPlan: - type: string - tags: - additionalProperties: - type: string - type: object - upgradeSettings: - description: |- - Storage version of v1api20240402preview.ClusterUpgradeSettings - Settings for upgrading a cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - overrideSettings: - description: |- - Storage version of v1api20240402preview.UpgradeOverrideSettings - Settings for overrides when upgrading a cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - forceUpgrade: - type: boolean - until: - type: string - type: object - type: object - windowsProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterWindowsProfile - Profile for Windows VMs in the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminPassword: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object - adminUsername: - type: string - enableCSIProxy: - type: boolean - gmsaProfile: - description: |- - Storage version of v1api20240402preview.WindowsGmsaProfile - Windows gMSA Profile in the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - dnsServer: - type: string - enabled: - type: boolean - rootDomainName: - type: string - type: object - licenseType: - type: string - type: object - workloadAutoScalerProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfile - Workload Auto-scaler profile for the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - keda: - description: |- - Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileKeda - KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - verticalPodAutoscaler: - description: Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - addonAutoscaling: - type: string - enabled: - type: boolean - type: object - type: object - required: - - owner - type: object - status: - description: |- - Storage version of v1api20240402preview.ManagedCluster_STATUS - Managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - aadProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAADProfile_STATUS - For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminGroupObjectIDs: - items: - type: string - type: array - clientAppID: - type: string - enableAzureRBAC: - type: boolean - managed: - type: boolean - serverAppID: - type: string - serverAppSecret: - type: string - tenantID: - type: string - type: object - addonProfiles: - additionalProperties: - description: |- - Storage version of v1api20240402preview.ManagedClusterAddonProfile_STATUS - A Kubernetes add-on profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - config: - additionalProperties: - type: string - type: object - enabled: - type: boolean - identity: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentity_STATUS - Details about a user assigned identity. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object - type: object - type: object - agentPoolProfiles: - items: - description: |- - Storage version of v1api20240402preview.ManagedClusterAgentPoolProfile_STATUS - Profile for the container service agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - artifactStreamingProfile: - description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - availabilityZones: - items: - type: string - type: array - capacityReservationGroupID: - type: string - count: - type: integer - creationData: - description: |- - Storage version of v1api20240402preview.CreationData_STATUS - Data used when creating a target resource from a source resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - sourceResourceId: - type: string - type: object - currentOrchestratorVersion: - type: string - eTag: - type: string - enableAutoScaling: - type: boolean - enableCustomCATrust: - type: boolean - enableEncryptionAtHost: - type: boolean - enableFIPS: - type: boolean - enableNodePublicIP: - type: boolean - enableUltraSSD: - type: boolean - gatewayProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolGatewayProfile_STATUS - Profile of the managed cluster gateway agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicIPPrefixSize: - type: integer - type: object - gpuInstanceProfile: - type: string - gpuProfile: - description: Storage version of v1api20240402preview.AgentPoolGPUProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - installGPUDriver: - type: boolean - type: object - hostGroupID: - type: string - kubeletConfig: - description: |- - Storage version of v1api20240402preview.KubeletConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowedUnsafeSysctls: - items: - type: string - type: array - containerLogMaxFiles: - type: integer - containerLogMaxSizeMB: - type: integer - cpuCfsQuota: - type: boolean - cpuCfsQuotaPeriod: - type: string - cpuManagerPolicy: - type: string - failSwapOn: - type: boolean - imageGcHighThreshold: - type: integer - imageGcLowThreshold: - type: integer - podMaxPids: - type: integer - topologyManagerPolicy: - type: string - type: object - kubeletDiskType: - type: string - linuxOSConfig: - description: |- - Storage version of v1api20240402preview.LinuxOSConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - swapFileSizeMB: - type: integer - sysctls: - description: |- - Storage version of v1api20240402preview.SysctlConfig_STATUS - Sysctl settings for Linux agent nodes. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - fsAioMaxNr: - type: integer - fsFileMax: - type: integer - fsInotifyMaxUserWatches: - type: integer - fsNrOpen: - type: integer - kernelThreadsMax: - type: integer - netCoreNetdevMaxBacklog: - type: integer - netCoreOptmemMax: - type: integer - netCoreRmemDefault: - type: integer - netCoreRmemMax: - type: integer - netCoreSomaxconn: - type: integer - netCoreWmemDefault: - type: integer - netCoreWmemMax: - type: integer - netIpv4IpLocalPortRange: - type: string - netIpv4NeighDefaultGcThresh1: - type: integer - netIpv4NeighDefaultGcThresh2: - type: integer - netIpv4NeighDefaultGcThresh3: - type: integer - netIpv4TcpFinTimeout: - type: integer - netIpv4TcpKeepaliveProbes: - type: integer - netIpv4TcpKeepaliveTime: - type: integer - netIpv4TcpMaxSynBacklog: - type: integer - netIpv4TcpMaxTwBuckets: - type: integer - netIpv4TcpTwReuse: - type: boolean - netIpv4TcpkeepaliveIntvl: - type: integer - netNetfilterNfConntrackBuckets: - type: integer - netNetfilterNfConntrackMax: - type: integer - vmMaxMapCount: - type: integer - vmSwappiness: - type: integer - vmVfsCachePressure: - type: integer - type: object - transparentHugePageDefrag: - type: string - transparentHugePageEnabled: - type: string - type: object - maxCount: - type: integer - maxPods: - type: integer - messageOfTheDay: - type: string - minCount: - type: integer - mode: - type: string - name: - type: string - networkProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolNetworkProfile_STATUS - Network settings of an agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowedHostPorts: - items: - description: |- - Storage version of v1api20240402preview.PortRange_STATUS - The port range. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - portEnd: - type: integer - portStart: - type: integer - protocol: - type: string - type: object - type: array - applicationSecurityGroups: - items: - type: string - type: array - nodePublicIPTags: - items: - description: |- - Storage version of v1api20240402preview.IPTag_STATUS - Contains the IPTag associated with the object. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - ipTagType: - type: string - tag: - type: string - type: object - type: array - type: object - nodeImageVersion: - type: string - nodeInitializationTaints: - items: - type: string - type: array - nodeLabels: - additionalProperties: - type: string - type: object - nodePublicIPPrefixID: - type: string - nodeTaints: - items: - type: string - type: array - orchestratorVersion: - type: string - osDiskSizeGB: - type: integer - osDiskType: - type: string - osSKU: - type: string - osType: - type: string - podIPAllocationMode: - type: string - podSubnetID: - type: string - powerState: - description: |- - Storage version of v1api20240402preview.PowerState_STATUS - Describes the Power State of the cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - type: object - provisioningState: - type: string - proximityPlacementGroupID: - type: string - scaleDownMode: - type: string - scaleSetEvictionPolicy: - type: string - scaleSetPriority: - type: string - securityProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolSecurityProfile_STATUS - The security settings of an agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enableSecureBoot: - type: boolean - enableVTPM: - type: boolean - sshAccess: - type: string - type: object - spotMaxPrice: - type: number - tags: - additionalProperties: - type: string - type: object - type: - type: string - upgradeSettings: - description: |- - Storage version of v1api20240402preview.AgentPoolUpgradeSettings_STATUS - Settings for upgrading an agentpool - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - drainTimeoutInMinutes: - type: integer - maxSurge: - type: string - nodeSoakDurationInMinutes: - type: integer - undrainableNodeBehavior: - type: string - type: object - virtualMachineNodesStatus: - items: - description: |- - Storage version of v1api20240402preview.VirtualMachineNodes_STATUS - Current status on a group of nodes of the same vm size. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - size: - type: string - type: object - type: array - virtualMachinesProfile: - description: |- - Storage version of v1api20240402preview.VirtualMachinesProfile_STATUS - Specifications on VirtualMachines agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - scale: - description: |- - Storage version of v1api20240402preview.ScaleProfile_STATUS - Specifications on how to scale a VirtualMachines agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - autoscale: - items: - description: |- - Storage version of v1api20240402preview.AutoScaleProfile_STATUS - Specifications on auto-scaling. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - maxCount: - type: integer - minCount: - type: integer - sizes: - items: - type: string - type: array - type: object - type: array - manual: - items: - description: |- - Storage version of v1api20240402preview.ManualScaleProfile_STATUS - Specifications on number of machines. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - sizes: - items: - type: string - type: array - type: object - type: array - type: object - type: object - vmSize: - type: string - vnetSubnetID: - type: string - windowsProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolWindowsProfile_STATUS - The Windows agent pool's specific profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - disableOutboundNat: - type: boolean - type: object - workloadRuntime: - type: string - type: object - type: array - aiToolchainOperatorProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAIToolchainOperatorProfile_STATUS - When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator - automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and - enables distributed inference against them. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - apiServerAccessProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAPIServerAccessProfile_STATUS - Access profile for managed cluster API server. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - authorizedIPRanges: - items: - type: string - type: array - disableRunCommand: - type: boolean - enablePrivateCluster: - type: boolean - enablePrivateClusterPublicFQDN: - type: boolean - enableVnetIntegration: - type: boolean - privateDNSZone: - type: string - subnetId: - type: string - type: object - autoScalerProfile: - description: Storage version of v1api20240402preview.ManagedClusterProperties_AutoScalerProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - balance-similar-node-groups: - type: string - daemonset-eviction-for-empty-nodes: - type: boolean - daemonset-eviction-for-occupied-nodes: - type: boolean - expander: - type: string - ignore-daemonsets-utilization: - type: boolean - max-empty-bulk-delete: - type: string - max-graceful-termination-sec: - type: string - max-node-provision-time: - type: string - max-total-unready-percentage: - type: string - new-pod-scale-up-delay: - type: string - ok-total-unready-count: - type: string - scale-down-delay-after-add: - type: string - scale-down-delay-after-delete: - type: string - scale-down-delay-after-failure: - type: string - scale-down-unneeded-time: - type: string - scale-down-unready-time: - type: string - scale-down-utilization-threshold: - type: string - scan-interval: - type: string - skip-nodes-with-local-storage: - type: string - skip-nodes-with-system-pods: - type: string - type: object - autoUpgradeProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAutoUpgradeProfile_STATUS - Auto upgrade profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - nodeOSUpgradeChannel: - type: string - upgradeChannel: - type: string - type: object - azureMonitorProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfile_STATUS - Prometheus addon profile for the container service cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - appMonitoring: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoring_STATUS - Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces - through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - autoInstrumentation: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation_STATUS - Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook to auto-instrument - Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the application. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - openTelemetryLogs: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogs_STATUS - Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and Traces. Collects - OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - port: - type: integer - type: object - openTelemetryMetrics: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics_STATUS - Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects - OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - port: - type: integer - type: object - type: object - containerInsights: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileContainerInsights_STATUS - Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See - aka.ms/AzureMonitorContainerInsights for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - disableCustomMetrics: - type: boolean - disablePrometheusMetricsScraping: - type: boolean - enabled: - type: boolean - logAnalyticsWorkspaceResourceId: - type: string - syslogPort: - type: integer - type: object - metrics: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileMetrics_STATUS - Metrics profile for the prometheus service addon - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - kubeStateMetrics: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS - Kube State Metrics for prometheus addon profile for the container service cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - metricAnnotationsAllowList: - type: string - metricLabelsAllowlist: - type: string - type: object - type: object - type: object - azurePortalFQDN: - type: string - bootstrapProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterBootstrapProfile_STATUS - The bootstrap profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - artifactSource: - type: string - containerRegistryId: - type: string - type: object - conditions: - items: - description: Condition defines an extension to status (an observation) of a resource - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human readable message indicating details about the transition. This field may be empty. - type: string - observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. - type: string - severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown - type: string - status: - description: Status of the condition, one of True, False, or Unknown. - type: string - type: - description: Type of condition. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - creationData: - description: |- - Storage version of v1api20240402preview.CreationData_STATUS - Data used when creating a target resource from a source resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - sourceResourceId: - type: string - type: object - currentKubernetesVersion: - type: string - disableLocalAccounts: - type: boolean - diskEncryptionSetID: - type: string - dnsPrefix: - type: string - eTag: - type: string - enableNamespaceResources: - type: boolean - enablePodSecurityPolicy: - type: boolean - enableRBAC: - type: boolean - extendedLocation: - description: |- - Storage version of v1api20240402preview.ExtendedLocation_STATUS - The complex type of the extended location. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - name: - type: string - type: - type: string - type: object - fqdn: - type: string - fqdnSubdomain: - type: string - httpProxyConfig: - description: |- - Storage version of v1api20240402preview.ManagedClusterHTTPProxyConfig_STATUS - Cluster HTTP proxy configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - effectiveNoProxy: - items: - type: string - type: array - httpProxy: - type: string - httpsProxy: - type: string - noProxy: - items: - type: string - type: array - trustedCa: - type: string - type: object - id: - type: string - identity: - description: |- - Storage version of v1api20240402preview.ManagedClusterIdentity_STATUS - Identity for the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - delegatedResources: - additionalProperties: - description: |- - Storage version of v1api20240402preview.DelegatedResource_STATUS - Delegated resource properties - internal use only. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - location: - type: string - referralResource: - type: string - resourceId: - type: string - tenantId: - type: string - type: object - type: object - principalId: - type: string - tenantId: - type: string - type: - type: string - userAssignedIdentities: - additionalProperties: - description: Storage version of v1api20240402preview.ManagedClusterIdentity_UserAssignedIdentities_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - principalId: - type: string - type: object - type: object - type: object - identityProfile: - additionalProperties: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentity_STATUS - Details about a user assigned identity. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object - type: object - ingressProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterIngressProfile_STATUS - Ingress profile for the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - webAppRouting: - description: |- - Storage version of v1api20240402preview.ManagedClusterIngressProfileWebAppRouting_STATUS - Web App Routing settings for the ingress profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - dnsZoneResourceIds: - items: - type: string - type: array - enabled: - type: boolean - identity: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentity_STATUS - Details about a user assigned identity. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object - type: object - type: object - kind: - type: string - kubernetesVersion: - type: string - linuxProfile: - description: |- - Storage version of v1api20240402preview.ContainerServiceLinuxProfile_STATUS - Profile for Linux VMs in the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminUsername: - type: string - ssh: - description: |- - Storage version of v1api20240402preview.ContainerServiceSshConfiguration_STATUS - SSH configuration for Linux-based VMs running on Azure. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicKeys: - items: - description: |- - Storage version of v1api20240402preview.ContainerServiceSshPublicKey_STATUS - Contains information about SSH certificate public key data. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - keyData: - type: string - type: object - type: array - type: object - type: object - location: - type: string - maxAgentPools: - type: integer - metricsProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterMetricsProfile_STATUS - The metrics profile for the ManagedCluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - costAnalysis: - description: |- - Storage version of v1api20240402preview.ManagedClusterCostAnalysis_STATUS - The cost analysis configuration for the cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - name: - type: string - networkProfile: - description: |- - Storage version of v1api20240402preview.ContainerServiceNetworkProfile_STATUS - Profile of network configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - advancedNetworking: - description: |- - Storage version of v1api20240402preview.AdvancedNetworking_STATUS - Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced networking features may - incur additional costs. For more information see aka.ms/aksadvancednetworking. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - observability: - description: |- - Storage version of v1api20240402preview.AdvancedNetworkingObservability_STATUS - Observability profile to enable advanced network metrics and flow logs with historical contexts. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - dnsServiceIP: - type: string - ipFamilies: - items: - type: string - type: array - kubeProxyConfig: - description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - ipvsConfig: - description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - scheduler: - type: string - tcpFinTimeoutSeconds: - type: integer - tcpTimeoutSeconds: - type: integer - udpTimeoutSeconds: - type: integer - type: object - mode: - type: string - type: object - loadBalancerProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_STATUS - Profile of the managed cluster load balancer. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allocatedOutboundPorts: - type: integer - backendPoolType: - type: string - clusterServiceLoadBalancerHealthProbeMode: - type: string - effectiveOutboundIPs: - items: - description: |- - Storage version of v1api20240402preview.ResourceReference_STATUS - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - id: - type: string - type: object - type: array - enableMultipleStandardLoadBalancers: - type: boolean - idleTimeoutInMinutes: - type: integer - managedOutboundIPs: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - countIPv6: - type: integer - type: object - outboundIPPrefixes: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicIPPrefixes: - items: - description: |- - Storage version of v1api20240402preview.ResourceReference_STATUS - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - id: - type: string - type: object - type: array - type: object - outboundIPs: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicIPs: - items: - description: |- - Storage version of v1api20240402preview.ResourceReference_STATUS - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - id: - type: string - type: object - type: array - type: object - type: object - loadBalancerSku: - type: string - natGatewayProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterNATGatewayProfile_STATUS - Profile of the managed cluster NAT gateway. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - effectiveOutboundIPs: - items: - description: |- - Storage version of v1api20240402preview.ResourceReference_STATUS - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - id: - type: string - type: object - type: array - idleTimeoutInMinutes: - type: integer - managedOutboundIPProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterManagedOutboundIPProfile_STATUS - Profile of the managed outbound IP resources of the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - type: object - type: object - networkDataplane: - type: string - networkMode: - type: string - networkPlugin: - type: string - networkPluginMode: - type: string - networkPolicy: - type: string - outboundType: - type: string - podCidr: - type: string - podCidrs: - items: - type: string - type: array - podLinkLocalAccess: - type: string - serviceCidr: - type: string - serviceCidrs: - items: - type: string - type: array - staticEgressGatewayProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterStaticEgressGatewayProfile_STATUS - The Static Egress Gateway addon configuration for the cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - nodeProvisioningProfile: - description: Storage version of v1api20240402preview.ManagedClusterNodeProvisioningProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - mode: - type: string - type: object - nodeResourceGroup: - type: string - nodeResourceGroupProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterNodeResourceGroupProfile_STATUS - Node resource group lockdown profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - restrictionLevel: - type: string - type: object - oidcIssuerProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterOIDCIssuerProfile_STATUS - The OIDC issuer profile of the Managed Cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - issuerURL: - type: string - type: object - podIdentityProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityProfile_STATUS - See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod - identity integration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowNetworkPluginKubenet: - type: boolean - enabled: - type: boolean - userAssignedIdentities: - items: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentity_STATUS - Details about the pod identity assigned to the Managed Cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - bindingSelector: - type: string - identity: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentity_STATUS - Details about a user assigned identity. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object - name: - type: string - namespace: - type: string - provisioningInfo: - description: Storage version of v1api20240402preview.ManagedClusterPodIdentity_ProvisioningInfo_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - error: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningError_STATUS - An error response from the pod identity provisioning. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - error: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS - An error response from the pod identity provisioning. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - details: - items: - description: Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - message: - type: string - target: - type: string - type: object - type: array - message: - type: string - target: - type: string - type: object - type: object - type: object - provisioningState: - type: string - type: object - type: array - userAssignedIdentityExceptions: - items: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityException_STATUS - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - name: - type: string - namespace: - type: string - podLabels: - additionalProperties: - type: string - type: object - type: object - type: array - type: object - powerState: - description: |- - Storage version of v1api20240402preview.PowerState_STATUS - Describes the Power State of the cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - type: object - privateFQDN: - type: string - privateLinkResources: - items: - description: |- - Storage version of v1api20240402preview.PrivateLinkResource_STATUS - A private link resource - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - groupId: - type: string - id: - type: string - name: - type: string - privateLinkServiceID: - type: string - requiredMembers: - items: - type: string - type: array - type: - type: string - type: object - type: array - provisioningState: - type: string - publicNetworkAccess: - type: string - resourceUID: - type: string - safeguardsProfile: - description: |- - Storage version of v1api20240402preview.SafeguardsProfile_STATUS - The Safeguards profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - excludedNamespaces: - items: - type: string - type: array - level: - type: string - systemExcludedNamespaces: - items: - type: string - type: array - version: - type: string - type: object - securityProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfile_STATUS - Security profile for the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - azureKeyVaultKms: - description: |- - Storage version of v1api20240402preview.AzureKeyVaultKms_STATUS - Azure Key Vault key management service settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - keyId: - type: string - keyVaultNetworkAccess: - type: string - keyVaultResourceId: - type: string - type: object - customCATrustCertificates: - items: - type: string - type: array - defender: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefender_STATUS - Microsoft Defender settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - logAnalyticsWorkspaceResourceId: - type: string - securityMonitoring: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS - Microsoft Defender settings for the security profile threat detection. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - imageCleaner: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageCleaner_STATUS - Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here - are settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - intervalHours: - type: integer - type: object - imageIntegrity: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageIntegrity_STATUS - Image integrity related settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - nodeRestriction: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileNodeRestriction_STATUS - Node Restriction settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - workloadIdentity: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileWorkloadIdentity_STATUS - Workload identity settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - serviceMeshProfile: - description: |- - Storage version of v1api20240402preview.ServiceMeshProfile_STATUS - Service mesh profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - istio: - description: |- - Storage version of v1api20240402preview.IstioServiceMesh_STATUS - Istio service mesh configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - certificateAuthority: - description: |- - Storage version of v1api20240402preview.IstioCertificateAuthority_STATUS - Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described - here https://aka.ms/asm-plugin-ca - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - plugin: - description: |- - Storage version of v1api20240402preview.IstioPluginCertificateAuthority_STATUS - Plugin certificates information for Service Mesh. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - certChainObjectName: - type: string - certObjectName: - type: string - keyObjectName: - type: string - keyVaultId: - type: string - rootCertObjectName: - type: string - type: object - type: object - components: - description: |- - Storage version of v1api20240402preview.IstioComponents_STATUS - Istio components configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - egressGateways: - items: - description: |- - Storage version of v1api20240402preview.IstioEgressGateway_STATUS - Istio egress gateway configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: array - ingressGateways: - items: - description: |- - Storage version of v1api20240402preview.IstioIngressGateway_STATUS - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - mode: - type: string - type: object - type: array - type: object - revisions: - items: - type: string - type: array - type: object - mode: - type: string - type: object - servicePrincipalProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterServicePrincipalProfile_STATUS - Information about a service principal identity for the cluster to use for manipulating Azure APIs. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - type: object - sku: - description: |- - Storage version of v1api20240402preview.ManagedClusterSKU_STATUS - The SKU of a Managed Cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - name: - type: string - tier: - type: string - type: object - storageProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfile_STATUS - Storage profile for the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - blobCSIDriver: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileBlobCSIDriver_STATUS - AzureBlob CSI Driver settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - diskCSIDriver: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileDiskCSIDriver_STATUS - AzureDisk CSI Driver settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - version: - type: string - type: object - fileCSIDriver: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileFileCSIDriver_STATUS - AzureFile CSI Driver settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - snapshotController: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileSnapshotController_STATUS - Snapshot Controller settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - supportPlan: - type: string - systemData: - description: |- - Storage version of v1api20240402preview.SystemData_STATUS - Metadata pertaining to creation and last modification of the resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - createdAt: - type: string - createdBy: - type: string - createdByType: - type: string - lastModifiedAt: - type: string - lastModifiedBy: - type: string - lastModifiedByType: - type: string - type: object - tags: - additionalProperties: - type: string - type: object - type: - type: string - upgradeSettings: - description: |- - Storage version of v1api20240402preview.ClusterUpgradeSettings_STATUS - Settings for upgrading a cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - overrideSettings: - description: |- - Storage version of v1api20240402preview.UpgradeOverrideSettings_STATUS - Settings for overrides when upgrading a cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - forceUpgrade: - type: boolean - until: - type: string - type: object - type: object - windowsProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterWindowsProfile_STATUS - Profile for Windows VMs in the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminUsername: - type: string - enableCSIProxy: - type: boolean - gmsaProfile: - description: |- - Storage version of v1api20240402preview.WindowsGmsaProfile_STATUS - Windows gMSA Profile in the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - dnsServer: - type: string - enabled: - type: boolean - rootDomainName: - type: string - type: object - licenseType: - type: string - type: object - workloadAutoScalerProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfile_STATUS - Workload Auto-scaler profile for the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - keda: - description: |- - Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS - KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - verticalPodAutoscaler: - description: Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - addonAutoscaling: - type: string - enabled: - type: boolean - type: object - type: object - type: object - type: object - served: true - storage: false - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 - labels: - app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.8.0 - name: managedclustersagentpools.containerservice.azure.com -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: azureserviceoperator-webhook-service - namespace: azureserviceoperator-system - path: /convert - port: 443 - conversionReviewVersions: - - v1 - group: containerservice.azure.com - names: - kind: ManagedClustersAgentPool - listKind: ManagedClustersAgentPoolList - plural: managedclustersagentpools - singular: managedclustersagentpool - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - type: string - name: v1api20210501 - schema: - openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. - items: - type: string - type: array - azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. - type: string - count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. - type: integer - enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' - type: boolean - enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption - type: boolean - enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. - type: boolean - enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. - type: boolean - enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' - type: boolean - gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' - enum: - - MIG1g - - MIG2g - - MIG3g - - MIG4g - - MIG7g - type: string - kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' - properties: - allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' - items: - type: string - type: array - containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. - minimum: 2 - type: integer - containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' - type: integer - cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' - type: boolean - cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. - type: string - cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. - type: string - failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' - type: boolean - imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' - type: integer - imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' - type: integer - podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' - type: integer - topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. - type: string - type: object - kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. - enum: - - OS - - Temporary - type: string - linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' - properties: - swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' - type: integer - sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' - properties: - fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' - type: integer - fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' - type: integer - fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' - type: integer - fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' - type: integer - kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' - type: integer - netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' - type: integer - netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' - type: integer - netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' - type: integer - netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' - type: integer - netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' - type: integer - netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' - type: integer - netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' - type: integer - netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' - type: string - netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' - type: integer - netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' - type: integer - netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' - type: integer - netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' - type: integer - netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' - type: integer - netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' - type: integer - netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' - type: integer - netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' - type: integer - netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' - type: boolean - netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' - type: integer - netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' - type: integer - netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' - type: integer - vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' - type: integer - vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' - type: integer - vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' - type: integer - type: object - transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). - type: string - transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). - type: string - type: object - maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' - type: integer - maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' - type: integer - minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' - type: integer - mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools - enum: - - System - - User - type: string - nodeLabels: - additionalProperties: - type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' - type: object - nodePublicIPPrefixIDReference: - description: |- - NodePublicIPPrefixIDReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' - items: - type: string - type: array - orchestratorVersion: - description: |- - OrchestratorVersion: As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes - version. The node pool version must have the same major version as the control plane. The node pool minor version must - be within two minor versions of the control plane version. The node pool version cannot be greater than the control - plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). - type: string - osDiskSizeGB: - maximum: 2048 - minimum: 0 - type: integer - osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). - enum: - - Ephemeral - - Managed - type: string - osSKU: - description: 'OsSKU: Specifies an OS SKU. This value must not be specified if OSType is Windows.' - enum: - - CBLMariner - - Ubuntu - type: string - osType: - description: 'OsType: The operating system type. The default is Linux.' - enum: - - Linux - - Windows - type: string - owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource - properties: - armId: - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - name: - description: This is the name of the Kubernetes resource to reference. - type: string - type: object - podSubnetIDReference: - description: |- - PodSubnetIDReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more - details). This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' - type: string - scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. - enum: - - Deallocate - - Delete - type: string - scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' - enum: - - Regular - - Spot - type: string - spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) - type: number - tags: - additionalProperties: - type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' - type: object - type: - description: 'Type: The type of Agent Pool.' - enum: - - AvailabilitySet - - VirtualMachineScaleSets - type: string - upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' - properties: - maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade - type: string - type: object - vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions - type: string - vnetSubnetIDReference: - description: |- - VnetSubnetIDReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - required: - - owner - type: object - status: - properties: - availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. - items: - type: string - type: array - conditions: - description: 'Conditions: The observed state of the resource' - items: - description: Condition defines an extension to status (an observation) of a resource - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human readable message indicating details about the transition. This field may be empty. - type: string - observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. - type: string - severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown - type: string - status: - description: Status of the condition, one of True, False, or Unknown. - type: string - type: - description: Type of condition. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. - type: integer - enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' - type: boolean - enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption - type: boolean - enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. - type: boolean - enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. - type: boolean - enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' - type: boolean - gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' - type: string - id: - description: 'Id: Resource ID.' - type: string - kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' - properties: - allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' - items: - type: string - type: array - containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. - type: integer - containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' - type: integer - cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' - type: boolean - cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. - type: string - cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. - type: string - failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' - type: boolean - imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' - type: integer - imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' - type: integer - podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' - type: integer - topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. - type: string - type: object - kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. - type: string - linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' - properties: - swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' - type: integer - sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' - properties: - fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' - type: integer - fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' - type: integer - fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' - type: integer - fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' - type: integer - kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' - type: integer - netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' - type: integer - netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' - type: integer - netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' - type: integer - netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' - type: integer - netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' - type: integer - netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' - type: integer - netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' - type: integer - netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' - type: string - netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' - type: integer - netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' - type: integer - netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' - type: integer - netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' - type: integer - netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' - type: integer - netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' - type: integer - netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' - type: integer - netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' - type: integer - netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' - type: boolean - netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' - type: integer - netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' - type: integer - netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' - type: integer - vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' - type: integer - vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' - type: integer - vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' - type: integer - type: object - transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). - type: string - transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). - type: string - type: object - maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' - type: integer - maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' - type: integer - minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' - type: integer - mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools - type: string - name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' - type: string - nodeImageVersion: - description: 'NodeImageVersion: The version of node image' - type: string - nodeLabels: - additionalProperties: - type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' - type: object - nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} - type: string - nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' - items: - type: string - type: array - orchestratorVersion: - description: |- - OrchestratorVersion: As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes - version. The node pool version must have the same major version as the control plane. The node pool minor version must - be within two minor versions of the control plane version. The node pool version cannot be greater than the control - plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). - type: string - osDiskSizeGB: - type: integer - osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). - type: string - osSKU: - description: 'OsSKU: Specifies an OS SKU. This value must not be specified if OSType is Windows.' - type: string - osType: - description: 'OsType: The operating system type. The default is Linux.' - type: string - podSubnetID: - description: |- - PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is - of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - type: string - powerState: - description: 'PowerState: Describes whether the Agent Pool is Running or Stopped' - properties: - code: - description: 'Code: Tells whether the cluster is Running or Stopped' - type: string - type: object - properties_type: - description: 'PropertiesType: The type of Agent Pool.' - type: string - provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' - type: string - proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' - type: string - scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. - type: string - scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' - type: string - spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) - type: number - tags: - additionalProperties: - type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' - type: object - type: - description: 'Type: Resource type' - type: string - upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' - properties: - maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade - type: string - type: object - vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions - type: string - vnetSubnetID: - description: |- - VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, - this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - type: string - name: v1api20210501storage - schema: - openAPIV3Schema: - description: |- - Storage version of v1api20210501.ManagedClustersAgentPool - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Storage version of v1api20210501.ManagedClusters_AgentPool_Spec - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - availabilityZones: - items: - type: string - type: array - azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. - type: string - count: - type: integer - enableAutoScaling: - type: boolean - enableEncryptionAtHost: - type: boolean - enableFIPS: - type: boolean - enableNodePublicIP: - type: boolean - enableUltraSSD: - type: boolean - gpuInstanceProfile: - type: string - kubeletConfig: - description: |- - Storage version of v1api20210501.KubeletConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowedUnsafeSysctls: - items: - type: string - type: array - containerLogMaxFiles: - type: integer - containerLogMaxSizeMB: - type: integer - cpuCfsQuota: - type: boolean - cpuCfsQuotaPeriod: - type: string - cpuManagerPolicy: - type: string - failSwapOn: - type: boolean - imageGcHighThreshold: - type: integer - imageGcLowThreshold: - type: integer - podMaxPids: - type: integer - topologyManagerPolicy: - type: string - type: object - kubeletDiskType: - type: string - linuxOSConfig: - description: |- - Storage version of v1api20210501.LinuxOSConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - swapFileSizeMB: - type: integer - sysctls: - description: |- - Storage version of v1api20210501.SysctlConfig - Sysctl settings for Linux agent nodes. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - fsAioMaxNr: - type: integer - fsFileMax: - type: integer - fsInotifyMaxUserWatches: - type: integer - fsNrOpen: - type: integer - kernelThreadsMax: - type: integer - netCoreNetdevMaxBacklog: - type: integer - netCoreOptmemMax: - type: integer - netCoreRmemDefault: - type: integer - netCoreRmemMax: - type: integer - netCoreSomaxconn: - type: integer - netCoreWmemDefault: - type: integer - netCoreWmemMax: - type: integer - netIpv4IpLocalPortRange: - type: string - netIpv4NeighDefaultGcThresh1: - type: integer - netIpv4NeighDefaultGcThresh2: - type: integer - netIpv4NeighDefaultGcThresh3: - type: integer - netIpv4TcpFinTimeout: - type: integer - netIpv4TcpKeepaliveProbes: - type: integer - netIpv4TcpKeepaliveTime: - type: integer - netIpv4TcpMaxSynBacklog: - type: integer - netIpv4TcpMaxTwBuckets: - type: integer - netIpv4TcpTwReuse: - type: boolean - netIpv4TcpkeepaliveIntvl: - type: integer - netNetfilterNfConntrackBuckets: - type: integer - netNetfilterNfConntrackMax: - type: integer - vmMaxMapCount: - type: integer - vmSwappiness: - type: integer - vmVfsCachePressure: - type: integer - type: object - transparentHugePageDefrag: - type: string - transparentHugePageEnabled: - type: string - type: object - maxCount: - type: integer - maxPods: - type: integer - minCount: - type: integer - mode: - type: string - nodeLabels: - additionalProperties: - type: string - type: object - nodePublicIPPrefixIDReference: - description: |- - NodePublicIPPrefixIDReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - nodeTaints: - items: - type: string - type: array - orchestratorVersion: - type: string - originalVersion: - type: string - osDiskSizeGB: - type: integer - osDiskType: - type: string - osSKU: - type: string - osType: - type: string - owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource - properties: - armId: - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - name: - description: This is the name of the Kubernetes resource to reference. - type: string - type: object - podSubnetIDReference: - description: |- - PodSubnetIDReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more - details). This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - proximityPlacementGroupID: - type: string - scaleSetEvictionPolicy: - type: string - scaleSetPriority: - type: string - spotMaxPrice: - type: number - tags: - additionalProperties: - type: string - type: object - type: - type: string - upgradeSettings: - description: |- - Storage version of v1api20210501.AgentPoolUpgradeSettings - Settings for upgrading an agentpool - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - maxSurge: - type: string - type: object - vmSize: - type: string - vnetSubnetIDReference: - description: |- - VnetSubnetIDReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - required: - - owner - type: object - status: - description: Storage version of v1api20210501.ManagedClusters_AgentPool_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + type: object type: object - availabilityZones: - items: - type: string - type: array - conditions: - items: - description: Condition defines an extension to status (an observation) of a resource - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human readable message indicating details about the transition. This field may be empty. - type: string - observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. - type: string - severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown - type: string - status: - description: Status of the condition, one of True, False, or Unknown. - type: string - type: - description: Type of condition. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - count: - type: integer - enableAutoScaling: - type: boolean - enableEncryptionAtHost: - type: boolean - enableFIPS: - type: boolean - enableNodePublicIP: - type: boolean - enableUltraSSD: - type: boolean - gpuInstanceProfile: - type: string - id: + supportPlan: type: string - kubeletConfig: + systemData: description: |- - Storage version of v1api20210501.KubeletConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + Storage version of v1api20240402preview.SystemData_STATUS + Metadata pertaining to creation and last modification of the resource. properties: $propertyBag: additionalProperties: @@ -47448,37 +38464,29 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - allowedUnsafeSysctls: - items: - type: string - type: array - containerLogMaxFiles: - type: integer - containerLogMaxSizeMB: - type: integer - cpuCfsQuota: - type: boolean - cpuCfsQuotaPeriod: + createdAt: type: string - cpuManagerPolicy: + createdBy: type: string - failSwapOn: - type: boolean - imageGcHighThreshold: - type: integer - imageGcLowThreshold: - type: integer - podMaxPids: - type: integer - topologyManagerPolicy: + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: type: string type: object - kubeletDiskType: + tags: + additionalProperties: + type: string + type: object + type: type: string - linuxOSConfig: + upgradeSettings: description: |- - Storage version of v1api20210501.LinuxOSConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + Storage version of v1api20240402preview.ClusterUpgradeSettings_STATUS + Settings for upgrading a cluster. properties: $propertyBag: additionalProperties: @@ -47487,12 +38495,10 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - swapFileSizeMB: - type: integer - sysctls: + overrideSettings: description: |- - Storage version of v1api20210501.SysctlConfig_STATUS - Sysctl settings for Linux agent nodes. + Storage version of v1api20240402preview.UpgradeOverrideSettings_STATUS + Settings for overrides when upgrading a cluster. properties: $propertyBag: additionalProperties: @@ -47501,106 +38507,16 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - fsAioMaxNr: - type: integer - fsFileMax: - type: integer - fsInotifyMaxUserWatches: - type: integer - fsNrOpen: - type: integer - kernelThreadsMax: - type: integer - netCoreNetdevMaxBacklog: - type: integer - netCoreOptmemMax: - type: integer - netCoreRmemDefault: - type: integer - netCoreRmemMax: - type: integer - netCoreSomaxconn: - type: integer - netCoreWmemDefault: - type: integer - netCoreWmemMax: - type: integer - netIpv4IpLocalPortRange: - type: string - netIpv4NeighDefaultGcThresh1: - type: integer - netIpv4NeighDefaultGcThresh2: - type: integer - netIpv4NeighDefaultGcThresh3: - type: integer - netIpv4TcpFinTimeout: - type: integer - netIpv4TcpKeepaliveProbes: - type: integer - netIpv4TcpKeepaliveTime: - type: integer - netIpv4TcpMaxSynBacklog: - type: integer - netIpv4TcpMaxTwBuckets: - type: integer - netIpv4TcpTwReuse: + forceUpgrade: type: boolean - netIpv4TcpkeepaliveIntvl: - type: integer - netNetfilterNfConntrackBuckets: - type: integer - netNetfilterNfConntrackMax: - type: integer - vmMaxMapCount: - type: integer - vmSwappiness: - type: integer - vmVfsCachePressure: - type: integer + until: + type: string type: object - transparentHugePageDefrag: - type: string - transparentHugePageEnabled: - type: string - type: object - maxCount: - type: integer - maxPods: - type: integer - minCount: - type: integer - mode: - type: string - name: - type: string - nodeImageVersion: - type: string - nodeLabels: - additionalProperties: - type: string type: object - nodePublicIPPrefixID: - type: string - nodeTaints: - items: - type: string - type: array - orchestratorVersion: - type: string - osDiskSizeGB: - type: integer - osDiskType: - type: string - osSKU: - type: string - osType: - type: string - podSubnetID: - type: string - powerState: + windowsProfile: description: |- - Storage version of v1api20210501.PowerState_STATUS - Describes the Power State of the cluster + Storage version of v1api20240402preview.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. properties: $propertyBag: additionalProperties: @@ -47609,31 +38525,36 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - code: + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: |- + Storage version of v1api20240402preview.WindowsGmsaProfile_STATUS + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: type: string type: object - properties_type: - type: string - provisioningState: - type: string - proximityPlacementGroupID: - type: string - scaleSetEvictionPolicy: - type: string - scaleSetPriority: - type: string - spotMaxPrice: - type: number - tags: - additionalProperties: - type: string - type: object - type: - type: string - upgradeSettings: + workloadAutoScalerProfile: description: |- - Storage version of v1api20210501.AgentPoolUpgradeSettings_STATUS - Settings for upgrading an agentpool + Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfile_STATUS + Workload Auto-scaler profile for the managed cluster. properties: $propertyBag: additionalProperties: @@ -47642,19 +38563,75 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - maxSurge: - type: string + keda: + description: |- + Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + description: Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + addonAutoscaling: + type: string + enabled: + type: boolean + type: object type: object - vmSize: - type: string - vnetSubnetID: - type: string type: object type: object served: true storage: false subresources: status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.9.0 + name: managedclustersagentpools.containerservice.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: azureserviceoperator-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: containerservice.azure.com + names: + kind: ManagedClustersAgentPool + listKind: ManagedClustersAgentPoolList + plural: managedclustersagentpools + singular: managedclustersagentpool + preserveUnknownFields: false + scope: Namespaced + versions: - additionalPrinterColumns: - jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready @@ -47668,12 +38645,12 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20230201 + name: v1api20210501 schema: openAPIV3Schema: description: |- Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: @@ -47712,32 +38689,6 @@ spec: Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer - creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. - properties: - sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object enableAutoScaling: description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean @@ -47772,29 +38723,6 @@ spec: - MIG4g - MIG7g type: string - hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object kubeletConfig: description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: @@ -47982,9 +38910,9 @@ spec: type: string description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object - nodePublicIPPrefixReference: + nodePublicIPPrefixIDReference: description: |- - NodePublicIPPrefixReference: This is of the form: + NodePublicIPPrefixIDReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: @@ -48011,13 +38939,10 @@ spec: type: array orchestratorVersion: description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node + OrchestratorVersion: As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version as the control plane. The node pool minor version must + be within two minor versions of the control plane version. The node pool version cannot be greater than the control + plane version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: @@ -48034,14 +38959,10 @@ spec: - Managed type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + description: 'OsSKU: Specifies an OS SKU. This value must not be specified if OSType is Windows.' enum: - CBLMariner - Ubuntu - - Windows2019 - - Windows2022 type: string osType: description: 'OsType: The operating system type. The default is Linux.' @@ -48062,10 +38983,10 @@ spec: description: This is the name of the Kubernetes resource to reference. type: string type: object - podSubnetReference: + podSubnetIDReference: description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: + PodSubnetIDReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more + details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: @@ -48085,44 +39006,8 @@ spec: description: Name is the Kubernetes name of the resource. type: string type: object - powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded - properties: - code: - description: 'Code: Tells whether the cluster is Running or Stopped' - enum: - - Running - - Stopped - type: string - type: object - proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' - enum: - - Deallocate - - Delete + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' type: string scaleSetEvictionPolicy: description: |- @@ -48172,9 +39057,9 @@ spec: might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string - vnetSubnetReference: + vnetSubnetIDReference: description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + VnetSubnetIDReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: @@ -48195,12 +39080,6 @@ spec: description: Name is the Kubernetes name of the resource. type: string type: object - workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' - enum: - - OCIContainer - - WasmWasi - type: string required: - owner type: object @@ -48262,21 +39141,6 @@ spec: Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer - creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. - properties: - sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' - type: string - type: object - currentOrchestratorVersion: - description: |- - CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be - exactly equal to it. If orchestratorVersion is , this field will contain the full - version being used. - type: string enableAutoScaling: description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean @@ -48305,12 +39169,6 @@ spec: gpuInstanceProfile: description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string - hostGroupID: - description: |- - HostGroupID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). - type: string id: description: 'Id: Resource ID.' type: string @@ -48512,13 +39370,10 @@ spec: type: array orchestratorVersion: description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node + OrchestratorVersion: As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes + version. The node pool version must have the same major version as the control plane. The node pool minor version must + be within two minor versions of the control plane version. The node pool version cannot be greater than the control + plane version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: @@ -48530,9 +39385,7 @@ spec: OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + description: 'OsSKU: Specifies an OS SKU. This value must not be specified if OSType is Windows.' type: string osType: description: 'OsType: The operating system type. The default is Linux.' @@ -48544,10 +39397,7 @@ spec: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded + description: 'PowerState: Describes whether the Agent Pool is Running or Stopped' properties: code: description: 'Code: Tells whether the cluster is Running or Stopped' @@ -48562,9 +39412,6 @@ spec: proximityPlacementGroupID: description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' type: string - scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' - type: string scaleSetEvictionPolicy: description: |- ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is @@ -48610,9 +39457,6 @@ spec: this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string - workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' - type: string type: object type: object served: true @@ -48632,13 +39476,13 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20230201storage + name: v1api20210501storage schema: openAPIV3Schema: description: |- - Storage version of v1api20230201.ManagedClustersAgentPool + Storage version of v1api20210501.ManagedClustersAgentPool Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: @@ -48659,7 +39503,7 @@ spec: metadata: type: object spec: - description: Storage version of v1api20230201.ManagedClusters_AgentPool_Spec + description: Storage version of v1api20210501.ManagedClusters_AgentPool_Spec properties: $propertyBag: additionalProperties: @@ -48679,39 +39523,6 @@ spec: type: string count: type: integer - creationData: - description: |- - Storage version of v1api20230201.CreationData - Data used when creating a target resource from a source resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object enableAutoScaling: type: boolean enableEncryptionAtHost: @@ -48724,32 +39535,9 @@ spec: type: boolean gpuInstanceProfile: type: string - hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object kubeletConfig: description: |- - Storage version of v1api20230201.KubeletConfig + Storage version of v1api20210501.KubeletConfig See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: @@ -48788,7 +39576,7 @@ spec: type: string linuxOSConfig: description: |- - Storage version of v1api20230201.LinuxOSConfig + Storage version of v1api20210501.LinuxOSConfig See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: @@ -48802,7 +39590,7 @@ spec: type: integer sysctls: description: |- - Storage version of v1api20230201.SysctlConfig + Storage version of v1api20210501.SysctlConfig Sysctl settings for Linux agent nodes. properties: $propertyBag: @@ -48886,9 +39674,9 @@ spec: additionalProperties: type: string type: object - nodePublicIPPrefixReference: + nodePublicIPPrefixIDReference: description: |- - NodePublicIPPrefixReference: This is of the form: + NodePublicIPPrefixIDReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: @@ -48937,10 +39725,10 @@ spec: description: This is the name of the Kubernetes resource to reference. type: string type: object - podSubnetReference: + podSubnetIDReference: description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: + PodSubnetIDReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more + details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: @@ -48960,42 +39748,7 @@ spec: description: Name is the Kubernetes name of the resource. type: string type: object - powerState: - description: |- - Storage version of v1api20230201.PowerState - Describes the Power State of the cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - type: object - proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - scaleDownMode: + proximityPlacementGroupID: type: string scaleSetEvictionPolicy: type: string @@ -49011,7 +39764,7 @@ spec: type: string upgradeSettings: description: |- - Storage version of v1api20230201.AgentPoolUpgradeSettings + Storage version of v1api20210501.AgentPoolUpgradeSettings Settings for upgrading an agentpool properties: $propertyBag: @@ -49026,9 +39779,9 @@ spec: type: object vmSize: type: string - vnetSubnetReference: + vnetSubnetIDReference: description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + VnetSubnetIDReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: @@ -49049,13 +39802,11 @@ spec: description: Name is the Kubernetes name of the resource. type: string type: object - workloadRuntime: - type: string required: - owner type: object status: - description: Storage version of v1api20230201.ManagedClusters_AgentPool_STATUS + description: Storage version of v1api20210501.ManagedClusters_AgentPool_STATUS properties: $propertyBag: additionalProperties: @@ -49113,23 +39864,6 @@ spec: type: array count: type: integer - creationData: - description: |- - Storage version of v1api20230201.CreationData_STATUS - Data used when creating a target resource from a source resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - sourceResourceId: - type: string - type: object - currentOrchestratorVersion: - type: string enableAutoScaling: type: boolean enableEncryptionAtHost: @@ -49142,13 +39876,11 @@ spec: type: boolean gpuInstanceProfile: type: string - hostGroupID: - type: string id: type: string kubeletConfig: description: |- - Storage version of v1api20230201.KubeletConfig_STATUS + Storage version of v1api20210501.KubeletConfig_STATUS See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: @@ -49187,7 +39919,7 @@ spec: type: string linuxOSConfig: description: |- - Storage version of v1api20230201.LinuxOSConfig_STATUS + Storage version of v1api20210501.LinuxOSConfig_STATUS See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: @@ -49201,7 +39933,7 @@ spec: type: integer sysctls: description: |- - Storage version of v1api20230201.SysctlConfig_STATUS + Storage version of v1api20210501.SysctlConfig_STATUS Sysctl settings for Linux agent nodes. properties: $propertyBag: @@ -49309,7 +40041,7 @@ spec: type: string powerState: description: |- - Storage version of v1api20230201.PowerState_STATUS + Storage version of v1api20210501.PowerState_STATUS Describes the Power State of the cluster properties: $propertyBag: @@ -49328,8 +40060,6 @@ spec: type: string proximityPlacementGroupID: type: string - scaleDownMode: - type: string scaleSetEvictionPolicy: type: string scaleSetPriority: @@ -49344,7 +40074,7 @@ spec: type: string upgradeSettings: description: |- - Storage version of v1api20230201.AgentPoolUpgradeSettings_STATUS + Storage version of v1api20210501.AgentPoolUpgradeSettings_STATUS Settings for upgrading an agentpool properties: $propertyBag: @@ -49361,8 +40091,6 @@ spec: type: string vnetSubnetID: type: string - workloadRuntime: - type: string type: object type: object served: true @@ -49382,12 +40110,12 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20230202preview + name: v1api20230201 schema: openAPIV3Schema: description: |- Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: @@ -49421,9 +40149,6 @@ spec: AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn't have to be. type: string - capacityReservationGroupID: - description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' - type: string count: description: |- Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) @@ -49458,12 +40183,6 @@ spec: enableAutoScaling: description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean - enableCustomCATrust: - description: |- - EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a - daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded - certificates into node trust stores. Defaults to false. - type: boolean enableEncryptionAtHost: description: |- EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, @@ -49689,12 +40408,6 @@ spec: maxPods: description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer - messageOfTheDay: - description: |- - MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of - the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., - will be printed raw and not be executed as a script). - type: string minCount: description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer @@ -49706,75 +40419,6 @@ spec: - System - User type: string - networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' - properties: - allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' - items: - description: The port range. - properties: - portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. - maximum: 65535 - minimum: 1 - type: integer - portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. - maximum: 65535 - minimum: 1 - type: integer - protocol: - description: 'Protocol: The network protocol of the port.' - enum: - - TCP - - UDP - type: string - type: object - type: array - applicationSecurityGroupsReferences: - description: |- - ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when - created. - items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: array - nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' - items: - description: Contains the IPTag associated with the object. - properties: - ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' - type: string - tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' - type: string - type: object - type: array - type: object nodeLabels: additionalProperties: type: string @@ -49809,13 +40453,14 @@ spec: type: array orchestratorVersion: description: |- - OrchestratorVersion: Both patch version and are supported. When is - specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same - once it has been created will not trigger an upgrade, even if a newer patch version is available. As a - best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version - must have the same major version as the control plane. The node pool minor version must be within two minor versions of - the control plane version. The node pool version cannot be greater than the control plane version. For more information - see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: maximum: 2048 @@ -49832,12 +40477,10 @@ spec: type: string osSKU: description: |- - OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or - Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is - deprecated. + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. enum: - CBLMariner - - Mariner - Ubuntu - Windows2019 - Windows2022 @@ -49994,19 +40637,9 @@ spec: description: Name is the Kubernetes name of the resource. type: string type: object - windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' - properties: - disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. - type: boolean - type: object workloadRuntime: description: 'WorkloadRuntime: Determines the type of workload a node can run.' enum: - - KataMshvVmIsolation - OCIContainer - WasmWasi type: string @@ -50022,9 +40655,6 @@ spec: items: type: string type: array - capacityReservationGroupID: - description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' - type: string conditions: description: 'Conditions: The observed state of the resource' items: @@ -50085,19 +40715,13 @@ spec: type: object currentOrchestratorVersion: description: |- - CurrentOrchestratorVersion: If orchestratorVersion was a fully specified version , this field will be - exactly equal to it. If orchestratorVersion was , this field will contain the full + CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be + exactly equal to it. If orchestratorVersion is , this field will contain the full version being used. type: string enableAutoScaling: description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean - enableCustomCATrust: - description: |- - EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a - daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded - certificates into node trust stores. Defaults to false. - type: boolean enableEncryptionAtHost: description: |- EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, @@ -50299,12 +40923,6 @@ spec: maxPods: description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer - messageOfTheDay: - description: |- - MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of - the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., - will be printed raw and not be executed as a script). - type: string minCount: description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer @@ -50316,48 +40934,6 @@ spec: name: description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string - networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' - properties: - allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' - items: - description: The port range. - properties: - portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. - type: integer - portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. - type: integer - protocol: - description: 'Protocol: The network protocol of the port.' - type: string - type: object - type: array - applicationSecurityGroups: - description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' - items: - type: string - type: array - nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' - items: - description: Contains the IPTag associated with the object. - properties: - ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' - type: string - tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' - type: string - type: object - type: array - type: object nodeImageVersion: description: 'NodeImageVersion: The version of node image' type: string @@ -50378,13 +40954,14 @@ spec: type: array orchestratorVersion: description: |- - OrchestratorVersion: Both patch version and are supported. When is - specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same - once it has been created will not trigger an upgrade, even if a newer patch version is available. As a - best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version - must have the same major version as the control plane. The node pool minor version must be within two minor versions of - the control plane version. The node pool version cannot be greater than the control plane version. For more information - see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer @@ -50396,9 +40973,8 @@ spec: type: string osSKU: description: |- - OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or - Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is - deprecated. + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. type: string osType: description: 'OsType: The operating system type. The default is Linux.' @@ -50476,15 +41052,6 @@ spec: this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string - windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' - properties: - disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. - type: boolean - type: object workloadRuntime: description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string @@ -50507,13 +41074,13 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20230202previewstorage + name: v1api20230201storage schema: openAPIV3Schema: description: |- - Storage version of v1api20230202preview.ManagedClustersAgentPool + Storage version of v1api20230201.ManagedClustersAgentPool Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-02-02-preview/managedClusters.json + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: @@ -50534,7 +41101,7 @@ spec: metadata: type: object spec: - description: Storage version of v1api20230202preview.ManagedClusters_AgentPool_Spec + description: Storage version of v1api20230201.ManagedClusters_AgentPool_Spec properties: $propertyBag: additionalProperties: @@ -50552,13 +41119,11 @@ spec: AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn't have to be. type: string - capacityReservationGroupID: - type: string count: type: integer creationData: description: |- - Storage version of v1api20230202preview.CreationData + Storage version of v1api20230201.CreationData Data used when creating a target resource from a source resource. properties: $propertyBag: @@ -50591,8 +41156,6 @@ spec: type: object enableAutoScaling: type: boolean - enableCustomCATrust: - type: boolean enableEncryptionAtHost: type: boolean enableFIPS: @@ -50628,7 +41191,7 @@ spec: type: object kubeletConfig: description: |- - Storage version of v1api20230202preview.KubeletConfig + Storage version of v1api20230201.KubeletConfig See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: @@ -50667,7 +41230,7 @@ spec: type: string linuxOSConfig: description: |- - Storage version of v1api20230202preview.LinuxOSConfig + Storage version of v1api20230201.LinuxOSConfig See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: @@ -50681,7 +41244,7 @@ spec: type: integer sysctls: description: |- - Storage version of v1api20230202preview.SysctlConfig + Storage version of v1api20230201.SysctlConfig Sysctl settings for Linux agent nodes. properties: $propertyBag: @@ -50757,87 +41320,10 @@ spec: type: integer maxPods: type: integer - messageOfTheDay: - type: string minCount: type: integer mode: type: string - networkProfile: - description: |- - Storage version of v1api20230202preview.AgentPoolNetworkProfile - Network settings of an agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowedHostPorts: - items: - description: |- - Storage version of v1api20230202preview.PortRange - The port range. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - portEnd: - type: integer - portStart: - type: integer - protocol: - type: string - type: object - type: array - applicationSecurityGroupsReferences: - items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: array - nodePublicIPTags: - items: - description: |- - Storage version of v1api20230202preview.IPTag - Contains the IPTag associated with the object. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - ipTagType: - type: string - tag: - type: string - type: object - type: array - type: object nodeLabels: additionalProperties: type: string @@ -50918,7 +41404,7 @@ spec: type: object powerState: description: |- - Storage version of v1api20230202preview.PowerState + Storage version of v1api20230201.PowerState Describes the Power State of the cluster properties: $propertyBag: @@ -50967,7 +41453,7 @@ spec: type: string upgradeSettings: description: |- - Storage version of v1api20230202preview.AgentPoolUpgradeSettings + Storage version of v1api20230201.AgentPoolUpgradeSettings Settings for upgrading an agentpool properties: $propertyBag: @@ -51005,28 +41491,13 @@ spec: description: Name is the Kubernetes name of the resource. type: string type: object - windowsProfile: - description: |- - Storage version of v1api20230202preview.AgentPoolWindowsProfile - The Windows agent pool's specific profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - disableOutboundNat: - type: boolean - type: object workloadRuntime: type: string required: - owner type: object status: - description: Storage version of v1api20230202preview.ManagedClusters_AgentPool_STATUS + description: Storage version of v1api20230201.ManagedClusters_AgentPool_STATUS properties: $propertyBag: additionalProperties: @@ -51039,8 +41510,6 @@ spec: items: type: string type: array - capacityReservationGroupID: - type: string conditions: items: description: Condition defines an extension to status (an observation) of a resource @@ -51088,7 +41557,7 @@ spec: type: integer creationData: description: |- - Storage version of v1api20230202preview.CreationData_STATUS + Storage version of v1api20230201.CreationData_STATUS Data used when creating a target resource from a source resource. properties: $propertyBag: @@ -51105,8 +41574,6 @@ spec: type: string enableAutoScaling: type: boolean - enableCustomCATrust: - type: boolean enableEncryptionAtHost: type: boolean enableFIPS: @@ -51123,7 +41590,7 @@ spec: type: string kubeletConfig: description: |- - Storage version of v1api20230202preview.KubeletConfig_STATUS + Storage version of v1api20230201.KubeletConfig_STATUS See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: @@ -51162,7 +41629,7 @@ spec: type: string linuxOSConfig: description: |- - Storage version of v1api20230202preview.LinuxOSConfig_STATUS + Storage version of v1api20230201.LinuxOSConfig_STATUS See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: @@ -51176,7 +41643,7 @@ spec: type: integer sysctls: description: |- - Storage version of v1api20230202preview.SysctlConfig_STATUS + Storage version of v1api20230201.SysctlConfig_STATUS Sysctl settings for Linux agent nodes. properties: $propertyBag: @@ -51252,71 +41719,12 @@ spec: type: integer maxPods: type: integer - messageOfTheDay: - type: string minCount: type: integer mode: type: string name: type: string - networkProfile: - description: |- - Storage version of v1api20230202preview.AgentPoolNetworkProfile_STATUS - Network settings of an agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowedHostPorts: - items: - description: |- - Storage version of v1api20230202preview.PortRange_STATUS - The port range. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - portEnd: - type: integer - portStart: - type: integer - protocol: - type: string - type: object - type: array - applicationSecurityGroups: - items: - type: string - type: array - nodePublicIPTags: - items: - description: |- - Storage version of v1api20230202preview.IPTag_STATUS - Contains the IPTag associated with the object. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - ipTagType: - type: string - tag: - type: string - type: object - type: array - type: object nodeImageVersion: type: string nodeLabels: @@ -51343,7 +41751,7 @@ spec: type: string powerState: description: |- - Storage version of v1api20230202preview.PowerState_STATUS + Storage version of v1api20230201.PowerState_STATUS Describes the Power State of the cluster properties: $propertyBag: @@ -51378,7 +41786,7 @@ spec: type: string upgradeSettings: description: |- - Storage version of v1api20230202preview.AgentPoolUpgradeSettings_STATUS + Storage version of v1api20230201.AgentPoolUpgradeSettings_STATUS Settings for upgrading an agentpool properties: $propertyBag: @@ -51395,21 +41803,6 @@ spec: type: string vnetSubnetID: type: string - windowsProfile: - description: |- - Storage version of v1api20230202preview.AgentPoolWindowsProfile_STATUS - The Windows agent pool's specific profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - disableOutboundNat: - type: boolean - type: object workloadRuntime: type: string type: object @@ -58724,7 +49117,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.14.0 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.8.0 + app.kubernetes.io/version: v2.9.0 name: natgateways.network.azure.com spec: conversion: @@ -59340,7 +49733,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.14.0 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.8.0 + app.kubernetes.io/version: v2.9.0 name: privateendpoints.network.azure.com spec: conversion: @@ -60577,7 +50970,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.14.0 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.8.0 + app.kubernetes.io/version: v2.9.0 name: resourcegroups.resources.azure.com spec: conversion: @@ -60909,7 +51302,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.14.0 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.8.0 + app.kubernetes.io/version: v2.9.0 name: virtualnetworks.network.azure.com spec: conversion: @@ -61654,7 +52047,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.14.0 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.8.0 + app.kubernetes.io/version: v2.9.0 name: virtualnetworkssubnets.network.azure.com spec: conversion: diff --git a/config/aso/kustomization.yaml b/config/aso/kustomization.yaml index c8eb518d673..b2edbd45157 100644 --- a/config/aso/kustomization.yaml +++ b/config/aso/kustomization.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component namespace: capz-system resources: -- https://github.com/Azure/azure-service-operator/releases/download/v2.8.0/azureserviceoperator_v2.8.0.yaml +- https://github.com/Azure/azure-service-operator/releases/download/v2.9.0/azureserviceoperator_v2.9.0.yaml - crds.yaml - settings.yaml diff --git a/go.mod b/go.mod index e88898ba8e6..1f82994e5e6 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcehealth/armresourcehealth v1.3.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 github.com/Azure/azure-sdk-for-go/sdk/tracing/azotel v0.4.0 - github.com/Azure/azure-service-operator/v2 v2.8.0 + github.com/Azure/azure-service-operator/v2 v2.9.0 github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d @@ -199,7 +199,7 @@ require ( golang.org/x/sync v0.8.0 // indirect golang.org/x/sys v0.26.0 // indirect golang.org/x/term v0.25.0 // indirect - golang.org/x/time v0.5.0 // indirect + golang.org/x/time v0.6.0 // indirect golang.org/x/tools v0.24.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect diff --git a/go.sum b/go.sum index f8952f4cf71..9a09415a85d 100644 --- a/go.sum +++ b/go.sum @@ -31,8 +31,8 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservicefleet/armc github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservicefleet/armcontainerservicefleet v1.2.0/go.mod h1:cRpu2cTog53IQ4d/KUwZxDnwoxcwxcSO+jllIiUdLkA= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/cosmos/armcosmos v1.0.0 h1:Fv8iibGn1eSw0lt2V3cTsuokBEnOP+M//n8OiMcCgTM= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/cosmos/armcosmos v1.0.0/go.mod h1:Qpe/qN9d5IQ7WPtTXMRCd6+BWTnhi3sxXVys6oJ5Vho= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dataprotection/armdataprotection/v3 v3.0.0 h1:U5kTYUBpSwd4lrzXIh4grgRPcbu6TMv2BS0kUGS9oIE= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dataprotection/armdataprotection/v3 v3.0.0/go.mod h1:leRley5f3YKGJgPojFeSMVHqnjkn6RSUfxaan229UpA= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dataprotection/armdataprotection/v3 v3.1.0 h1:Yj6NV1y8Deg7leXETiM9gJ+peM9DxhLR3GmppUSH+a0= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dataprotection/armdataprotection/v3 v3.1.0/go.mod h1:4lNPcTKG4Zgad7aiZBmvLfIMX47eqr5BFzDjC4zggKU= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/eventgrid/armeventgrid v1.0.0 h1:w6b0+FygDpqM7g5cjbeyPoBzgxVHwwt2vCUvTz1oFY8= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/eventgrid/armeventgrid v1.0.0/go.mod h1:t8kRpcgm+RdImuJgHG6SfoQ0tpb9LGl7MF1E6u0yeeA= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/eventhub/armeventhub v1.2.0 h1:+dggnR89/BIIlRlQ6d19dkhhdd/mQUiQbXhyHUFiB4w= @@ -79,8 +79,8 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/subscription/armsubscripti github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/subscription/armsubscription v1.2.0/go.mod h1:qskvSQeW+cxEE2bcKYyKimB1/KiQ9xpJ99bcHY0BX6c= github.com/Azure/azure-sdk-for-go/sdk/tracing/azotel v0.4.0 h1:RTTsXUJWn0jumeX62Mb153wYXykqnrzYBYDeHp0kiuk= github.com/Azure/azure-sdk-for-go/sdk/tracing/azotel v0.4.0/go.mod h1:k4MMjrPHIEK+umaMGk1GNLgjEybJZ9mHSRDZ+sDFv3Y= -github.com/Azure/azure-service-operator/v2 v2.8.0 h1:BcyB8LvRmtgVIIUaXwWIJz5eHvknyno0qq5LkDuvM/s= -github.com/Azure/azure-service-operator/v2 v2.8.0/go.mod h1:ezbJS56PcORFFqLV8XZmM9xZ12m6aGAkg353fQhWD/8= +github.com/Azure/azure-service-operator/v2 v2.9.0 h1:I8mzcN79Urc+Z/+zNwrfjfK8WS3tVHoWr9QIwbiEarI= +github.com/Azure/azure-service-operator/v2 v2.9.0/go.mod h1:4j0Vk2JkLDGDdLWotWVLof7+laRkoxTA6apc39AH/5A= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= @@ -348,8 +348,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/leanovate/gopter v0.2.9 h1:fQjYxZaynp97ozCzfOyOuAGOU4aU/z37zf/tOujFk7c= -github.com/leanovate/gopter v0.2.9/go.mod h1:U2L/78B+KVFIx2VmW6onHJQzXtFb+p5y3y2Sh+Jxxv8= +github.com/leanovate/gopter v0.2.11 h1:vRjThO1EKPb/1NsDXuDrzldR28RLkBflWYcU9CvzWu4= +github.com/leanovate/gopter v0.2.11/go.mod h1:aK3tzZP/C+p1m3SPRE4SYZFGP7jjkuSI4f7Xvpt0S9c= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= @@ -627,8 +627,8 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= -golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= -golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= +golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= diff --git a/main.go b/main.go index 85243d554f5..2c1b98e0bcd 100644 --- a/main.go +++ b/main.go @@ -26,7 +26,6 @@ import ( // +kubebuilder:scaffold:imports asocontainerservicev1api20210501 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20210501" asocontainerservicev1api20230201 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20230201" - asocontainerservicev1api20230202preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20230202preview" asocontainerservicev1api20230315preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20230315preview" asocontainerservicev1api20231001 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" asocontainerservicev1api20231102preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231102preview" @@ -87,7 +86,6 @@ func init() { _ = asocontainerservicev1api20231001.AddToScheme(scheme) _ = asonetworkv1api20220701.AddToScheme(scheme) _ = asonetworkv1api20201101.AddToScheme(scheme) - _ = asocontainerservicev1api20230202preview.AddToScheme(scheme) _ = asocontainerservicev1api20230315preview.AddToScheme(scheme) _ = asocontainerservicev1api20231102preview.AddToScheme(scheme) _ = asocontainerservicev1api20240402preview.AddToScheme(scheme)